regsrv64.exe

Last Updated on Wednesday, 29 May 2013 16:41 Saturday, 29 October 2011 14:24

Trojan - VBKrypt

A file by the name regsrv64.exe is created by a computer virus program that affects the computers running on the Microsoft windows operating systems. It's analysis report is given below

The virus installer creates these files regsrv64.exe, Ccxaxc.exe. The name  regsrv64.exe is a malicious name created to resemble to another legitimate file named regsvr64.exe. The file regsvr64.exe is a file/process belonging to Codeplex. Regsvr64 is a developer tool that simplifies registration of COM DLLs across platforms.

There is another legitimate file regsvr32.exe created by Microsoft. Regsvr32 tool (Regsvr32.exe) is used to register and unregister OLE controls such as DLL or ActiveX Controls (OCX) files that are self-registerable. However regsvr64.exe is not created by Microsoft. But it is created by a third party software developer codeplex. Whereas regsrv64.exe is a virus file.

Files found - view
%AppData%\1.tmp
%AppData%\2.exe
%AppData%\regsrv64.exe
%AppData%\Ccxaxc.exe

(You can also find file size, md5, sha-1 info on the above link) 

(Full path for the short folder names)

Tip: Look for reports of latest virus samples using this file name on threatexpert.com search

There may be more files created by this virus program. You can find them out. First locate and note down the "date of creation" of regsrv64.exe, or any of the files mentioned above, and after that, search the hard disk for other files created on that date or onward. See image

Necessary steps required to remove this virus program

• To remove processes created by the virus program from the Task Manager
• To search and delete files created by the virus program from the hard disk. Enable to view "hidden files and folders" before you search. Otherwise files created by the virus program inside the hidden folders will not be found
• To remove obsolete registry keys using CCleaner