Steps to Remove regsvr.exe Virus
There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.
It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.
What the regsvr.exe virus does?
• This worm creates folders and a registry entry to enable its automatic execution at every system startup.
• This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.
• It also creates Autorun.inf file for its auto execution.
Solution to fix the problem:
1. If the task manager and registry editor is disabled then we need to enable them first. Read this post.
2. Delete the Autorun.inf file created by the virus. Read this post to know how to do that.
3. Now type msconfig in the Run dialog and click on startup tab.
4. Look for regsvr and uncheck any options, click OK.
5. Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.
6. Type regedit in the Run dialog to open the registry editor.
7. Click on Edit -> Find and search for regsvr.exe
8. Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).
9. Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.
10. Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).
Reboot the system for changes to take place.
You May Also Like to Read
November 22nd, 2008 at 6:46 am
thanx!!!!!!!
it works
December 16th, 2008 at 1:13 am
Thanks alot ! it really worked. keep up the good work.
January 29th, 2009 at 12:44 pm
give your solution
February 2nd, 2009 at 7:57 pm
man, u rock !!!
March 1st, 2009 at 12:52 am
I try u r solution up to step 9 but i am not able to find the virus regsvr.exe explain in #10. so when i reboot system the problem remain continues…plz help
March 1st, 2009 at 1:00 am
@vinod
first make sure that you have removed the virus from the startup processes (explained in steps 3 and 4), after doing this you wont see virus running after reboot.
Now step 10 says to manually delete the virus regsvr.exe from the system32 folder which will be visible only if you uncheck the option of “Hide Protected System Files and Folders” inside Tools->Folder Options->View tab, below the Show hidden files and folder option.
March 9th, 2009 at 10:06 am
thanksssssssssssssss yaar……it works
now my pc works smoothly….
March 21st, 2009 at 11:26 am
Thank you very much. Its working.
March 26th, 2009 at 6:01 am
tried it but cant see the file regsvr.exe in the system32 folder. even when i have unchecked the box. its is only turning up the regsvr32.exe file.
April 2nd, 2009 at 7:49 pm
Thanks a lot..It really worked.
April 4th, 2009 at 4:47 am
Hi, My computer is running win XP SP2 32 Bit,2 GB RAM, Initially my PC data transfer rate was very fast it used to transfer 1 GB of data within 7-10 min, I am using internet for past 1 year also anti virus Net protector licence version.
It do detect virus and clean it but later on my system idle performence goes to 80-95 %. i also see regsvr.exe,NMBGO~exe,google~exe, i removed/unchecked them through startup but they boots up with the system restart, because of which now my computer transfer 600 MB data upto 60 mins…….please explain the reason …….my antivirus company cant help me about it they say no virus…….is there..please help me to undesrstand it…
April 4th, 2009 at 12:17 pm
its nice to get the th trick to kill the virus manually,its interesting playing with viruses.i dont use any antivirus deals it by manually only thaks for providing the tricks
April 4th, 2009 at 7:58 pm
@ImranKhan
there must be the viruses, to remove them boot in the safe mode and remove them from startup, hard disk and registry (search the entries if you do not know where to look for them). May be this helps.
April 25th, 2009 at 6:01 pm
i tried all the steps but after making all the hidden folders to show i can only find regsvr32 and noot regsvr.exe
what else can i try , u are my only hope
April 25th, 2009 at 7:15 pm
@Reuben
If you didnt find regsvr.exe then dont worry just follow the steps 9 and 10 after it as these are the important steps that will actually fix the problem.
Also i would advise you to search “regsvr” in regedit to see more results.
May 14th, 2009 at 12:57 am
Brilliant, your instructions worked a treat thanks.
Now I just need a way to clean up my register which is a mess, without purchasing commercial software- any suggestioins here?
May 14th, 2009 at 1:06 am
@Rich
Thanks buddy! Oh yes, you could try CCleaner ( http://www.ccleaner.com/ ) or RegCleaner ( http://www.worldstart.com/weekly-download/programs/regcleaner.exe ). Both are great and i use them too.
June 4th, 2009 at 9:36 am
regsvr.exe - No Disk Error found
provide solution
June 6th, 2009 at 8:13 pm
sir, I HAVE SAME PROBLEM FOR THE PAST ONE WEEK, I THINK ITS
VIRUS AND SEARCH THE REGSVR.EXE ACTUALLY BUT IT HAS NOT BEEN FOUND AND I TYPE PREFETCH IN RUN AND FOUND REGSVR32.EXE, I HAVE MISTAKEN AND DELETED IT AND FROM RECYCLE BIN ALSO BY MISTAKE, CAN YOU HELP ME TO RESTORE REGSVR32.EXE IF ITS IMPORTANT EXE FILE,(THIS HAS HAPPENED BEFORE I NOTICE THE VIRUS INFORMATION IN YOUR SITE)CAN YOU HELP ME IN THIS REGARD AND I AM HAVING AVG AND REGCLEANER AND REGCLEANER NOT COMPLETED WITH THIS VIRUS AND NOT SCAN THE COMPUTER FULLY PL HELP AND PROVIDE A SOLTUTION
June 7th, 2009 at 2:34 am
@J.G.BABU
Export the same file from your friends computer and import it in yours
June 7th, 2009 at 12:36 pm
restore all.reg is not working
pls look into and give solution
June 9th, 2009 at 8:04 pm
too good
June 10th, 2009 at 12:43 pm
I tried your solution, but when I tried to open the regedit I get a message “Registry editing has been disabled by your administrator” What am I suppose to do??????
June 10th, 2009 at 3:32 pm
@Abhiram
see this post
http://techsalsa.com/enable-the-registry-editor-task-manager-and-folder-options-disabled-by-virus/
June 11th, 2009 at 10:31 am
Thanks a lot dude!!!
June 25th, 2009 at 11:13 pm
thankss a lot bro!!!
it really worked!!!!
its easter all over again!!
cheers!
July 14th, 2009 at 2:07 pm
Dear Sir,
It seems I’ve a severe virus on my laptop , which disables task manager , registry editor , folder options, command prompt,group policy editor , msconfig, even accessing control panel , and when running any exe file , It gives the following error message “This operation has been cancelled due to restrictions in effect on this computer”.
When I downloaded the restrictions removal tool (RRT free trial tool), It worked for the 1st time , but no longer works.
I also have tried deleting any malicious and suspicious AT.exe even hidden as AT1.exe does not exist , but no effect.
I also tried deleting regsvr.exe , but really it copies itself again and again even with Shift+ Del.
I’m running Windows XP SP3 with processor of ( 2 GHZ core due , RAM 512 MHZ , Hard Disk 100 GB)
Please , provide me with any suggestions and thanks in advance.
Best Regards,
Tamer
July 14th, 2009 at 6:49 pm
@Tamer El-Shimy
Try everything in the safe mode. The virus will not create itself there
July 15th, 2009 at 7:30 am
Thanks a lot… it did the trick
July 24th, 2009 at 8:53 pm
I want remove virus from restored folder in root , how to remove that virus from restore.
July 24th, 2009 at 10:17 pm
@Prasad V Apte
Either delete the file manually from System Value Information folder in the drive (Hidden by default) or just turn off the restore points (better option).
August 17th, 2009 at 9:05 am
i’ve got dual boot of linux and windows in my system. my hobby is collecting viruses and now i am quarantining those virus in my linux os. if u have linux and windows in dual boot u can easily remove viruses!
August 21st, 2009 at 9:32 am
Thank you very much
You have done a great job
It fixed the problem in my PC too
August 25th, 2009 at 9:51 am
hey buddy i cannot find the regsvr in the startup tab in the system configuration utility can u plzz help me from this out and provide alternate solution
August 25th, 2009 at 10:13 am
hey i have got on from the steps 5 and there is no message at the startup for the regsvr.exe so this means that the virus is removed or not
September 12th, 2009 at 2:22 pm
i m not able to open command prompt
so that i can do the removal of regsvr.exe from my laptop plz do help me how can i do this
at my mail id
akshurai@gmail.com
September 12th, 2009 at 2:25 pm
is there any anti virus which can remove this
m not able to open any thing in my laptop it is showing msg
window is not able to open this do file association in control panel
September 16th, 2009 at 1:04 pm
superb!!!!!!!!!!!!!
September 27th, 2009 at 10:36 pm
This website has the best solutions of all the common problems of pc’s !
Thanx Admin !
October 20th, 2009 at 1:53 pm
very goooooooooooooooooddddddddddddddddddddddddddddddd. it worked
November 12th, 2009 at 8:35 pm
hi! buddy you have saved my computer thanks a lot you rock!.
November 13th, 2009 at 12:02 pm
its nice solution to remove regsvr.exe virus thanks a lot
November 20th, 2009 at 10:03 pm
Hey man …It Really Works… Thanks A lot.
I followed your steps and able to remove the virus from my PC which earlier wasnt detected by my anti virus…. Keep updating such information on Net.
November 24th, 2009 at 5:07 pm
Hi all,
I have developed a Software that automatically looks after the system and removes the autorun.inf file, if exists, when a pendrive is inserted. And also, at every startup, it a program runs and will look after the registry for any known entries are made to the run key. If so, it deletes the file regarding the key and also the entry to the registry. Please check this once at: http://naga-barri.blogspot.com/2009/11/systemcleanerforwindows.html
I think you will enjoy this project. Based on your comments, I will further enhance it to have a better performance.
December 27th, 2009 at 2:16 pm
Thanks for the tip. It did help in getting rid of the annoying regsvr.exe from my pc.
January 10th, 2010 at 8:50 pm
Thanks a lot!!!
It really works!!!!!!!!!
January 16th, 2010 at 10:39 pm
oh thanks a lot yar itz grt
March 3rd, 2010 at 10:21 pm
Hi, cant find autorun.inf file, tried it using cmd and also manually, what can i do???
March 18th, 2010 at 2:24 am
“hi…….
have you post any other topic….
this was fantastic & i liked it as you tell us
history and chemistry about it..
thax……
plz rply soon..
I missed 1 thing to ask..
can i have your e-mail address…
Plz..:) :-0
March 18th, 2010 at 5:53 pm
@unknown
Yes you can have my email id
fundoorajat@yahoo.com
this was already mentioned in the “contact” page
April 20th, 2010 at 8:14 pm
I have a problem.
I tried running the “msconfig” from the “run” but when I click OK, “msconfig doesn’t start at all.
I think that it’s the virus that disabling the “msconfig to start.
Please help me!!
April 29th, 2010 at 10:52 pm
thanks a lot!! finally free of regsvr.exe ghost.
May 4th, 2010 at 12:27 am
i did all steps to remove regsvr.exe bt in last in system32 no regsvr.exe found n i coudnt delete it???
May 7th, 2010 at 4:05 pm
Good day
Hope you are well
Your solution helped!!
Thanks
May 12th, 2010 at 2:19 pm
i am daily remove this from Task Manager because of this Virus eat my PC Speed and my PC Run very slow.
but now i am find this post, now remove permanently.
thanks, lots of thanks.
July 21st, 2010 at 10:41 pm
how to remove recycler virus from pc
July 26th, 2010 at 11:23 am
thank y soo much its working