Steps to Remove regsvr.exe Virus
There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.
It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.
What the regsvr.exe virus does?
• This worm creates folders and a registry entry to enable its automatic execution at every system startup.
• This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.
• It also creates Autorun.inf file for its auto execution.
Solution to fix the problem:
1. If the task manager and registry editor is disabled then we need to enable them first. Read this post.
2. Delete the Autorun.inf file created by the virus. Read this post to know how to do that.
3. Now type msconfig in the Run dialog and click on startup tab.
4. Look for regsvr and uncheck any options, click OK.
5. Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.
6. Type regedit in the Run dialog to open the registry editor.
7. Click on Edit -> Find and search for regsvr.exe
8. Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).
9. Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.
10. Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).
Reboot the system for changes to take place.
You May Also Like to Read
- Steps to remove Vamsoft.exe Easily
- Steps to Remove C:\resycled\ntldr.com is not a valid Win32 Application Error
- [Solved] Windows cannot find regsvr.exe
- Remove ntde1ect.com or avpo.exe virus easily
- Steps to Remove W32.SillyFDC Virus
- Steps to Remove DriveGuard.exe or FlashGuard.exe Virus
- Remove Happy Birthday virus easily
- Remove and Clean Brontok Virus
- Not Able to Remove Virus Even After Format?
- Steps to Remove W32.Hacktool.Rootkit Virus
November 22nd, 2008 at 6:46 am
thanx!!!!!!!
it works
December 16th, 2008 at 1:13 am
Thanks alot ! it really worked. keep up the good work.
January 29th, 2009 at 12:44 pm
give your solution
February 2nd, 2009 at 7:57 pm
man, u rock !!!
March 1st, 2009 at 12:52 am
I try u r solution up to step 9 but i am not able to find the virus regsvr.exe explain in #10. so when i reboot system the problem remain continues…plz help
March 1st, 2009 at 1:00 am
@vinod
first make sure that you have removed the virus from the startup processes (explained in steps 3 and 4), after doing this you wont see virus running after reboot.
Now step 10 says to manually delete the virus regsvr.exe from the system32 folder which will be visible only if you uncheck the option of “Hide Protected System Files and Folders” inside Tools->Folder Options->View tab, below the Show hidden files and folder option.
March 9th, 2009 at 10:06 am
thanksssssssssssssss yaar……it works
now my pc works smoothly….
March 21st, 2009 at 11:26 am
Thank you very much. Its working.
March 26th, 2009 at 6:01 am
tried it but cant see the file regsvr.exe in the system32 folder. even when i have unchecked the box. its is only turning up the regsvr32.exe file.
April 2nd, 2009 at 7:49 pm
Thanks a lot..It really worked.
April 4th, 2009 at 4:47 am
Hi, My computer is running win XP SP2 32 Bit,2 GB RAM, Initially my PC data transfer rate was very fast it used to transfer 1 GB of data within 7-10 min, I am using internet for past 1 year also anti virus Net protector licence version.
It do detect virus and clean it but later on my system idle performence goes to 80-95 %. i also see regsvr.exe,NMBGO~exe,google~exe, i removed/unchecked them through startup but they boots up with the system restart, because of which now my computer transfer 600 MB data upto 60 mins…….please explain the reason …….my antivirus company cant help me about it they say no virus…….is there..please help me to undesrstand it…
April 4th, 2009 at 12:17 pm
its nice to get the th trick to kill the virus manually,its interesting playing with viruses.i dont use any antivirus deals it by manually only thaks for providing the tricks
April 4th, 2009 at 7:58 pm
@ImranKhan
there must be the viruses, to remove them boot in the safe mode and remove them from startup, hard disk and registry (search the entries if you do not know where to look for them). May be this helps.
April 25th, 2009 at 6:01 pm
i tried all the steps but after making all the hidden folders to show i can only find regsvr32 and noot regsvr.exe
what else can i try , u are my only hope
April 25th, 2009 at 7:15 pm
@Reuben
If you didnt find regsvr.exe then dont worry just follow the steps 9 and 10 after it as these are the important steps that will actually fix the problem.
Also i would advise you to search “regsvr” in regedit to see more results.
May 14th, 2009 at 12:57 am
Brilliant, your instructions worked a treat thanks.
Now I just need a way to clean up my register which is a mess, without purchasing commercial software- any suggestioins here?
May 14th, 2009 at 1:06 am
@Rich
Thanks buddy! Oh yes, you could try CCleaner ( http://www.ccleaner.com/ ) or RegCleaner ( http://www.worldstart.com/weekly-download/programs/regcleaner.exe ). Both are great and i use them too.
June 4th, 2009 at 9:36 am
regsvr.exe - No Disk Error found
provide solution
June 6th, 2009 at 8:13 pm
sir, I HAVE SAME PROBLEM FOR THE PAST ONE WEEK, I THINK ITS
VIRUS AND SEARCH THE REGSVR.EXE ACTUALLY BUT IT HAS NOT BEEN FOUND AND I TYPE PREFETCH IN RUN AND FOUND REGSVR32.EXE, I HAVE MISTAKEN AND DELETED IT AND FROM RECYCLE BIN ALSO BY MISTAKE, CAN YOU HELP ME TO RESTORE REGSVR32.EXE IF ITS IMPORTANT EXE FILE,(THIS HAS HAPPENED BEFORE I NOTICE THE VIRUS INFORMATION IN YOUR SITE)CAN YOU HELP ME IN THIS REGARD AND I AM HAVING AVG AND REGCLEANER AND REGCLEANER NOT COMPLETED WITH THIS VIRUS AND NOT SCAN THE COMPUTER FULLY PL HELP AND PROVIDE A SOLTUTION
June 7th, 2009 at 2:34 am
@J.G.BABU
Export the same file from your friends computer and import it in yours
June 7th, 2009 at 12:36 pm
restore all.reg is not working
pls look into and give solution
June 9th, 2009 at 8:04 pm
too good
June 10th, 2009 at 12:43 pm
I tried your solution, but when I tried to open the regedit I get a message “Registry editing has been disabled by your administrator” What am I suppose to do??????
June 10th, 2009 at 3:32 pm
@Abhiram
see this post
http://techsalsa.com/enable-the-registry-editor-task-manager-and-folder-options-disabled-by-virus/
June 11th, 2009 at 10:31 am
Thanks a lot dude!!!
June 25th, 2009 at 11:13 pm
thankss a lot bro!!!
it really worked!!!!
its easter all over again!!
cheers!