Regsvr.exe:
Regsvr.exe is identified as a worm that was first detected around 2007-08. This worm is usually detected along with the Newfolder.exe. Similar to the Newfolder.exe, this worm also spreads with the help of pen drives. When the flash drive is inserted into the infected system, the regsvr.exe immediately creates a copy of itself in the USB and also an autorun.inf file with the help of which it can launch in the target's system. This virus is capable of editing the registry and autoexecuting itself at the system startup. It generally resides in the Windows/ system32 directory. However, it can be removed by scanning the pen drive using a good antivirus or simply opening the USB using the Windows Command Prompt. Using a good firewall is recommended to prevent viruses like this one. Anyway, here is a simple manual removal method to this virus.
- The worm launches a process with the names Newfolder.exe, server.exe, AT1.exe. Make sure that you kill these processes first.
- Now go to the control panel -> scheduled tasks, and delete the task of launching this process.
- Traverse to the Windows/ system32 folder and delete the file from there.
- You are almost done. Now go to Start -> Run and type regedit and go to the following location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- Edit Shell ="Explorer.exe regsvr.exe" and delete the regsvr.exe from the registry.
- Now you are free from the virus.
0 comments:
Post a Comment