regedit.exe - Dangerous


Manual removal instructions:

Antivirus Report of %system%\regedit.exe:
%system%\regedit.exe Malware
%system%\regedit.exeHigh Risk
This worm spreads via the Internet, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate.

Copies itself to:

Adds the value: NeroCheck = %system%\regedit.exe
to registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The worm creates the unique identifier _sncZZmtx_133 to show its presence in memory.
The worm connects to TCP port 3127, which has been opened by shimgapi.dll, the backdoor component of Mydoom, to receive commands.
If the infected computer answers the command, then Doomjuice establishes a connection and sends a copy of itself.
The backdoor component of Mydoom accepts the file and executes it.
To determine which IP addresses to attack, the worm uses the following formula: (A.B.C.D) where A,B,C,D is a random numbers.
If the current date is not between the 8th and the 12th of the month and it's not January the worm will launch a DoS attack on the site.

With RegRun Startup Optimizer you can automatical remove it from startup.

Remove regedit.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.