Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Reader_s virus infection?

Started by sVs , Dec 04 2009 02:29 PM

  • Please log in to reply

#1
sVs
Posted 04 December 2009 - 02:29 PM

sVs

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I have a background in IT and computers, but this virus is really stumping me. I have 2 computers, one of them I am on now, the other one has the virus. The other computer has Windows XP too. I noticed Reader_s.exe seems to be launching different .dll and .tmp files that always return with a different name when deleted. Also some of the files associated with the virus are unable to be deleted even in Safe Mode. These files are located in the Windows/system32 folder

The main problem is when the computer is not in safe mode, Opening My Computer or Internet Explorer or clicking the Task Bar causes explorer.exe to crash, and closes those applications.

I've done a lot of looking around at many different websites and I noticed Rorschach helped a few people with this problem such as here: http://www.geekstogo...nd-t258161.html
(I followed along until there was a piece of code for Avenger.exe that was written specifically for that computer.)

The computer got the virus a month ago but up until today the infected computer would restart immediately after loading Windows (Regular and Safe Mode).

I have been able to get into the computer now.

Some things that are happening:
  • Internet Explorer and Firefox crash immediately when launched. I am able to go to My Computer in Safe Mode with Networking and access the internet from the address bar
  • Most anti-virus websites will display "Page cannot be displayed", so the virus seems to be hiding these pages (for example, avg.com)
  • Malwarebytes, HijackThis do not work. When launched the program will close 5 seconds later, and the exe will become corrupted saying "You have insufficient access to this program." I downloaded Inherit.exe and I was able to relaunch these programs, but they still close 5 seconds later.
  • Renaming applications does not seem to help at all.
  • ComboFix setup becomes corrupted and asks me to re-download the application due to Virut, tried redownloading many times
I have deleted all temp files, internet temp files, cookies, the virus persists through safe mode.

I also deleted entries from Regedit for the the startup (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [and RunOnce])



System restore also seems to be disabled. I can get the to the "Confirm Restore Point Selection", but clicking next does not do anything even in Safe Mode. I ran a reg fix from http://www.kellys-ko...storeenable.reg to try and fix the system restore problem, but it did not work for me.

Edited by sVs, 04 December 2009 - 02:34 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP