What is Regsvc.exe

Remote Registry Service - Microsoft(R) Windows (R) 2000 Operating System - Microsoft Corporation

File description

Regsvc.exe with description Remote Registry Service is a process file from company Microsoft Corporation belonging to product Microsoft(R) Windows (R) 2000 Operating System.
The file is digitally signed from Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
We do not recommend removing digitally signed files from Microsoft Windows 2000 Publisher

What is regsvc.exe?
This is the Windows Remote Registry Service. Its purpose is to allow access to the registry of remote computers.

The execution of this process is not essential to the operation of the system; however, as it is a system file, the existence of it is essential to the proper functioning of the system. If you are a home user and do not need the functionality it provides, it is recommended for security reasons that you disable the service. If you need the ability to access a remote registry, however, you should not disable it.

Dangers of regsvc
As this is the name of a legitimate system process, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to that of the legitimate one but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as winmgmt.exe:
  • Troj/IRCBot-ZM (%SystemRoot%\System32)
    • This is a backdoor Trojan and worm that includes an IRC bot that allows an attacker to issue remote commands.
  • Troj/Bdoor-ABO (%SystemRoot%\System32)
    • This is a backdoor Trojan that installs several other pieces of malware on your system.
  • Troj/Dropper-BA (%SystemRoot%\System32)
    • This is a Trojan that installs several other pieces of malware on your system.
  • Trojan/VB-DZN (%SystemRoot%\System32)
  • There is also a known piece of malware with this name that attempts to steal Yahoo! login IDs and passwords.
There will typically be no more than one instance of this process running at any given time. The presence of multiple instances may be indicative of a malware infection.

Common problems
  • This process wants network access, even though I don't have this service enabled!
    • This is typically caused by a malware infection. You should reboot into safe mode to perform a full virus scan.

Automatic startup locations

001 Running Processes
004 All users startup startmenu
010 Installed services

Digital signatures found for this file

24 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service
2 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service
1 Microsoft Windows 2000 Publisher (Europe) - VeriSign Time Stamping Service CA SW1
1 Microsoft Windows 2000 Publisher - VeriSign Time Stamping Service CA SW1

MD5 security rating in our database

19 files (Not yet rated and not signed)
2 files (Safe and not signed)
39 files (Safe and digitally signed)
Some versions of this filename have not yet been checked for safety.
Warning: Some malware might rename itself to regsvc.exe. Always make sure that your file is from a verified publisher.

User ratings for this file

File rating: Average rating of regsvc.exe: by 60 files and users.

Application errors

Fix regsvc.exe application error:  Run a FREE registry scan

User comments

There are no user comments yet for this file.

Please add your comments if you have more information about this file or if you know how to solve regsvc.exe application errors.

File safety :

File security rating :

Are you human? How much is 4+24:

Like this page?

Please support this free service by giving us a Google+1

Browse files by letter


More system processes

regsvc32.exe regsvcdll.exe regsvcs.exe
regsvr.exe regsvr32.exe regsweep.exe
regtickpro.exe regtlib.exe regtlibv12.exe

Lansweeper computer inventory From the creator of Runscanner:

is an automated IT asset management tool. It can quickly scan your computers and has over 250 default reports available.

There is no need to install any agents on the scanned computers, all hardware and software inventory scanning is done by standard build-in functionality.