File Search: 

ThreatExpert's awareness of the file "regsvr.exe":

Across all ThreatExpert reports, the file "regsvr.exe" was mostly identified as a threat.
File "regsvr.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "regsvr.exe"1,976
Number of incidents when this file was found to be a threat1,948
Statistical volume of cases when "regsvr.exe" was a threat99%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "regsvr.exe" is known to be created under the following filenames:
%System%\regsvr.exe
%System%\tapi32init.exe
%System%\winhelp.exe
%Temp%\000510c0_rar\regsvr.exe
%Temp%\0005114d_rar\regsvr.exe
%Temp%\0005117c_rar\regsvr.exe
%Temp%\00054afb_rar\regsvr.exe
%Temp%\00054b49_rar\regsvr.exe
%Temp%\00054ba6_rar\regsvr.exe
%Temp%\00054c52_rar\regsvr.exe
%Temp%\00054d2d_rar\regsvr.exe
%Temp%\00054d8b_rar\regsvr.exe
%Temp%\00055b56_rar\regsvr.exe
%Temp%\00055bd3_rar\regsvr.exe
%Temp%\00055be3_rar\regsvr.exe
%Temp%\00055c12_rar\regsvr.exe
%Temp%\00055c6f_rar\regsvr.exe
%Temp%\00055c7f_rar\regsvr.exe
%Temp%\00055c9e_rar\regsvr.exe
%Temp%\00055cae_rar\regsvr.exe
%Temp%\00055ccd_rar\regsvr.exe
%Temp%\000588de_rar\regsvr.exe
%Temp%\0005891d_rar\regsvr.exe
%Temp%\0005892c_rar\regsvr.exe
%Temp%\00058a46_rar\regsvr.exe
%Temp%\00058ae2_rar\regsvr.exe
%Temp%\00058af2_rar\regsvr.exe
%Temp%\00059523_rar\regsvr.exe
%Temp%\00059542_rar\regsvr.exe
%Temp%\00059581_rar\regsvr.exe
%Temp%\00059590_rar\regsvr.exe
%Temp%\00059830_rar\regsvr.exe
%Temp%\0005989e_rar\regsvr.exe
%Temp%\000598bd_rar\regsvr.exe
%Temp%\000598dc_rar\regsvr.exe
%Temp%\000598fb_rar\regsvr.exe
%Temp%\0005990b_rar\winhelp.exe
%Temp%\0005993a_rar\regsvr.exe
%Temp%\000599c6_rar\winhelp.exe
%Temp%\00059a53_rar\winhelp.exe
%Temp%\00059a63_rar\winhelp.exe
%Temp%\00059ac0_rar\winhelp.exe
%Temp%\00059b6c_rar\winhelp.exe
%Temp%\folder\e drive\regsvr.exe
%Temp%\folder\pen drive\regsvr.exe
%Temp%\new virus\regsvr.exe
%Temp%\regsvr.exe
%Temp%\svchost.exe
%Temp%\virus\regsvr.exe
%Temp%\vv\regsvr.exe
%Windir%\mypic.jpg.exe
%Windir%\regsvr.exe
%Windir%\temp\regsvr.exe
Notes:
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

The file "regsvr.exe" has the following possible countries of origin:
OriginNumber of Incidents
United Kingdom1,924
Germany667
Iran8
Saudi Arabia4

The following threats are known to be associated with the file "regsvr.exe":
Threat AliasNumber of Incidents
Trojan.Win32.Autoit.ci [Kaspersky Lab]992
W32/Sality-AM [Sophos]602
Virus:Win32/Sality.AM [Microsoft]580
W32.Imaut [Symantec]553
Trojan.Autoit [Ikarus]550
WORM_DELF.FKZ [Trend Micro]527
Trojan.Win32.Autoit [Ikarus]466
W32/Sality.gen [McAfee]420
W32/Autorun.worm.cs [McAfee]406
Mal/Airworm-A [Sophos]356
Infostealer [Symantec]334
Worm.Autoit.DU [PC Tools]316
Trojan.Dropper [Symantec]296
Win32/Kashu.B [AhnLab]262
W32/YahLover.worm.gen [McAfee]221
PE_SALITY.EN-1 [Trend Micro]184
Mal/Sohana-A [Sophos]181
W32.Imaut.U [Symantec]176
W32.SillyFDC [Symantec]172
Worm:Win32/Autorun.FH [Microsoft]172
Trojan.Win32.Autoit.eg [Kaspersky Lab]166
Worm.AutoIt.DQ [PC Tools]158
PE_SALITY.EK [Trend Micro]150
WORM_IMAUT.AA [Trend Micro]150
Win32.Sality.AM.Gen [PC Tools]128
W32.Imaut.CN [Symantec]125
W32.Yautoit [Symantec]114
WORM_IMAUT.BY [Trend Micro]114
PE_SALITY.EN [Trend Micro]110
W32/Sality.ag [McAfee]110
Worm.Win32.AutoIt.x [Kaspersky Lab]107
PE_SALITY.JER [Trend Micro]100
Worm.AutoIT.DP [PC Tools]97
Trojan.Autoit.CI.14 [Ikarus]90
W32/YahLover.worm [McAfee]90
Worm.Win32.AutoIt.s [Kaspersky Lab]76
Worm:Win32/Sohanad.V [Microsoft]62
not-a-virus:Monitor.Win32.Ardamax.ae [Kaspersky Lab]57
Win32/Autoit.worm.678913 [AhnLab]56
Worm.Win32.AutoIt [Ikarus]54
Mal/Sohana-B, Mal/Sohana-A [Sophos]50
WORM_DELF.AF [Trend Micro]50
Worm.AutoIt.s [PC Tools]48
W32.Imaut.AA [Symantec]44
W32/Autorun-GG [Sophos]44
W32/Autorun-DB [Sophos]42
Trojan:Win32/Malagent [Microsoft]40
W32/Sality.ah [McAfee]40
Trojan.Autoit [PC Tools]34
not-a-virus:Monitor.Win32.007SpySoft.g [Kaspersky Lab]32
Virus.Win32.Sality.aa [Kaspersky Lab]30
Win32/Sohanad.worm.617343 [AhnLab]30
WORM_IMAUT.HB [Trend Micro]30
Trojan Horse [Symantec]29
PE_SALITY.EM [Trend Micro]26
Win32/Autorun.worm.401408 [AhnLab]26
PWS-IN [McAfee]25
Dropper/Ardamax.627361 [AhnLab]24
not-a-virus:Monitor.Win32.Ardamax.ds [Kaspersky Lab]24
Trojan.PWS.Agent.RCO [PC Tools]22
Trojan-PSW.Win32.Agent.eb [Kaspersky Lab]22
TSPY_SAGIC.X [Trend Micro]22
VirTool:Win32/ModTool.A [Microsoft]22
W32/Autorun.worm.dt [McAfee]22
W32/Sality.ao [McAfee]22
Malware.Imaut [PC Tools]21
W32/Autorun.worm.g [McAfee]20
Virus.Worm.Win32.AutoIt.s [Ikarus]18
Win-Trojan/Agent.616960.E [AhnLab]16
Mal/Generic-A [Sophos]14
Mal/Sality-B [Sophos]14
WORM_IMAUT.CL [Trend Micro]14
W32/LibHack-A [Sophos]13
W32/Autorun.worm.bm [McAfee]12
WORM_IMAUT.Q [Trend Micro]12
Trojan.Autoit!sd6 [PC Tools]10
Virus.Win32.Sality.z [Kaspersky Lab]10
Virus.Win32.Virut.ce [Kaspersky Lab]10
W32/Sality.an [McAfee]10
W32/Scribble-B [Sophos]10
Win32/Sohanad.worm.268288 [AhnLab]10
Win32/Virut.F [AhnLab]10
Win-Trojan/Autorun.616609 [AhnLab]10
Worm.AutoIt!sd6 [PC Tools]10
WORM_EMBEDDED.CG [Trend Micro]10
Backdoor.Win32.Agent.afrf [Kaspersky Lab]8
Downloader.gen.a [McAfee]8
Email-Worm.Win32.Runouce.b [Kaspersky Lab]8
Mal/Autorun-B [Sophos]8
PE_Chir.B [Trend Micro]8
PE_PARITE.A [Trend Micro]8
Virus.Win32.Parite.b [Kaspersky Lab]8
Virus:Win32/Parite.B [Microsoft]8
Virus:Win32/Sality.AH [Microsoft]8
W32/Autorun.worm.f [McAfee]8
W32/Chir.b@MM [McAfee]8
W32/Chir-B [Sophos]8
W32/Parite-B [Sophos]8
W32/Pate.b [McAfee]8
W32/Sality.ad [McAfee]8