Tech Salsa

There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.

It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.

What the regsvr.exe virus does?

•    This worm creates folders and a registry entry to enable its automatic execution at every system startup.

•    This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.

•    It also creates Autorun.inf file for its auto execution.

Solution to fix the problem:

1.    If the task manager and registry editor is disabled then we need to enable them first. Read this post.

2.    Delete the Autorun.inf file created by the virus. Read this post to know how to do that.

3.    Now type msconfig in the Run dialog and click on startup tab.

4.    Look for regsvr and uncheck any options, click OK.

5.    Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.

6.    Type regedit in the Run dialog to open the registry editor.

7.    Click on Edit -> Find and search for regsvr.exe

8.    Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).

9.    Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.

10.    Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).

Reboot the system for changes to take place.