Hi,
reader_s.exe is a VIRUT infection, it's very dangerous
It come from P2P.
Perhaps do you will have to (if you have one) use the "original" Windows CD.
And make a sfc /scannow (for repair windows process)
►
Save right now all your personal data >> on CD
For manage the deployment of this infection
• Try to don't close/reboot your pc
• When it's not necessary, let Internet connection close and if you can use another pc for download them following fix, it's better.
• Deactivate System restore :
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
(you'll reactivate it after all next step.)
Begin by delete process (infection).
• Open Hijackthis --> [Open the Misc Tools section] --> [Open process manager]
• Select
reader_s.exe --> press [Kill process] (remind is path)
Do same thing with these ones who were in hijackthis.
• C:\WINDOWS\system32\
7.tmp
• C:\WINDOWS\system32\
C.tmp
• C:\WINDOWS\TEMP\
1.EXE
• C:\WINDOWS\system32\
servises.exe
• C:\WINDOWS\system32\
regedit.exe
>> • Make same thing for other new process (infection).
Show hidden file and directory.
• If you need it for this task, use
Fix Policies.
•
After that, delete all of these "previous" infection on the disk.
_________________________________________________________________
Download FlashDisinfector :
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe
• If your antivirus react on Flash Disinfectopr --> deactivate is real-time protection,
• Double-click on Flash_Disinfector.exe,
• Follow instructions (plug all your USB External support..),
...
• Press Ok to make reappear the desktop
_________________________________________________________________
Download Dr.Web :
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
• Run it .. start the fast scan
• If processus are found --> select : Yes for all
When fast scan is complete
• select Options > Change configuration
• select Scanner, and unhook heuristic Analyse
• In main menu : select Analyse all,
• Select the green arrow for start the Scan --> a pub will appear close it.
• Click Yes for all ; if a file is find
When the scan is complete, if infection are find
• Chose "Select All" and Disinfection
• If unable to make the disinfection ; select Quanrantine
• In Main menu --> file --> save report on your desk
• Restart computer (important)
_______________________________________________________________________________________
Download AVPTool :
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
Restart.. in Safe Mode
• At the bip / Bios screen, press on "F8" (several time),
• Chose safe Mode,
• Enter in your usual account.
► Launch the AVPTool
• Hook everything and all disk.
When scan is complete
• Press on [Report] for Save the report
• post the report
•
Post all report and another hiajckthis.