| All comments about regsvc.exe: |
 Alex | Windows Remote Registry Service |
| Carola T | A service that allows access to the Windows registry from remote computers. |
| rob | CHECK: Should be in the c:\windows\System32 folder |
 Mark W. Eversole | It seems to disable internet access, no fix yet in our McAfee |
 Matthias Schulcz | Die REGSVC.EXE (Remote Registry Service) ist ein Systemprozess.Mit dieser kann man von einem anderen Rechner auf die Registry zugreifen und sie bearbeiten. Wer diesen Dienst nicht nutzt (was wohl für die Meisten zutrifft) kann ihn deaktivieren |
 Leslie | It can be used as part of a program being used to take accounts from people using Yahoo Messenger 6.0. |
| evan | its' attacked entry for PC |
| Mike | Discovered this file was placed in a directory other tank system32. This particular version of the file is used to exploit Yahoo IM id's and passwords. |
| N. Ustuner | es hat etwas mit dem registrierungsservice zu tun, es verhindert die Installation von Spielen die nach der Installation eine Registririerung für die techn. Kundendienst (bsp. EA Spiele) |
| Ort | Prozesse voll blockiert ( ohne andere Tasks) siehe Windows Task-Manager |
| | regsvc.exe is a remote regestry service app..if there is no c then kindly have a attention at that file |
 Ashok | it is being used to extract Yahoo id's and passwords used on the infected computer |
| James Ruboyianes | Corporate user, regsvc.exe is necessary for your IT department to maintain your PC. Your IT people should protect against ‘outside’ use. Home user, it can be EXTREAMLY harmful. Some apps and services may require it for proper operation. It gives access to your PC allowing all sorts of damage, AND allows access to any personal information. If you must allow remote access, I recommend not using ANY personal information on the PC, EVER. Unless you are VERY knowledgeable about your PC, you can leave ‘hidden’ info an identity thief can obtain just from you using an On-Line buying service. |
| schnurzlpurzl | REGSVC.EXE im \system32 Verzeichnis ist eine MS Anwendung und dient der Bearbeitung der Registry im Netzwerk. Befindet sich ein REGSVC.EXE Datei im \winnt verzeichnis, handelt es sich mit hoher Wahrscheinlichkeit um den GhostRadmin Trojaner. Aufschluss gibt ein Blick in die Registry. Findet man dort den Schlüssel HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server, mit dem Eintrag "ImagePath", der auf "c:\winnt\regsvc.exe" zeigt, ist ein Befall gewiss. :) |
| Kyaa | Windows Remote Registry Service |
| DISORDER | If it is in c:\windows\system32 then it is OK, but if you have it in c:\windows\system then this is TROJAN, and you must disable this in regedit by clearing coresponding lines (usually 2 keys) and after restart it can be deleted! (that is for Windows XP) |
| dtorres | W2K. Starter utility sees this file in c:\winnt\system\regsvc.exe. Should not be there. Runs in hidden mode. |
| Knows more than the rest of you | if the file is located in the system32 directory: LEAVE IT THERE. it is neccesary for the stable running of your pc. if it's located anywhere else: make a backup, then quarantine it. |
| bob heinbokel | When i try to delete it it says its being used, but when i try to end the proccess it says access denied, just tell me how to get rid of it!!! |
| Walter | trojan when in \system instead of \system32 |
| Volú | Windows Remote Registry Service |
| Barrington | It Prevents acess to my LAN! |
| Chris Wells in Tokyo | Don't know much, but i have 2 on my W2K pc. IF it's NOT supposed to be there, then i'll remove it. i can't tell which one is running in memory. That's a problem i'll need to find out how to solve. This site has helped me to protect my information. THANK YOU |
| Sharan Patil | it seems a virus |
| raj | it exists in both system , system 32 files / gives a access violation warning message while using yahoo messenger |
| MM | Look, removed unused services that are hacker targets. This is required only if you must (with Admin permissions) modify registries remotely, use NetDaig, or use Dcdiag. Most admins use RDP or some other remote access tool when manipulating registries on other machines. As always, disable and test for side-effects from some unexpected (possibly custom) user. |
| Mark Kroehler | The Remote Registry Service is utilized by a number of different native Windows utilities. Disabling it on a server would renender the server pretty much useless when it came to remote management. As for the desktop, while you could safely disable it, you would definitely want to test it, especially in an enterprise environment. |
| Bigeage | wenn kein virenscanner anspringt einfach in der verwaltung unter Dienste abschalten. (Windoof Remote Registry Service) |
 Dennis Colbath | Just disable it. See what happens. If nothing happens delete it. |
| Marc | Its a useful service for managing more machines. PSTools needs this service. See also: Link |
|
|
