I have a virut (yes, virut.) called reader_s.exe. One of the most annoying things I have confronted in my life. And I was wondering if anyone knew a way to remove it without reformatting. Here is what I have tried:
- MSConfiged it. It re-enables it self.
- Used a program created by Prevx CSI (If you google reader_s.exe, its the first link) to isolate all of the corrupted files, I manually deleted them all and the reader_s.exe file came back.
- When reader_s.exe executes, AVG Free 2008 detects it, and I prompt it to delete the file, but reader_s.exe comes back.
- I have tried system recovery. It doesn't work.
Things I cannot do:
- Log in (used to be able to), because reader_s logs me out.
- Execute a program when I am NOT in safe mode, reader_s stops the process.
- Install programs. I am in safe mode.
- (Prefered) Reformat.
Can anyone come up with a way to root out this virut?
Post has been edited 1 time(s), last time on Mar 23 2009, 9:48 pm by Conspiracy.
None.
Can you remove it in safe mode?
Also:
http://forums.majorgeeks.com/showthread.php?t=35407
TinyMap2 - Latest in map compression! ( 7/09/14 - New build! )
EUD Action Enabler - Lightweight EUD/EPD support! (ChaosLauncher/MPQDraft support!)
EUDDB -
topic - Help out by adding your EUDs! Or Submit reference files in the References tab!
MapSketch - New image->map generator!
EUDTrig -
topic - Quickly and easily convert offsets to EUDs! (extended players supported)
SC2 Map Texture Mask Importer/Exporter - Edit texture placement in an image editor!
This page has been viewed [img]http://farty1billion.dyndns.org/Clicky.php?img.gif[/img] times!
Can you remove it in safe mode?
Yes, but when I log in, it comes back.
And if I use Msconfig, it re-enables itself. I have never seen anything like this.
None.
Download and set up the
Ultimate Boot CD on another computer, and then boot off of it on the broken computer instead of the main OS, that way the virus never runs, and then clean it up using the temporary OS.
Also, I would disconnect my internet if I were you before getting onto the normal operating system again, that way it doesn't just go out and redownload itself.
None.
Online thing says it adds itself to the registry to run or something... You could play in there.
TinyMap2 - Latest in map compression! ( 7/09/14 - New build! )
EUD Action Enabler - Lightweight EUD/EPD support! (ChaosLauncher/MPQDraft support!)
EUDDB -
topic - Help out by adding your EUDs! Or Submit reference files in the References tab!
MapSketch - New image->map generator!
EUDTrig -
topic - Quickly and easily convert offsets to EUDs! (extended players supported)
SC2 Map Texture Mask Importer/Exporter - Edit texture placement in an image editor!
This page has been viewed [img]http://farty1billion.dyndns.org/Clicky.php?img.gif[/img] times!
Download and set up the
Ultimate Boot CD on another computer, and then boot off of it on the broken computer instead of the main OS, that way the virus never runs, and then clean it up using the temporary OS.
Also, I would disconnect my internet if I were you before getting onto the normal operating system again, that way it doesn't just go out and redownload itself.
Thanks falky, but I sadly don't know where my windows disk is.
Online thing says it adds itself to the registry to run or something... You could play in there.
I have eliminated that, I even changed the string data, but when I did, it just decided to re-add it.
None.
Thanks falky, but I sadly don't know where my windows disk is.
You can torrent one, that's what I did, it doesn't need a CD Key.
None.
Have you done anything with this yet?
TinyMap2 - Latest in map compression! ( 7/09/14 - New build! )
EUD Action Enabler - Lightweight EUD/EPD support! (ChaosLauncher/MPQDraft support!)
EUDDB -
topic - Help out by adding your EUDs! Or Submit reference files in the References tab!
MapSketch - New image->map generator!
EUDTrig -
topic - Quickly and easily convert offsets to EUDs! (extended players supported)
SC2 Map Texture Mask Importer/Exporter - Edit texture placement in an image editor!
This page has been viewed [img]http://farty1billion.dyndns.org/Clicky.php?img.gif[/img] times!
Thanks falky, but I sadly don't know where my windows disk is.
You can torrent one, that's what I did, it doesn't need a CD Key.
What do you mean torrent? Isn't that a program? Sadly I don't have any type of torrent, and I can't install it. I maybe able to install it to my flash drive though...
Have you done anything with this yet?[/quote]
Yes, I am trying this.
None.
You don't need to torrent it on the virus'd computer.
None.
What do you mean torrent? Isn't that a program? Sadly I don't have any type of torrent, and I can't install it. I maybe able to install it to my flash drive though...
Yeah, I would recommend
µTorrent as a torrent program, then just google Windows XP CD torrent and you should be able to download an ISO of it with that, and since UBCD uses an ISO, it's perfect.
None.
if you cant install anything to torrent use bitlet, its a java based inbrowser torrent client.
None.
When you're in safe-mode and you go into the registry and delete everything associated with the virus, it shouldn't come back.. That must mean that you missed a file somewhere.
I've gotten nasty malware/virus's before and used a program that showed where each file was in the registry (don't remember the name of the program), went into safe mode and deleted all the files that were on the list and BAM!
They were gone.
So, good luck in your venture.. Better lay off the porn ;-P
None.
When you're in safe-mode and you go into the registry and delete everything associated with the virus, it shouldn't come back.. That must mean that you missed a file somewhere.
I've gotten nasty malware/virus's before and used a program that showed where each file was in the registry (don't remember the name of the program), went into safe mode and deleted all the files that were on the list and BAM!
They were gone.
So, good luck in your venture.. Better lay off the porn ;-P
Or stay on 4chan and cnet for downloads and media ;o
Honestly if you can see a process in your task manager that DOESNT belong, lets say one called scvshost (Theres an extra s in it somewhere), using a more advanced task manager to locate the file is a great start. Also making sure its not an IE toolbar that ISNT is another step to deleting some more pesky ones. Go into IE, Under tools (IE 7) look for manage addons, then enable disable addons. Anything in there that looks fake, disable immediatly.
.riney on Discord.
Riney on Steam (
Steam)
@RineyCat on Twitter
Sure I didn't pop off on SCBW like I wanted to, but I won VRChat. Map maker for life.
You can also try getting Hijackthis. It has a few nifty features such as "delete on bootup". Or something along the lines of that. Try it in safe mode.
When you're in safe-mode and you go into the registry and delete everything associated with the virus, it shouldn't come back.. That must mean that you missed a file somewhere.
Lots of spyware have good protection such as randomized names to stop you from easily removing them by simply deleting stuff.
Have you managed to try anything else mentioned by anyone?
None.
This sounds alot like a virut i just got rid of called sixth meow.exe
it kepot itself runing, if i toke it off startup using msconfig it came back, all it did was make IExplorer run. I found the it, then deleted the folder it was in, hasnt come back yet
None.
When you're in safe-mode and you go into the registry and delete everything associated with the virus, it shouldn't come back.. That must mean that you missed a file somewhere.
Lots of spyware have good protection such as randomized names to stop you from easily removing them by simply deleting stuff.
Have you managed to try anything else mentioned by anyone?
If you would have read my post, you would see that wasn't a problem.
None.
Uh, it still is a problem, seeing as you couldn't provide the program mentioned.
None.