Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by reader_s.exe How do I remove it?


  • Please log in to reply
4 replies to this topic

#1 Lobotz

Lobotz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 08 March 2009 - 03:23 AM

Hi all!

I've been infected by the a virus called reader_s.exe, which is a Virut variant. Once I figured out what I was infected by I googled how to remove it. Unfortunately it seems that noone has a solution other than a reinstall.

So I reinstalled... only to find that the two external drives I have hooked up to my system were infected as well.
The reinstall was in vain.
I reinstalled again. Installed SuperAntiSpyware, SpyBot and Ad-Aware. Booted up in safe mode and hooked one of the drives up to the system again. SAP and AA both recognized the infection but it was too late. The infection spread to C:.

What do I do?

I simply can't find anyone anywhere mentioning how to remove reader_s.exe successfully.
Maybe someone here can suggest another way to remove the infection from the external drives so that it won't replicate throughout my system?

Thanks in advance for any advice! :thumbsup:

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 08 March 2009 - 11:58 AM

Hello.

Reinstall is not the correct choice. You can reinstall but you have to FORMAT after that.

Posted ImageVirut File Infector Warning

Your system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.

For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine. As of now, security experts suggest that a clean Reinstall then Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state.

Backup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.

Also, try to avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

More information on Virut can be found over here and here

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Lobotz

Lobotz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 08 March 2009 - 02:39 PM

Thanks for your reply!!

After some more googling I found the same info as you in another forum. (http://www.malwarebytes.org/forums/index.php?s=&showtopic=11726&view=findpost&p=59045)
And came back here to post the link for other people with the same problem... only to find that you'd already posted it. *lol*

Anyway, very helpful. Was key to not getting reinfected when I hooked up my external drives. :thumbsup:

(Btw, very nasty bug this. Rootkits and viruses and getting to nasty these days I'm thinking of using Ubuntu on my main computer.)

Thanks again!

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:01 PM

Posted 08 March 2009 - 02:51 PM

Hello.

Yes, format is the best option to make sure you don't get infected and also make suer you don't backup the virus or malware on your external hard-drive.

File infectors has been going around A LOT lately. Below will help you reduce the chance of getting infected again.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbsup:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Abzo

Abzo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 16 March 2010 - 04:41 PM

I was infected with this virus.
follow steps :

1st) uninstall all anti virus and malwares.
2nd) download spyware doctor with antivirus.
from here.

Download
http://rapidshare.com/files/364285234/Spyware.Doctor.7.0.0.513.with.AntiVirus.incl.Serial.rar

install and register it then
start scan find all viruses then it will ask u to fix all errors. do it n restart ur pc.

then install what antivirus u want after u removed that virus..
n make sure ur antivirus is updated version.

Thanks n Regards
Kumaar Dhanva :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users