Urgent Advisory

georgebaileyster

Feb 27 2009, 11:21 PM

This is an urgent advisory to all of you out there. The issue is surrounding reader_s.exe and the false information on removal.

This file is not the issue, it is the product of the issue..... In simple terms, reader_s.exe is not a virus upon initialization which is why your Anti-virus and firewall can't find it. I have taken the time to produce a full explanation in simple english and instructions on how to remove it as well as re-building the system safely without re-infection occuring.

You can freely download the PDF file from our sub-site at www.jcreate.tk - this is not a joke but a genuine and serious responce to a genuine and serious threat. I will not be posting this info on any other forums or sites so leave it to the good people out there to pass the message on.

This infection installs itself as part of your anti-virus and firewall and therefore, all other trojans, worms and viruses it downloads and installs are also invisable.....

Suffice to say, if you choose to ignore and you catch a cold then so be it. Sorry for being cold on this one but am fed up with all AV companies and Adobe for ignoring information provided to them and leaving the Internet public blind.....

Good Luck.

Comment/Reply (w/o sign-up)

Saint_Michael

Feb 28 2009, 06:03 PM

Although it would help to provide more information about this threat such as how can people get it, what names does it go by and such stuff like that, of course it would be better to provide a better crediable removal website then the one you provided since all we know is your site could be booby trapped with it.

So to help those understand this threat more check out the following sites:

Site #1

Site #2

Alternate Removal Site

Comment/Reply (w/o sign-up)

georgebaileyster

Feb 28 2009, 07:05 PM

QUOTE (Saint_Michael @ Feb 28 2009, 08:03 PM)

Saint Michael,

I appreciate your comments and understand why you say this. However, the whole point is this:-

We were infected with this little problem some three weeks ago and, obviously, searched for all credible sites and answers to the problem. All we got was re-infection...... What happens is this. Some twit downloads something they shouldn't, then, the first section of the installer is the one writeing to the windows folders and registry as part of the program installation - following so far - As their is no virus at this point in time, their is no protection. Next, system reboots during which the cloned windows files are written just before power down and registry entries made - at this point in time ALL windows applications INCLUDING windows itself have already quit - so, when restarted, the registry and cloned files now exist in place of the originals and by the time windows has started - particularly if you have xDSL or similar, you have already downloaded and installed at least half a dozen trojens.... these also run un-discovered as they first one is registered as part of your anti-virus and firewall apps.

Aside from that, you don't get viruses from PDF files (not yet at least). We have reported the issue to numerous AV majors as well as Adobe with no response. It took 7 days and 5 nights to get this all tracked, traced and debugged.

The reason I cannot give a list of known files is simply we do not the full origins as yet, only the reader version of which i can tell you version 6 was released last week - am just analysing the files as I write this...

I have attached the PDF to this post as at weekends the African xDSL actualy provides more than 400bytes per second...

Warmest regards

George

Comment/Reply (w/o sign-up)

Similar Topics

Keywords : Urgent Advisory Undetectable Malicious Code Threat

Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability - (1)
What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof...

Antivirus Xp 2008, Antivirus Xp 2009 - Recent Trojan Threat - find symptoms and fix (15)

Mozilla: Firefox Plugin Shipped With Malicious Code - (3)

This piece of news only affect Vietnamese users as the Vietnam language package was infected with
malware trojan called e Xorer, and so if you downloaded this language pack in the last few weeks run
a scan and the trojan should be picked up. Although this trojan is only a couple of months old and
so I don't think everyone has something for it, but check at your vendors website and see if
they have a solution for it. As for the cause of this infected plugin, they assume the authors
computer was infected at the time when they upload this plugin to the mozilla website...

Malicious Microprocessor Opens New Doors For Attack - (2)

Since hacking became the power house for the criminal underground, the one thing that most hackers
didn't have was the hardware knowledge to reengineer the hardware to the point that regardless
what they user did the computer would remain open to attacks. Yesterday the first step was taken to
actually hack computer hardware to be completely open to attacks as a team from the University of
Illinois took an altered computer chip in which it would grant back-door access to a computer and
attackers could unleash their havoc. This is a the gist of what they did to make ...

White Paper: Security Threat Report: 2008 - (0)

I saw this white paper and I thought I bring down some interesting information that has come from
2007 and leading into 2008. I have to say though that the information on this white paper is pretty
darn mind blowing as I bounce some facts to everyone. Of course since I been getting into this
since last year it is not all that surprising since I posted many topics about it as well.
-Sophos currently sees 6,000 new infected webpages each day -One infected page every 14 seconds
-Only about 1 in 5 of these sites is a hacker site -83 percent are hacked sites, or legitima...

Javascript Botnet Code Leaked To Internet - Big time warning (1)

Well lets start off by saying these 2 people are complete morons. The first guy who had this thing
loaded up on the internet so it could be shown on how it works and not securing it so it
couldn't be downloaded. Does a home server ring a bell? guess not. second guy for downloading
it and then uploading it to his site with the excuse that "he thought it would be useful to other
security professionals looking for ways to illustrate just how dangerous a scripting attack can be."
Now this code has been found on several websites and now could be use to hijack web brow...

Javascript Postamble(); What Is It? - when viewing a web source code it appears (5)

I was paranoid! After all that cleaning my computer from spyware I realized the following codes
were showing up constantly (everywhere I go) when I viewed a page source. Just before ends HTML
javascript ' src=' http://127.0.0.1:****/js.cgi?pca&r=***** '> /script > And after
HTML javascript '>postamble(); /script > WHAT DA HECK IS IT?? It looks like some java
script was calling from within my computer and *'s were changing constantly with each time I
refreshed a webpage for a source code. After few hours of searching, I found a ...

Teenager Claims To Find Code Flaw In Gmail - (23)

QUOTE A teenage blogger claims to have discovered a flaw in Google's Gmail service that
allows JavaScript to run, potentially allowing a malicious hacker to gather e-mail addresses or
compromise an account. The supposed flaw may already have been fixed, however. Advertisement: The
teenager identifies himself in his blog as a 14-year-old named Anthony. His entry about Gmail is
here. He wrote that he was trying to e-mail JavaScript code from a Yahoo account to a G-mail
account. The code will run in a preview pane, he wrote. But if the code is mailed from one Gma...

S Si/e Found In Source Of Word-created Web Pages! - URGENT ATTENTION REQUIRED if using word! (8)

Major Security Issue Exists in Source of Word-Created Web pages! This is an URGENT news
bulletin to anyone who owns a website!!! Problem: A serious security exploit exists in the source
of these documents that allows anyone who is able to view the source of the page to gain personally
identifiable information relevant to the document. This is due to Microsoft Word's method of
dealing with web pages - Microsoft Word, despite being able to create Web Pages/Templates, does not
actually understand their format, and so it stores the Word program data into the ...

[exploit] Phpbb 2.0.15 "viewtopic.php" - Remote PHP Code Execution Exploit (3)

phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print "\nphpBB
2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org" print " well,
just because there is none." import sys from urllib2 import Request, urlopen from urlparse import
urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' ' ENDTAG = '
' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += "printf("...

Looking for Urgent, Advisory

Urgent Advisory - Undetectable malicious code threat

Urgent Advisory - Undetectable malicious code threat