How to Remove the Reader_s.Exe Virus

If you are unlucky like I am, then you have gotten one of the nastiest buggers out there. The reader_s.exe virus is very tricky and fast moving. Since A full reformat and reinstall wasn't an option (always back up your data), and after a few weeks of researching forums, scanning and following many users advice, I found a way to get rid of it. This method is for Windows users.

Know your enemy.

First, let me tell you what this virus is and what it does. This particular virus is part of the "virut" family. That is virus/trojan mix. A virut is basically a patching virus meaning it will infect any type of executable (*.exe, *.HTML, *.scr). The longer it is on your machine the more executables are infected. This particular virut was written to use your email to send out spam and tie up your bandwidth. It also opens up port 66550 and calls out to other malicious software. It also hides itself when it detects the system doing a virus scan. It apparently jumps around folders until the scan is finished. Even more annoying, this virus will copy itself to any usb thumb drive or external drive by adding an autorun.ini and a random *.exe. So when you insert the drive into another PC it will autorun the *.exe and infect the next computer.

Bug Hunting

I first suspected something was wrong when Road Runner contacted me telling me they noticed I have sent over 1 million emails and that I might be infected. So I started a virus scan with malwarebytes and there it was, mocking me. Most anti virus scanners find it and remove, however once you restart it comes right back and you don't know where it came from. From the research I have done, this virus will let you delete it and not show up on another scan until it detects a network connection or a device like a media card or external hard drive.

Extermination

Finally, a successful way of getting rid of the virus. I waited a full month to write this just in case it showed up again since it hides very well. After a month still no sign of it and my email server hasn't complained about me. So here are the steps...

1. First you need two FREE programs and your windows disc. Malwarebytes anti-malware, which you can get here. And AVG's rmvirut.exe which you can get here.

2. Install and update malwarebytes, but don't scan just yet. Place rmvirut.exe in your C drive. It has to be in the root drive or this will not work as well.

3. Once files are placed, unplug any network cables and restart in safe mode. This is done by continuously tapping F8 as you restart the PC.

4. Run Malwarebytes on full scan. When it finds the infected files remove them and it will want to restart. Go ahead and restart but keep pressing F8 to go into safe mode again. Rinse and repeat until you do a full scan and find no infections.

5. Once malwarebytes says you aren't infected, restart and boot into your windows disc. We aren't doing a full reinstall so don't worry your files should be safe. We are choosing "repair your computer". One of the options should say "command prompt". Once selected it should bring up a black screen like the old DOS days. First type "C:" (without quotes) then enter. It should be on your C: drive. Then Type "rmvirut" and the program should start running.

6. Go to a movie or two as this will take a long time. You can leave any usb's or external drives you feel might also be infected because rmvirut will scan all drives.

7. When it says it is finished, run again just to be safe. My first scan I found 831 infections and on the second I found 4. Third didn't find any. Remember it only takes one to start the process all over again so better do it now. Since you aren't really using your Operating system to scan, the virus doesn't realize it is being destroyed and won't try to hide as much.

8. Reconnect your network and restart. Periodically doing scans. Like I said, after this method I have been scanning for a month and no issues.