English | Deutsch


How to remove the regsvr virus


Most antivirus programs identify regsvr.exe as malware, for example Symantec identifies it as W32.Imaut.AA or W32.Imaut, and TrendMicro identifies it as PE_SALITY.EM or WORM_DELF.FKZ.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.

Click to Run a Free Virus Scan for the regsvr.exe malware


Regsvr.exe file information

The process Microsoft Corparation has no valid information about its manufacturer.

Description: The file regsvr.exe is located in the folder C:\Windows\System32 or sometimes in a subfolder of "C:\Program Files". Known file sizes on Windows 7/XP are 617,343 bytes (21% of all occurrences), 807,388 bytes and 32 more variants. http://www.file.net/process/regsvr.exe.html 
There is no information about the author of the file. It is not a Windows system file. Program starts upon Windows startup (see Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. The file is an unknown file in the Windows folder. regsvr.exe is able to record inputs, monitor applications and manipulate other programs. Therefore the technical security rating is 77% dangerous, however also read the users reviews.

Recommended: Identify regsvr.exe related errors

If regsvr.exe is located in the folder C:\Windows, the security rating is 76% dangerous. The file size is 14,832 bytes (33% of all occurrences), 14,838 bytes and 6 more variants. The process has no file description. The program has no visible window. File regsvr.exe is located in the Windows folder, but it is not a Windows core file. The file is not a Windows system file. regsvr.exe is able to hide itself, monitor applications, manipulate other programs and record inputs.

If regsvr.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 65% dangerous. The file size is 6,511,616 bytes (25% of all occurrences), 617,472 bytes, 635,259 bytes or 13,179,660 bytes. There is no information about the author of the file. The program has no visible window. The program starts upon Windows startup (see Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). The file is not a Windows core file. regsvr.exe is able to record inputs, monitor applications and manipulate other programs.

External information from Paul Collins:
There are different files with the same name:

  • "DHCP Server" definitely not required. Added by the RBOT-PR WORM!
  • "regsvr" definitely not required.

Important: Some malware camouflages itself as regsvr.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the regsvr.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.



Score

User Comments

it seems to take over the computer when it wants to
  Mark  
disables the use of msconfig
   
its not needed by windows and is used mainly as a password/username stealer and it embeds itself deep in your computer
  Wolfs  
its used by hackers to steal your usernames and passwords
  wolfs   (further information)
it disables msconfig and regedit and prevents the use of dos net commands like ping and netstat
   
This is a trojan that takes over and denys regedit, taskman, and gpedit
  Chris  
steals password and disable taskman, regedit and msconfig
  Wendell  
It never gets out of ur pc once its in it.
  Eldo Thomas  
In it's original form it is used through the DOS command prompt to register dll's and more in the windows registry.
  Bruce Falk   (further information)
There is a legitimate windows file called Regsvr.exe, not alll of them are viruses.
  beng   (further information) (further information)
that you need it in order to uninstall a program from add/remove programs
  Johannes Schuermans  
error injecting
   
every time i install a program my firewall asks to allow or deny microsoft register service. It registers the program. I updated an application, and the program was going to delete the program before installing the update but I chose to deny microsoft register server (regsvr32) and the dialog box indicating it would uninstall then reinstall the program went away when i selected the deny microsoft register service. It updated the application without uninstalling it. otherwise I would have had to pay for the upgrade.
  Blitz  
It is a Windows executeable that registers programs in the registry (DLLs).
  Sham  
It is an importent tool to register dll's with windows 2003 servers. To install Ifilter.dlls on sharepoint server for example. But i think its not importent to have store it on a home desktop ....
  Christian R.  
Cannot open and edit the registry when regsvr.exe is running. More than one instance of regsvr is running at the same time and slows down your system.
   
Hey i faced the cpu 100% usage problem just because of this tricky virus regsvr.exe..it stats automatically when you start your machine ,if you wanna get rid out of it.just stop the process in task manager or use NOD 32 antivirus ..it heals the virus ...and this service was create dby Newfolder.exe virus and autorun.inf virus ..so becarefull its most dangerous virus which gives burdon or more load on your CPU ultimatly reduce the permonce of your software and also hardware
  Janardhan  
i also had this spyware on my system. webroot spysweeper couldn't detect it but it detected something named as "regsync" as an adware & removed it from my system that also removed this crap from my system :D. and yeah i'm not advertising for webroot, trust me on this :P
  sepulturahead  
slows down your system, disables regedit, basically it screws ur system.
  manan  
Apart from disabling regedit, msconfig and taskmgr, it also keeps the CPU usage to 100% till its running, thereby making the system very very slow. USe the gpedit.msc to enable taskmgr and then stop regsvr.exe to increases system speed. Only a partial solution, Im still looking for permanent solution!
  Ritvik  
in the startup my system always complains that regsvr.exe is missing!!. if ud ask me this is a system software that is needed for start up!! how ever some viruses have the same registry no to this file so that many people include this as a virus & some anti viruses remeve it!!
  arjun thomas ow/ cornscoop ent  
Its a Worm (WORM_DELF.FKZ) and is spreading mainly through Pen Drives
  Madhura  
It disables msconfig, Taskmon and Regedit
  Rajamani  
it is s Great Harmful thing spreads via PenDrives.
  Ravi   (further information)
no instalation of visual studio if regsvr.exe problem present.
  devender  
when i on the my computer error message come window can not find regsvr.exe go start search this file
  amol  
Its cpu usage is 99%, and the system gets slow..
  rakshit  
It takes maximum % of CPU usage and computer becomes much slower
  Vijay  
it just hiding hidden files and destroying exe files.
  Akim   (further information)
it is located in the folder C:\Windows\,.it is very tough to remove it.It gets started whenever you boot your windows.
  ayush agarwal  
It use 95% to 99% of CPU, which makes it impossible to use any other application on the pc
  Riaan  
The file eats up all ur CPU usage making your machine really slow. Just go to Task manager check the file and press "END PROCESS TREE" This will end the program and restart your machine, things will get back to normal..
  Nadz  
Malewarebytes AntiMalware Program reports that is file is a backdore bot, but when I deleted it my system would not boot normally. I had to restore the system to an earlier point to boot. After the restore I found the file in c:/windows/system32 folder.
  gmb  
it really slows down the pc and freezes some applications
   
Multiple scans revealed this file to contained "Backdoor.bot" trojan
  Spiffy  
regsvr.exe is NOT a system file in 32-bit Windows system. there was a system file in that name in DOS and 16-bit Windows system. the tool which is used to register/unregister a module(*.dll) is called regsvr32.exe and it is located in the Windows\system32 folder in XP/vista. regsvr.exe in a Win32 environment is a process created by many trojan and malwares. the generally corrupt the registry, open in the startup and start svchost.exe process at user level.
  S. Artimus  
because of egsvr.exe utilisation of cpu is increesing very highly
  kiran  
regsvr.exe file not find
  Vicky  
it takes over the pc
  Siva  
regsvr.exe is a virus, will make system as harmful.regsvr32.exe is the original windwos service.
  Bijith  
Due to it i cant install anti-virus, run registry edit and it closes any program that tries to explore its properties let alone open it. I argee with wendel: disable taskman, regedit and msconfig
  Streaker  
It is a trojan horse which sends your keystrokes to an email address.It is made by a program named "Magic PS 1.5 SE ++". It logs the keys you pressed and then send the log file to the email address which was earlier entered by the file creator while making the EXE file. So if you are infected by it install a good antivirus software like Avast antivirus, update it and scan your complete system and when prompt delete it.The best way of finding whether you are infected or not is press Ctrl+Shift+Esc tasm manager will open go to processes tab and look for regsvr.exe(not regsvr32.exe)
  Ashish_The_Gamer  
It disables regedit, taskmaneger. shutsdown my computer
  Ashwin.K  
I ran a scan with a Malware Program which erased it. Now no more problems.
  Aaden   (further information)
regsvr.exe and regsvr32.exe are different things. regsvr.exe is a virus that dampens your system's speed and eat memory, while regsvr32.exe is a windows program and is a reliable one.
  abc  
whenener i open the computer it displays a warning"window connot finfd'regsvr.exe'make sure you have typed correct name,go to search for a file,go to start window and then click search button
  sofi  
it show in my pc while starting pc
  Sachin  
my system is infected by this virus.... and it utilize the system process and my system process become 100% buzy .... tell me plz solution of this.....
  Muhammad Bilal  
use malwarebutes` and super antispyware to remove it...
  BrainWorm  
It has been detected by Norton Internet Security 2010 as a p[otential threat to security and automatically Quanrentined.
  Desikan Srinivasan  
there has been a folder that ussually appears on my flash drive, I think it's a virus
  towbar  
my pc was slow prossecing, so I install avast antiviras, then I scan compleat system, and when restart first massege appear on desktop is something like" regsvr.exe" window connot finfd'regsvr.exe'make sure you have typed correct name,go to search for a file,go to start window and then click search button. but I hav not problem to opperate system till, if found I will tell.
  sachin dakare  
PC freezes. Found c:\windows\SysWow64\regsvr.exe. Combofix Removed. Anti-malware, super- antispyware, NOD32 - all fail.
  Juha  
it disable the desktop
  Paul Roam  
Hackle a machine to a stand still with over-driving the CPU (NOT Overclocking) with fake processes. Shuts down application (or renders them irresponsive), and more than a few times including the entire machine. This is a definition of nuisance. I have tried McAfee, locating it manually- backing up the container-folder and attempt to permanently delete, but the 'funny-thing' keeps finding its way back onto my system. Also attached itself to everything as the other forum users have inicated, these includes all EPRAM device imaginable (they also affect stuff like digi-cam's,portable music-players
  Buddha Seitireng  
my windows can not find this file
  sorooshparker  
format so far is the only solution, backup of your files is still possible so its not that bad, just end process it and backup your important files, then format and reload windows
  Jacques  
i found this regsvr.exe in " c:\windows\regsvr.exe " and McAfee antivirus software didn't detect it. So, i remove McAfee and install Escan. Escan detect all malware , and spyware. I m happy with Escan protection tool.
  Sachin  
it is harmful and cannot be removed easily
   
Rating chart


Summary: Average user rating of regsvr.exe: based on 74 votes with 59 reviews.
18 users think regsvr.exe is essential for Windows or an installed application. 7 users think it's probably harmless. 4 users think it's neither essential nor dangerous. 14 users suspect danger. 31 users think regsvr.exe is dangerous and recommend removing it. 8 users doesn't grade regsvr.exe ("not sure about it").


Do you have additional information?
What do you know about regsvr.exe: 
How do you rate it: 
Link for more info's: 
Your Name: 


Regsvr scanner


Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.


Other processes


regsvr.exe [all]