How to remove the regsvr virus
Most antivirus programs identify regsvr.exe as malware, for example Symantec identifies it as W32.Imaut.AA or W32.Imaut, and TrendMicro identifies it as PE_SALITY.EM or WORM_DELF.FKZ.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.
Regsvr.exe file information
The process Microsoft Corparation has no valid information about its manufacturer.
Description: The file regsvr.exe is located in the folder C:\Windows\System32 or sometimes in a subfolder of "C:\Program Files".
Known file sizes on Windows 7/XP are 617,343 bytes (21% of all occurrences), 807,388 bytes and 32 more variants.
There is no information about the author of the file. It is not a Windows system file. Program starts upon Windows startup (see Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. The file is an unknown file in the Windows folder. regsvr.exe is able to record inputs, monitor applications and manipulate other programs. Therefore the technical security rating is 77% dangerous, however also read the users reviews.
Recommended: Identify regsvr.exe related errors
If regsvr.exe is located in the folder C:\Windows, the security rating is 76% dangerous. The file size is 14,832 bytes (33% of all occurrences), 14,838 bytes and 6 more variants. The process has no file description. The program has no visible window. File regsvr.exe is located in the Windows folder, but it is not a Windows core file. The file is not a Windows system file. regsvr.exe is able to hide itself, monitor applications, manipulate other programs and record inputs.
If regsvr.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 65% dangerous. The file size is 6,511,616 bytes (25% of all occurrences), 617,472 bytes, 635,259 bytes or 13,179,660 bytes. There is no information about the author of the file. The program has no visible window. The program starts upon Windows startup (see Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). The file is not a Windows core file. regsvr.exe is able to record inputs, monitor applications and manipulate other programs.
External information from Paul Collins:
There are different files with the same name:
- "DHCP Server" definitely not required. Added by the RBOT-PR WORM!
- "regsvr" definitely not required.
Important: Some malware camouflages itself as regsvr.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the regsvr.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.
wolfs (further information)
Bruce Falk (further information)
beng (further information) (further information)
arjun thomas ow/ cornscoop ent
Ravi (further information)
Akim (further information)
Aaden (further information)
Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.
MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.
SpeedUpMyPC scans, cleans, repairs and optimizes your computer.
hplamp.exe unikeynt.exe logmon.exe regsvr.exe clipsrv.exe msgagt.exe contextmenuext.dll hpswp_framework.dll scheduler daemon.exe exploreextpdf.dll winrar.exe [all]