locked
reader_s.exe is a terrible virus and cannot be removed with any of the virus programs I tried RRS feed

  • General discussion

  • Tried many solutions but none worked.

    This is a very well written virus and is impossible to destroy or remove from a machine.

    Virus is spread via executing a executable on network drive or pluging in a thumb drive into an infected machine and then pluging same thumb drive into non-infected machine. It even runs in safe mode without networking. It looks like if you run in safe mode and remove virus and reboot that virus is gone, but it comes back as soon as you enable networking.

    If you try to delete virus the virus montors this and moves location of executable to another directory. Virus has at least 2 parts. One that runs as part of svchost, and reader_s.exe. It seems there is another part that somehow runs when you plug in network cable even though your hard drive appears clean to virus scanners.

    It appears as if microsoft has fixed the second infection route in latest updates for windows xp

    vista and windows 7 do not seem to get virus because virus writes to protected area which is not allowed in vista and windows7

    Only solution is to backup system, format hard drive and reinstall operating system. Do not execute any restored executables until you run a virus scan like (malwarebytes) on all files restored.

    Virus creates an autorun.ini which executes an executable. These are hidden, protected os files so they do not show up normally. Plug thumb drive into mac to see if thumb drive, camera, ipod, etc are infected.

    This virus downloads other viruses from internet and causes computer to send spam shutting down your outbound mail server.

    some of the virus scanners crashed os so os would not boot.

    I hope someone comes up with a solution that does not require reformating hard drive. I had to scan 25 computer and restore os to 4 machines. Total man hours (48)

    virus solutions that failed
    malwarebytes
    symantic version 9.0 enterprise
    stopzilla
    http://www.virusremovalguru.com/?p=1511
    drweb


    David Talmage
    Wednesday, July 1, 2009 12:07 AM

All replies