Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Rapid Reader

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Rapid Reader?

The Malwarebytes research team has determined that Rapid Reader is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Rapid Reader?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

warning2.png

and this type of advertisements:

warning3.png

How did Rapid Reader get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Rapid Reader?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Rapid Reader?
  • No, Malwarebytes' Anti-Malware removes Rapid Reader completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Rapid Reader adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

You will see these signs in a HijackThis log:
O23 - Service: RR 1.10.0.21 Client Service (rrsvc_1.10.0.21) - Rapid Reader - C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe
You may see these signs in FRST logs:
 (Rapid Reader) C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe
 R2 rrsvc_1.10.0.21; C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe [300120 2015-07-28] (Rapid Reader)
 R1 rrfd_vt_1_10_0_21; C:\Windows\System32\drivers\rrfd_vt_1_10_0_21.sys [61320 2015-07-28] (Rapid Reader)
 C:\Program Files (x86)\RapidReader_1.10.0.21
 (Rapid Reader) C:\Windows\system32\Drivers\rrfd_vt_1_10_0_21.sys
 (Rapid Reader) C:\Windows\system32\Drivers\rrfd_vw_1_10_0_21.sys

RapidReader 1.10.0.21 (HKLM-x32\...\RapidReader_1.10.0.21) (Version: 1.10.0.21 - RapidReader)
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21
       Adds the file terms-of-service.rtf"="28/07/2015 19:40, 24234 bytes, A
       Adds the file Uninstall.exe"="28/07/2015 23:45, 314280 bytes, A
    Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses
       Adds the file buildcrx-license.txt"="19/05/2014 21:10, 7074 bytes, A
       Adds the file Info-ZIP-license.txt"="19/05/2014 21:10, 2944 bytes, A
       Adds the file JSON-simple-license.txt"="30/10/2014 02:55, 11558 bytes, A
       Adds the file nsJSON-license.txt"="19/05/2014 21:10, 809 bytes, A
       Adds the file Nustache-license.txt"="30/10/2014 02:55, 1079 bytes, A
       Adds the file TaskScheduler-license.txt"="30/10/2014 02:55, 0 bytes, A
       Adds the file UAC-license.txt"="19/05/2014 21:10, 956 bytes, A
    Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21\Service
       Adds the file rrsvc.exe"="28/07/2015 23:45, 300120 bytes, A
    In the existing folder C:\Windows\System32\drivers
       Adds the file rrfd_vt_1_10_0_21.sys"="28/07/2015 23:45, 61320 bytes, A
       Adds the file rrfd_vw_1_10_0_21.sys"="28/07/2015 23:45, 57736 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RapidReader_1.10.0.21]
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe"
       "DisplayName"="REG_SZ", "RapidReader 1.10.0.21"
       "DisplayVersion"="REG_SZ", "1.10.0.21"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "RapidReader"
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe"
       "URLInfoAbout"="REG_SZ", "http://www.rapidreaderapp.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RapidReader_1.10.0.21]
       "cr-at"="REG_SZ", ""
       "cr-pid"="REG_SZ", ""
       "cr-ver"="REG_SZ", "44.0.2403.155"
       "dbsr"="REG_SZ", "firefox"
       "features"="REG_SZ", "0x01000000"
       "ff-at"="REG_SZ", ""
       "ff-pid"="REG_SZ", ""
       "ff-ver"="REG_SZ", "38.0.5 (x86 en-GB)"
       "hid"="REG_SZ", "1FB0C54E-C74D-AB91-A3A6-1983589F206E"
       "ie-at"="REG_SZ", ""
       "ie-pid"="REG_SZ", ""
       "ie-ver"="REG_SZ", "11.0.9600.17959"
       "iid"="REG_SZ", "00000000-0000-0000-0000-000000000000"
       "itm"="REG_SZ", "2015-08-17T10:01:35Z"
       "nf-at"="REG_SZ", "152FC7A2-21F3-0E86-B082-C9CFE44E5197"
       "nf-pid"="REG_SZ", "1283F2E4-FEAD-485F-9289-1CC82ACB750F"
       "nid"="REG_SZ", "7D5BAFA9-43AD-43BF-9BAE-D2823A38F2CB"
       "osn"="REG_SZ", "Windows 7 Ultimate"
       "ost"="REG_SZ", "x64"
       "osv"="REG_SZ", "6.1.7601"
       "user_sid"="REG_SZ", "S-1-5-21-612512518-1730918975-1677248042-1002"
       "ver"="REG_SZ", "1.10.0.21"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrfd_vt_1_10_0_21]
       "DisplayName"="REG_SZ", "rrfd_vt_1_10_0_21"
       "ErrorControl"="REG_DWORD", 1
       "Group"="REG_SZ", "PNP_TDI"
       "ImagePath"="REG_EXPAND_SZ, "system32\drivers\rrfd_vt_1_10_0_21.sys"
       "Start"="REG_DWORD", 1
       "Tag"="REG_DWORD", 10
       "Type"="REG_DWORD", 1
       "WOW64"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrfd_vt_1_10_0_21\Enum]
       "0"="REG_SZ", "Root\LEGACY_RRFD_VT_1_10_0_21\0000"
       "Count"="REG_DWORD", 1
       "NextInstance"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrsvc_1.10.0.21]
       "Description"="REG_SZ", "This service enables RR 1.10.0.21 on HTTP websites"
       "DisplayName"="REG_SZ", "RR 1.10.0.21 Client Service"
       "ErrorControl"="REG_DWORD", 1
       "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe""
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16
       "WOW64"="REG_DWORD", 1
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/08/2015
Scan Time: 12:09
Logfile: mbamRapidReader.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.17.04
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329812
Time Elapsed: 4 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe, 1528, Delete-on-Reboot, [62862bde6922fa3c983a186ff80d33cd]

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.RapidReader.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrsvc_1.10.0.21, Quarantined, [62862bde6922fa3c983a186ff80d33cd], 
PUP.Optional.RapidReader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RapidReader_1.10.0.21, Quarantined, [2fb9fa0f94f737ffd8fa7f087a8bd927], 
PUP.Optional.RapidReader.A, HKLM\SOFTWARE\WOW6432NODE\RapidReader_1.10.0.21, Quarantined, [6880ce3bb3d8c67075fe961e8f7525db], 
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RRFD_VT_1_10_0_21, Quarantined, [29bfde2babe0fa3ccd14b6f77b89639d], 

Registry Values: 2
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrfd_vt_1_10_0_21|ImagePath, system32\drivers\rrfd_vt_1_10_0_21.sys, Quarantined, [29bfde2babe0fa3ccd14b6f77b89639d]
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrsvc_1.10.0.21|ImagePath, "C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe", Quarantined, [fbed0affef9c9e98bac05f4518ec3dc3]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21, Delete-on-Reboot, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service, Delete-on-Reboot, [856337d2741759ddad705cbb49bab24e], 

Files: 18
PUP.Optional.RapidReader.A, C:\WINDOWS\SYSTEM32\drivers\rrfd_vt_1_10_0_21.sys, Delete-on-Reboot, [19f705642b95208ca9408d84808b7bb3], 
PUP.Optional.RapidReader.A, C:\WINDOWS\SYSTEM32\drivers\rrfd_vw_1_10_0_21.sys, Delete-on-Reboot, [15c10c9b376ee5fb8fe970b991705b92], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe, Delete-on-Reboot, [62862bde6922fa3c983a186ff80d33cd], 
PUP.Optional.RapidReader.A, C:\Users\{username}\Desktop\rapidreader-setup.exe, Quarantined, [1ace09008efdd95dd1012a5d4eb7a15f], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe, Quarantined, [2fb9fa0f94f737ffd8fa7f087a8bd927], 
PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [a84008017b1053e3c0215c3c7292a060], 
PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [22c630d9711a2e081fc2e2b6b450d828], 
PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [697f9871eba0dc5a20c1049436ce7888], 
PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [7573c940f893c96d667bbddbc83ceb15], 
PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [32b6e3262d5e4ee87b6602963bc9867a], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\terms-of-service.rtf, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\buildcrx-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\nsJSON-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\Nustache-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 
PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\UAC-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.