Abs.Net web Page

Share Your Knowledge, Build your Network..

reader_s, thunmail\testabd.dll? It’s Virut. Make sure you Format it

Posted by absnet on 4 May 2009

Well, so long not writing virus removal, because there’s no new virus. But lately, my computer just infected. I found that there’s a process name reader_s and everytime users use explorer.exe, computer began unstable (hang). So, I restart the computer and using autoruns, I found this


Two reader_s. Try to search reader.exe in your google, and I confirmed that this is a virus. So I use process explorer to explore my running program. And reader_s and svchost.exe is there (svchost.exe not owned by windows program). I stopped the the processes and delete reader_s in that registry (place is above), delete the file and restart. But, what I’ve?

The virus is comeback again. I wonder about this situation. Virus should be killed in this way. Trying twice is not succeed. It must be another triggering program somewhere. So I try to dig further in Autoruns. Maybe this reader_s is called from dll files. I try to search using Total Commander. Here’s my search parameter

search param

Well, there’s not a good result, except another tmp and txt program. Impossible *.txt can be converted to exe programs, so there’s must be a line to convert or make another reader_s. Digging deeper in autorun, I found testabd.dll in Appinit tab. Testabd?. What the hell it is.

Typing testabd.dll into my google, and I confirmed that it’s a dangerous virus. Dangerous huh?. The location is in Program files/thunmail/testabd.dll. I try to delete this one and succeed. It’s mean, the dll is not uploaded in memory. I try again to search to ensure there’s no similar program as trigger. There’s No single one. Well, now, my computer should be free of virus!!. Restart again, and……

reader_s and testabd.dll coming there again!. So, I try to read carefully in google, what’s this file actually do?. Well, I found that:


VIRUT?… yes, you’re right. VIRUT.

There’s no other way to kill this virus except


Sorry, i can’t find another way. I’ve prove it!.

Maybe you can found an antivirus boasting that they able to clean this virus type. But I say, try it yourself, and your windows won’t work, because antivirus just delete your infected file. And luckily, the infected file is important windows file.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: