The regsvr.exe is most common virus for people who deal with transferring files across PC's using their Pen drives or USB drives. These are the main sources from where this virus travels. Most of the anti virus softwares should detect this virus and delete it but if your system gets infected for some reason get ready to clean it manually.
regsvr.exe virus first creates entries in the startup folders so that it will execute at every startup. It also creates entries in scheduled tasks so as to execute at a specific time and date. And finally it creates autorun.inf files in the root of all the drives, which prevent you from opening these drives.
Here are the steps to get this resvr.exe virus out of your computer.
--- If the virus disables your task manager and registry then you should consider the tips given here to get them back.
--- After that you need to get rid of the autorun.inf file. This file will be hidden so follow these tips here to delete these files.
--- Now type msconfig in start menu --> Run and press enter and uncheck the option that says regsvr. Press ok and dont restart yet.
--- Now go to ControlPanel --> Scheduled tasks and delete the entry At1 which is created by the virus.
--- Now go to registry editor by typing regedit in run dialog box and then to find menu in regedit and search for regsvr.exe and delete all entries except one that say "Explorer.exe regsvr.exe". You need to edit this entry to only remove the regsvr.exe part and leave the other part as it is.
--- Now search your entire system for regsvr.exe and delete any entries you find. Make sure you search within Hidden files & system files also.
--- Reboot your system for the changes to take effect and the virus is gone without any traces.
regsvr.exe virus first creates entries in the startup folders so that it will execute at every startup. It also creates entries in scheduled tasks so as to execute at a specific time and date. And finally it creates autorun.inf files in the root of all the drives, which prevent you from opening these drives.
Here are the steps to get this resvr.exe virus out of your computer.
--- If the virus disables your task manager and registry then you should consider the tips given here to get them back.
--- After that you need to get rid of the autorun.inf file. This file will be hidden so follow these tips here to delete these files.
--- Now type msconfig in start menu --> Run and press enter and uncheck the option that says regsvr. Press ok and dont restart yet.
--- Now go to ControlPanel --> Scheduled tasks and delete the entry At1 which is created by the virus.
--- Now go to registry editor by typing regedit in run dialog box and then to find menu in regedit and search for regsvr.exe and delete all entries except one that say "Explorer.exe regsvr.exe". You need to edit this entry to only remove the regsvr.exe part and leave the other part as it is.
--- Now search your entire system for regsvr.exe and delete any entries you find. Make sure you search within Hidden files & system files also.
--- Reboot your system for the changes to take effect and the virus is gone without any traces.
I used the steps mentioned above to tame and learn about regsvr.exe virus.
ReplyDeleteafter all the steps, i had to search for *.exe files of 604kb and then delete all of them since regsvr.exe mutated very quickly.
the system if it goes beyond a point, will not have GUI available to perform these steps.
Ow the advise given above is excellent.
thanks. it saved some systems.
is there any anti virus which can remove this
ReplyDeletem not able to open any thing in my laptop it is showing msg
window is not able to open this do file association in control panel
Thanks for your helpful article. My PC is back to its former glory yey!
ReplyDelete