Regsvr.exe is a W32.Imaut worm which creates folders and a registry entry to enable its automatic execution at every system startup.It also creates Autorun.inf file for its auto execution.One of its salient feature is, it speards easily into exernal USB harddrives when plugged into the infected system.
: Source code of this Regsvr.exe MediaFire link
- First search for autorun.inf file.It would be in Read Mode normally you need to change it by right clicking the file , selecting the properties and un-check the read only option.
- Now Open the file in notepad and delete everything and save it.
- Change the file status to read only mode so that the virus could not get access again.
- Click on Start->run and type msconfig
- Search for regsvr and uncheck any options, click OK.
- Now goto Control Panel -> Scheduled Tasks, and delete the At 1 task which would be listed here.
- Now type regedit in the Run dialog to open the registry editor.
- Select on Edit -> Find and search for regsvr.exe
- Delete all the occurrences of regsvr.exe
- Now browse to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = Explorer.exe regsvr.exe to delete the regsvr.exe from here also.
- Now finally goto System 32 Folder and search for regsvr.exe. But before that uncheck Hide Protected System Files and Folders for viewing it.
Do leave your comments and any other way to approach this problem, and i will be glad to add that too with this article. Thanks for reading.