Steps to Remove regsvr.exe Virus

There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.

It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.

What the regsvr.exe virus does?

•    This worm creates folders and a registry entry to enable its automatic execution at every system startup.

•    This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.

•    It also creates Autorun.inf file for its auto execution.

Solution to fix the problem:

1.    If the task manager and registry editor is disabled then we need to enable them first. Read this post.

2.    Delete the Autorun.inf file created by the virus. Read this post to know how to do that.

3.    Now type msconfig in the Run dialog and click on startup tab.

4.    Look for regsvr and uncheck any options, click OK.

5.    Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.

6.    Type regedit in the Run dialog to open the registry editor.

7.    Click on Edit -> Find and search for regsvr.exe

8.    Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).

9.    Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.

10.    Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).

Reboot the system for changes to take place.

73 Replies to “Steps to Remove regsvr.exe Virus”

  1. I try u r solution up to step 9 but i am not able to find the virus regsvr.exe explain in #10. so when i reboot system the problem remain continues…plz help

  2. @vinod
    first make sure that you have removed the virus from the startup processes (explained in steps 3 and 4), after doing this you wont see virus running after reboot.
    Now step 10 says to manually delete the virus regsvr.exe from the system32 folder which will be visible only if you uncheck the option of “Hide Protected System Files and Folders” inside Tools->Folder Options->View tab, below the Show hidden files and folder option.

  3. tried it but cant see the file regsvr.exe in the system32 folder. even when i have unchecked the box. its is only turning up the regsvr32.exe file.

  4. Hi, My computer is running win XP SP2 32 Bit,2 GB RAM, Initially my PC data transfer rate was very fast it used to transfer 1 GB of data within 7-10 min, I am using internet for past 1 year also anti virus Net protector licence version.
    It do detect virus and clean it but later on my system idle performence goes to 80-95 %. i also see regsvr.exe,NMBGO~exe,google~exe, i removed/unchecked them through startup but they boots up with the system restart, because of which now my computer transfer 600 MB data upto 60 mins…….please explain the reason …….my antivirus company cant help me about it they say no virus…….is there..please help me to undesrstand it…

  5. its nice to get the th trick to kill the virus manually,its interesting playing with viruses.i dont use any antivirus deals it by manually only thaks for providing the tricks

  6. @ImranKhan
    there must be the viruses, to remove them boot in the safe mode and remove them from startup, hard disk and registry (search the entries if you do not know where to look for them). May be this helps.

  7. i tried all the steps but after making all the hidden folders to show i can only find regsvr32 and noot regsvr.exe
    what else can i try , u are my only hope

  8. @Reuben
    If you didnt find regsvr.exe then dont worry just follow the steps 9 and 10 after it as these are the important steps that will actually fix the problem.
    Also i would advise you to search “regsvr” in regedit to see more results.

  9. Brilliant, your instructions worked a treat thanks.
    Now I just need a way to clean up my register which is a mess, without purchasing commercial software- any suggestioins here?

  10. sir, I HAVE SAME PROBLEM FOR THE PAST ONE WEEK, I THINK ITS
    VIRUS AND SEARCH THE REGSVR.EXE ACTUALLY BUT IT HAS NOT BEEN FOUND AND I TYPE PREFETCH IN RUN AND FOUND REGSVR32.EXE, I HAVE MISTAKEN AND DELETED IT AND FROM RECYCLE BIN ALSO BY MISTAKE, CAN YOU HELP ME TO RESTORE REGSVR32.EXE IF ITS IMPORTANT EXE FILE,(THIS HAS HAPPENED BEFORE I NOTICE THE VIRUS INFORMATION IN YOUR SITE)CAN YOU HELP ME IN THIS REGARD AND I AM HAVING AVG AND REGCLEANER AND REGCLEANER NOT COMPLETED WITH THIS VIRUS AND NOT SCAN THE COMPUTER FULLY PL HELP AND PROVIDE A SOLTUTION

  11. I tried your solution, but when I tried to open the regedit I get a message “Registry editing has been disabled by your administrator” What am I suppose to do??????

  12. Dear Sir,
    It seems I’ve a severe virus on my laptop , which disables task manager , registry editor , folder options, command prompt,group policy editor , msconfig, even accessing control panel , and when running any exe file , It gives the following error message “This operation has been cancelled due to restrictions in effect on this computer”.

    When I downloaded the restrictions removal tool (RRT free trial tool), It worked for the 1st time , but no longer works.

    I also have tried deleting any malicious and suspicious AT.exe even hidden as AT1.exe does not exist , but no effect.

    I also tried deleting regsvr.exe , but really it copies itself again and again even with Shift+ Del.

    I’m running Windows XP SP3 with processor of ( 2 GHZ core due , RAM 512 MHZ , Hard Disk 100 GB)

    Please , provide me with any suggestions and thanks in advance.

    Best Regards,
    Tamer

  13. I want remove virus from restored folder in root , how to remove that virus from restore.

  14. @Prasad V Apte
    Either delete the file manually from System Value Information folder in the drive (Hidden by default) or just turn off the restore points (better option).

  15. i’ve got dual boot of linux and windows in my system. my hobby is collecting viruses and now i am quarantining those virus in my linux os. if u have linux and windows in dual boot u can easily remove viruses!

  16. hey buddy i cannot find the regsvr in the startup tab in the system configuration utility can u plzz help me from this out and provide alternate solution

  17. hey i have got on from the steps 5 and there is no message at the startup for the regsvr.exe so this means that the virus is removed or not

  18. is there any anti virus which can remove this

    m not able to open any thing in my laptop it is showing msg

    window is not able to open this do file association in control panel

  19. Hey man …It Really Works… Thanks A lot.
    I followed your steps and able to remove the virus from my PC which earlier wasnt detected by my anti virus…. Keep updating such information on Net.

  20. Hi all,
    I have developed a Software that automatically looks after the system and removes the autorun.inf file, if exists, when a pendrive is inserted. And also, at every startup, it a program runs and will look after the registry for any known entries are made to the run key. If so, it deletes the file regarding the key and also the entry to the registry. Please check this once at: http://naga-barri.blogspot.com/2009/11/systemcleanerforwindows.html

    I think you will enjoy this project. Based on your comments, I will further enhance it to have a better performance.

  21. “hi…….
    have you post any other topic….
    this was fantastic & i liked it as you tell us
    history and chemistry about it..
    thax……
    plz rply soon..
    I missed 1 thing to ask..
    can i have your e-mail address…
    Plz..:) :-0

Leave a Reply