Regedit.exe is a legitimate process file popularly known as Registry Editor. It is associated with software Microsoft Windows Operating System developed by Microsoft. It is located in C:\Windows\System32 files by default.
Malware programmers write virus files with malicious scripts and save them as regedit.exe with an intention to spread virus on the internet.
Affected Platforms: Windows OS
How to determine if your computer is infected with regedit.exe malware?
Look out for the these symptoms to check if your PC is infected with regedit.exe malware:
- Internet connection is unstable
- regedit.exe occupies extra CPU space
- PC processing speed slows down
- Browser often redirects to irrelevant websites
- You get a lot of unsolicited ads and popups
- Computer screen freezes repeatedly
Take the following steps to diagnose your PC for possible regedit.exe malware attack:
Step 1: Simultaneously press CTRL+ALT+DEL keys to open Task Manager.
Step 2: If you notice the file located outside C:\Program Files, perform an an antivirus scan to get rid of the malware.
How to remove regedit.exe malware from system using Comodo Antivirus?
Step 1: Download the award-winning Free Comodo Antivirus.
Step 2: Select the “Do not detect new networks again” option when Comodo Internet Security internal firewall activates the network detection process.
Step 3: After network detection is over, click on the “Close” button for a scan window.
Step 4: Restart your PC.
Step 5: Wait for Comodo Internet Security to update the antivirus.
Step 6: Proceed with the quick scan that automatically begins after the update.
Step 7: If threats are found during the scanning, you will be notified through an alert screen.
| No. | Company | File Type | SHA1 | MD5 | Malware Name |
Digitally Signed |
File Version |
Product Version |
Submitted From |
Malware Behavior |
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | N/A | Non-executable | 8a9b8fbf9bee28cf 943e692fa6d3bb20 8aabf05d |
34d654255824f7da 5aa4d228f90d9071 |
Unclassified Malware |
No | N/A | N/A |  181.66.169.99/32 |
N/A |
| 2 | Microsoft Corporation | Executable | 6b3e38fe7625ec74 599db29835eb6b76 98d5ddf2 |
2a161e9407c4083f a64029c4347ea15a |
Virus.Win32. Virut.Ce |
No | 5.1.2600.5 512 (xpsp.0804 13-2111) |
5.1.2600.5 512 |
 Egypt |
N/A |
| 3 | N/A | Executable | 8eeaba9e00ea3528 a0402e5c2e886e92 278b981f |
26c901f0a113025e 30afa226f2d13e09 |
TrojWare.Win 32.Trojan.NS PM.~gen |
No | N/A | N/A |  Russian Federation |
N/A |
| 4 | Microsoft Corporation | Executable | 31eb0344cef097be 9a8c7bb4ed5c3da8 9b055554 |
cb15ecc7cc62fe4e 4acef31ba0fdbc1d |
Virus.Win32. Virut.CE |
No | 6.1.7600.1 6385 (win7_rtm. 090713-125 5) |
6.1.7600.1 6385 |
 Nigeria |
N/A |
Poland
Palestinian Territory, Occupied
Portugal
Serbia
Turkey
Hungary
Brazil
United Kingdom
Sudan
Indonesia
Latvia
Ukraine
China
Italy
United Arab Emirates
Venezuela
Australia| No. | Company | File Type | SHA1 | MD5 | Digitally Signed |
File Version |
Product Version |
Submitted From |
|---|---|---|---|---|---|---|---|---|
| 1 | Microsoft Corporation | Executable | c166a63006fc3d45 9ff5cb59a2de1713 6086489e |
acb6949bff49baed d305aa14a17a1223 |
No | 5.2.3790.3 959 (srv03_sp2 _rtm.07021 6-1710) |
5.2.3790.3 959 |
Internal Submission |
| 2 | NewSoft Technology Corporation | Executable | e9626fce6436060f 7f0e2e698e4d4157 7bde442f |
05b4e0474f1b072b 67dd80c8a876af65 |
Yes | 1.0.0 | 1, 0, 0, 0 | 104.238.128.144/32 |
| 3 | Microsoft Corporation | Executable | 4d1756e625a7bc75 5a7ccb9891795720 a33c8b2f |
a04c6f93701f90fc 6f41e21859b4a2e3 |
No | 5.1.2600.1 106 (xpsp1.020 828-1920) |
5.1.2600.1 106 |
Internal Submission |
| 4 | N/A | Non-executable | a784dc225495182e 441cce5377e64d72 2542e621 |
f700825ac36901a0 cdf4d48deeca2ee6 |
No | N/A | N/A |  United States |
Vietnam
Mongolia
Canada
