What is Rapid Reader?
The Malwarebytes research team has determined that Rapid Reader is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Rapid Reader?
You may see this entry in your list of installed programs:
and these warnings during install:
and this type of advertisements:
How did Rapid Reader get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Rapid Reader?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Rapid Reader completely.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Rapid Reader adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O23 - Service: RR 1.10.0.21 Client Service (rrsvc_1.10.0.21) - Rapid Reader - C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exeYou may see these signs in FRST logs:
(Rapid Reader) C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe R2 rrsvc_1.10.0.21; C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe [300120 2015-07-28] (Rapid Reader) R1 rrfd_vt_1_10_0_21; C:\Windows\System32\drivers\rrfd_vt_1_10_0_21.sys [61320 2015-07-28] (Rapid Reader) C:\Program Files (x86)\RapidReader_1.10.0.21 (Rapid Reader) C:\Windows\system32\Drivers\rrfd_vt_1_10_0_21.sys (Rapid Reader) C:\Windows\system32\Drivers\rrfd_vw_1_10_0_21.sys RapidReader 1.10.0.21 (HKLM-x32\...\RapidReader_1.10.0.21) (Version: 1.10.0.21 - RapidReader)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21 Adds the file terms-of-service.rtf"="28/07/2015 19:40, 24234 bytes, A Adds the file Uninstall.exe"="28/07/2015 23:45, 314280 bytes, A Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses Adds the file buildcrx-license.txt"="19/05/2014 21:10, 7074 bytes, A Adds the file Info-ZIP-license.txt"="19/05/2014 21:10, 2944 bytes, A Adds the file JSON-simple-license.txt"="30/10/2014 02:55, 11558 bytes, A Adds the file nsJSON-license.txt"="19/05/2014 21:10, 809 bytes, A Adds the file Nustache-license.txt"="30/10/2014 02:55, 1079 bytes, A Adds the file TaskScheduler-license.txt"="30/10/2014 02:55, 0 bytes, A Adds the file UAC-license.txt"="19/05/2014 21:10, 956 bytes, A Adds the folder C:\Program Files (x86)\RapidReader_1.10.0.21\Service Adds the file rrsvc.exe"="28/07/2015 23:45, 300120 bytes, A In the existing folder C:\Windows\System32\drivers Adds the file rrfd_vt_1_10_0_21.sys"="28/07/2015 23:45, 61320 bytes, A Adds the file rrfd_vw_1_10_0_21.sys"="28/07/2015 23:45, 57736 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RapidReader_1.10.0.21] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe" "DisplayName"="REG_SZ", "RapidReader 1.10.0.21" "DisplayVersion"="REG_SZ", "1.10.0.21" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "RapidReader" "UninstallString"="REG_SZ", "C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe" "URLInfoAbout"="REG_SZ", "http://www.rapidreaderapp.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RapidReader_1.10.0.21] "cr-at"="REG_SZ", "" "cr-pid"="REG_SZ", "" "cr-ver"="REG_SZ", "44.0.2403.155" "dbsr"="REG_SZ", "firefox" "features"="REG_SZ", "0x01000000" "ff-at"="REG_SZ", "" "ff-pid"="REG_SZ", "" "ff-ver"="REG_SZ", "38.0.5 (x86 en-GB)" "hid"="REG_SZ", "1FB0C54E-C74D-AB91-A3A6-1983589F206E" "ie-at"="REG_SZ", "" "ie-pid"="REG_SZ", "" "ie-ver"="REG_SZ", "11.0.9600.17959" "iid"="REG_SZ", "00000000-0000-0000-0000-000000000000" "itm"="REG_SZ", "2015-08-17T10:01:35Z" "nf-at"="REG_SZ", "152FC7A2-21F3-0E86-B082-C9CFE44E5197" "nf-pid"="REG_SZ", "1283F2E4-FEAD-485F-9289-1CC82ACB750F" "nid"="REG_SZ", "7D5BAFA9-43AD-43BF-9BAE-D2823A38F2CB" "osn"="REG_SZ", "Windows 7 Ultimate" "ost"="REG_SZ", "x64" "osv"="REG_SZ", "6.1.7601" "user_sid"="REG_SZ", "S-1-5-21-612512518-1730918975-1677248042-1002" "ver"="REG_SZ", "1.10.0.21" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrfd_vt_1_10_0_21] "DisplayName"="REG_SZ", "rrfd_vt_1_10_0_21" "ErrorControl"="REG_DWORD", 1 "Group"="REG_SZ", "PNP_TDI" "ImagePath"="REG_EXPAND_SZ, "system32\drivers\rrfd_vt_1_10_0_21.sys" "Start"="REG_DWORD", 1 "Tag"="REG_DWORD", 10 "Type"="REG_DWORD", 1 "WOW64"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrfd_vt_1_10_0_21\Enum] "0"="REG_SZ", "Root\LEGACY_RRFD_VT_1_10_0_21\0000" "Count"="REG_DWORD", 1 "NextInstance"="REG_DWORD", 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rrsvc_1.10.0.21] "Description"="REG_SZ", "This service enables RR 1.10.0.21 on HTTP websites" "DisplayName"="REG_SZ", "RR 1.10.0.21 Client Service" "ErrorControl"="REG_DWORD", 1 "ImagePath"="REG_EXPAND_SZ, ""C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe"" "ObjectName"="REG_SZ", "LocalSystem" "Start"="REG_DWORD", 2 "Type"="REG_DWORD", 16 "WOW64"="REG_DWORD", 1Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17/08/2015 Scan Time: 12:09 Logfile: mbamRapidReader.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.08.17.04 Rootkit Database: v2015.08.16.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 329812 Time Elapsed: 4 min, 23 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe, 1528, Delete-on-Reboot, [62862bde6922fa3c983a186ff80d33cd] Modules: 0 (No malicious items detected) Registry Keys: 4 PUP.Optional.RapidReader.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrsvc_1.10.0.21, Quarantined, [62862bde6922fa3c983a186ff80d33cd], PUP.Optional.RapidReader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RapidReader_1.10.0.21, Quarantined, [2fb9fa0f94f737ffd8fa7f087a8bd927], PUP.Optional.RapidReader.A, HKLM\SOFTWARE\WOW6432NODE\RapidReader_1.10.0.21, Quarantined, [6880ce3bb3d8c67075fe961e8f7525db], PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RRFD_VT_1_10_0_21, Quarantined, [29bfde2babe0fa3ccd14b6f77b89639d], Registry Values: 2 PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrfd_vt_1_10_0_21|ImagePath, system32\drivers\rrfd_vt_1_10_0_21.sys, Quarantined, [29bfde2babe0fa3ccd14b6f77b89639d] PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rrsvc_1.10.0.21|ImagePath, "C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe", Quarantined, [fbed0affef9c9e98bac05f4518ec3dc3] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21, Delete-on-Reboot, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service, Delete-on-Reboot, [856337d2741759ddad705cbb49bab24e], Files: 18 PUP.Optional.RapidReader.A, C:\WINDOWS\SYSTEM32\drivers\rrfd_vt_1_10_0_21.sys, Delete-on-Reboot, [19f705642b95208ca9408d84808b7bb3], PUP.Optional.RapidReader.A, C:\WINDOWS\SYSTEM32\drivers\rrfd_vw_1_10_0_21.sys, Delete-on-Reboot, [15c10c9b376ee5fb8fe970b991705b92], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Service\rrsvc.exe, Delete-on-Reboot, [62862bde6922fa3c983a186ff80d33cd], PUP.Optional.RapidReader.A, C:\Users\{username}\Desktop\rapidreader-setup.exe, Quarantined, [1ace09008efdd95dd1012a5d4eb7a15f], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\Uninstall.exe, Quarantined, [2fb9fa0f94f737ffd8fa7f087a8bd927], PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [a84008017b1053e3c0215c3c7292a060], PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [22c630d9711a2e081fc2e2b6b450d828], PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [697f9871eba0dc5a20c1049436ce7888], PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [7573c940f893c96d667bbddbc83ceb15], PUP.Optional.Vitruvian.A, C:\Users\{username}\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [32b6e3262d5e4ee87b6602963bc9867a], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\terms-of-service.rtf, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\buildcrx-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\nsJSON-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\Nustache-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], PUP.Optional.RapidReader.A, C:\Program Files (x86)\RapidReader_1.10.0.21\3rd Party Licenses\UAC-license.txt, Quarantined, [856337d2741759ddad705cbb49bab24e], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention