Regsvr.exe is a W32.Imaut worm which creates folders and a registry
entry to enable its automatic execution at every system startup. It also
creates Autorun.inf file for its auto execution. One of its salient
feature is, it speards easily into exernal USB harddrives when plugged
into the infected system.
- First search for autorun.inf file in your "my computer".
It would be in Read Mode normally you need to change it by right
clicking the file, selecting the properties and un-check the read only
option.
- Now Open the file in notepad and clear everything and save it.
- Change the file status to read only mode so that the virus could not get access again.
- Click on Start-> Run and type msconfig
- Search for regsvr and uncheck any options, click OK.
- Now goto Control Panel -> Scheduled Tasks, and delete the At 1 task which would be listed here.
- Now type regedit in the Run dialog to open the registry editor.
- Select on Edit -> Find and search for regsvr.exe
- Delete all the occurrences of regsvr.exe
- Now browse to entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and modify the entry Shell = Explorer.exe regsvr.exe to delete the regsvr.exe from here also.
- Now finally goto System 32 Folder and search for regsvr.exe. But
before that uncheck Hide Protected System Files and Folders for viewing
it.
No comments:
Post a Comment