Remove Virus ( REGSVR.EXE )

Dear All

Found that one virus on most of the systems in office. Tried to remove by using Trend Micro but not got success so tried so many antivirus but failed to remove,  so at last manually removed by following steps 

Symptoms:-(  virus Infections )

This virus affects your system by

Disabling Task Manager

Disabling Registry Editor

Creates a startup entry to start upon system start and Disables Folder Options

Uses your 50% or more processor

In Task manager one process "regsvr.exe" is executing and ustilising appro 50 % CPU  

"newfolder.exe" folder is getting created when browse through any folder

Steps to remove it

1.    If the task manager and registry editor is disabled then we need to enable them first.

Download Zip

Extract the zip and then first Execute regtools.vbs and then remove_task.vbs

2.    Delete the Autorun.inf file created by the virus.

 3.    Now type msconfig in the Run dialog and click on startup tab.

4.    Look for regsvr and uncheck any options, click OK. 5.    Now traverse to control panel -> scheduled tasks, and delete the At1 task that might be listed there.

6.    Type regedit in the Run dialog to open the registry editor.

 7.    Click on Edit -> Find and search for regsvr.exe

 8.    Just delete all the occurrences of regsvr.exe virus (do not confuse it with regsvr32.exe which is not a virus).

9.    Navigate to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = ?Explorer.exe regsvr.exe? to delete the regsvr.exe from it.

10.    Now to actually delete the virus from the system go to system32 folder and delete the regsvr.exe virus file from there (you will need to uncheck the option of ?Hide Protected System Files and Folders? in Folder Options to view the virus file). Reboot the system for changes to take place.


Prashant Deshpande