Virus Removal - regsvr.exe

Infection level : Fatal

Difficulty to solve : High

How to remove :

• auorun.inf

1. search in start menu
2. uncheck read-only option from properties of the file; apply
3. open the file; delete entire text; finally save the empty file
4. open file properties; make it read-only again

• windows search

1. In Windows Explorer goto Organize > Folder and search optons > View > Show hidden files, folders and drives; check & apply
2. search in start menu
3. type "regsvr.exe"
4. delete all the found items

• task scheduler

1. search in start menu
2. click on task schedular library
3. kill "At1" process

• msconfig utility

1. press windows logo key + R; run dialog box will appear
2. type "msconfig"; hit enter
3. switch to startup tab
4. uncheck redundant enteries; apply; restart PC

• regedit

1. search in start menu
2. right click; run as administrator
3. press ctrl + F; find dialog box appears
4. type "regsvr.exe" in Find what field; delete all the found enteries
5. in left pane; go to : HKEY_LOCAL_ MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > Winlogon
6. double click shell ; Edit String dialog box appears
7. change the Value Data to Explorer.exe; restart PC

Tips :

1. You may also go for Safe Mode
2. Press F8 (it may vary with OS) at System Startup before the Windows logo appears to recall Advanced Startup Options including Safe Mode

How it affects the system? ..(disadvantages)

1. Upto 100% CPU usage
2. High load on Processor + fast rotation of CPU fan + System heatup + Battery drains fast + Slow speed of System (performance downs)
3. Tempers with the Windows registry resulting Windows Startup problems + false cross references (sometime garbage values) among applets e.g. invalid administrative privileges + malfunction of the Programs
4. Disables Task manager + Registry Editor
5. Corrupts 3rd party Softwares; they even fail to start; even more if you re-installs a program which got infected earlier, it'll corrupt it again. It has the potential to corrupt running processes too.
6. Network usage increases redundantely. Some additional Network related processes e.g. svhost.exe are added to consume data
7. Windows UAC settings are turned off

End Note

1. It'll impart more headache when you have to mess up with for hours & weeks
2. It certainly offers a though role play for Developers, Virus Researchers & Anti-virus providers
3. Though I eliminated it an year ago when I encountered it for the first time but till few days before I failed to eliminate the virus perfectly even after repeating the entire procedure 2-4 times (2 times in Safe mode)

External Links for references

• How to Remove Regsvr_exe  eHow
• bitdefender w32.sohanad