Steps to Remove regsvr.exe Virus
There are so many types of computer viruses in this world that removing them and finding a specific solution for each of them is a big ask. One such virus that screwed me is regsvr.exe classified as a W32.Imaut worm.
It has become a daily routine that when I plug my pen drive in my college systems (full of all kinds of viruses), it gets infected by the viruses instantly. Though the Anti Virus I use (Symantec) successfully detects and remove them but I feel that I should discuss the steps to remove regsvr.exe virus.
What the regsvr.exe virus does?
• This worm creates folders and a registry entry to enable its automatic execution at every system startup.
• This worm also creates a scheduled task to enable its automatic execution at a specified date and/or time.
• It also creates Autorun.inf file for its auto execution.
Solution to fix the problem:
1. If the task manager and registry editor is disabled then we need to enable them first. Read this.
" Enable the Registry Editor, Task Manager and Folder Options Disabled by Virus
Virus attack is common these days and we often come across the problems like Disabled Folder Options or like Task Manager and Regedit disabled by Administrator. These problems are nothing but virus activities. The virus has infected our system and stopping us from accessing these options.
Pressing keys Ctrl+Alt+Del opens up a dialog saying that “Task Manager has been disabled by your Administrator” whereas you are the Administrator yourself. It becomes very annoying when you think that you can fix this problem by going into the Registry Editor but it doesn’t show up. Even the Folder Options gets disabled.
This problem is generally caused by a virus named “Brontok” but don’t worry just use RRT (Remove Restrictions Tool) that can easily solve this problem. RRT is free and can successfully enable:
1. Folder Options
11. Regedit (Registry Editor)
111. Task Manager
1V. Show Hidden Files option
The tool will come more useful if you use it in Safe Mode.
Download RRT "
2. Delete the Autorun.inf file created by the virus. Read this to know how to do that.
"Common sense says to delete this file but even that is not easy as it possesses system, hidden
and read only attributes. So,
1. First go to cmd, type “attrib X:\Autorun.inf –s –r –h” without quotes where X is your
drive name which is having the problem.
11. Now the file is visible and ready to delete.
111. After deleting the file, close the explorer and open it again or just give a reboot to the
computer, your problem is fixed.
Well this is the best and easy fix available without using any software.
3. Now type msconfig in the Run dialog and click on startup tab.
4. Look for regsvr and uncheck any options, click OK.
5. Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.
6. Type regedit in the Run dialog to open the registry editor.
7. Click on Edit -> Find and search for regsvr.exe
8. Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).
9. Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = “Explorer.exe regsvr.exe” to delete the regsvr.exe from it.
10. Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of “Hide Protected System Files and Folders” in Folder Options to view the virus file).
Reboot the system for changes to take place. "
Windows cannot find regsvr.exe
This is a common error message that comes at the computer startup and is caused by the none other than regsvr.exe virus.
The problem was reported by one of our readers and the solution to fix this problem is very easy.
Steps to solve the problem:
1. We have already discussed how to remove regsvr.exe virus in the past.
2. After you have done that then just make sure to perform the following thing to remove this error message.
3. Open registry editor (type regedit in the run box), Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4. See the entry Shell = “Explorer.exe regsvr.exe” on the right side.
The error message will not come again.
0 comments:
Post a Comment