File: readme.txt
Location of readme.txt and Associated Malware
Check whether readme.txt is present in the following locations:
readme.txt file locations that are Windows version independent:
- C:\downloads\cracks\cgis\readme.txt
- C:\Program Files\Atelier Web\AWSPS 4.61\README.TXT
- C:\Program Files\ao2000pr\readme.txt
- [%DESKTOP%]\utils\showin\readme.txt
- C:\Windows\System32\AKL\readme.txt
- C:\Windows\TEMP\Rar$EX[%NUM%].[%NUM%]\readme.txt
- C:\Windows\TEMP\Rar$DI03.108\readme.txt
- C:\Program Files\Aureate\Group Mail\readme.txt
- [%ANY_DRIVE%]\Aureate\Group Mail\readme.txt
- C:\Program Files\Crime Catcher\readme.txt
- C:\Program Files\HomeKeyLogger\README.TXT
- C:\hyperspin1.0\emulators\Mugen\JUEGOS\Dragon ball Z Sagas Mugen\chars\freeza1\README.TXT
- [%DESKTOP%]\OptixPro\Readme.txt
- C:\respaldo antonio carrillo\Mis documentos\Mis documentos\new msn\readme.txt
- [%ANY_DRIVE%]\1 JOCA NAREZANO\PROGRAMI\BEZBEDNOST\TWEAKER\REG TWEAK ULTRA\rtm\readme.txt
- [%ANY_DRIVE%]\1 JOCA NAREZANO\PROGRAMI\BEZBEDNOST\PROCESS\Remote Task Manager\readme.txt
- C:\Program Files\Helper\readme.txt
- C:\Windows\System32\SKInNT\readme.txt
- C:\Program Files\Web_Rebates\README.txt
- C:\Program Files\WebRebates4\README.txt
- C:\Program Files\whInstall\readme.txt
Windows 2000, Windows XP, Windows Server 2003 specific readme.txt file locations:
- C:\Documents And Settings\USER_NAME\Application Data\IDM\mspass\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\X1\c2\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\X1\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp1_Advanced.ACT.Password.Recovery.v1.11.zip\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\X1\c1\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\X1\c3\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\Hotmail Email Hacker\Hotmail Email Hacker\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp1_Advanced.Mailbox.Password.Recovery.v1.5.7.161.zip\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$DR01.421\readme.txt
- C:\Documents And Settings\USER_NAME\My Documents\Downloads\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\cgi\README.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$DR01.859\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temporary Directory 8 for Hacking_software_Collectin_by_Hackers_Menia__Build_1.0_.zip\Trojans-Backdoors\Keyloggers\k3yl0g3r\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS497.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS994.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS5F.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\HotmailHacker_XEdition\README.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\temp.fr????\README.TXT
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\hotmailhack\README.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EXa0.944\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EX[%NUM%].[%NUM%]\Texts\ReadMe.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$EXa0.237\NetBus\Readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$DR00.657\Subseven Arabic\skins\Xavier\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$DR00.969\Subseven Arabic\skins\Xavier\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Rar$DI00.823\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp2_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp1_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp3_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp2_NetDevil v1.5.zip\ReadMe.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp1_NetDevil v1.5.zip\ReadMe.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\Temp3_NetDevil v1.5.zip\ReadMe.txt
- C:\Documents And Settings\USER_NAME\My Documents\My ISO Files\Data\CDFS\Security & Spyware\Malware\org.packetstormsecurity\readme.txt
- C:\Documents And Settings\USER_NAME\My Documents\TrojanSimulator\Readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS18.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS4.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZS23.tmp\readme.txt
- C:\Documents And Settings\USER_NAME\Local Settings\Temp\WZSAD0.tmp\readme.txt
Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific readme.txt file locations:
- C:\Users\USER_NAME\AppData\Roaming\IDM\mspass\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\X1\c2\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\X1\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp1_Advanced.ACT.Password.Recovery.v1.11.zip\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\X1\c1\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\X1\c3\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\Hotmail Email Hacker\Hotmail Email Hacker\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp1_Advanced.Mailbox.Password.Recovery.v1.5.7.161.zip\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$DR01.421\readme.txt
- C:\Users\USER_NAME\Documents\Downloads\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\cgi\README.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$DR01.859\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temporary Directory 8 for Hacking_software_Collectin_by_Hackers_Menia__Build_1.0_.zip\Trojans-Backdoors\Keyloggers\k3yl0g3r\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS497.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS994.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS5F.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\HotmailHacker_XEdition\README.txt
- C:\Users\USER_NAME\AppData\Local\Temp\temp.fr????\README.TXT
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\hotmailhack\README.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EXa0.944\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EX[%NUM%].[%NUM%]\Texts\ReadMe.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$EXa0.237\NetBus\Readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$DR00.657\Subseven Arabic\skins\Xavier\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$DR00.969\Subseven Arabic\skins\Xavier\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Rar$DI00.823\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp2_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp1_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp3_rainbowcrack-1.2-win.zip\rainbowcrack-1.2-win\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp2_NetDevil v1.5.zip\ReadMe.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp1_NetDevil v1.5.zip\ReadMe.txt
- C:\Users\USER_NAME\AppData\Local\Temp\Temp3_NetDevil v1.5.zip\ReadMe.txt
- C:\Users\USER_NAME\Documents\My ISO Files\Data\CDFS\Security & Spyware\Malware\org.packetstormsecurity\readme.txt
- C:\Users\USER_NAME\Documents\TrojanSimulator\Readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS18.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS4.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZS23.tmp\readme.txt
- C:\Users\USER_NAME\AppData\Local\Temp\WZSAD0.tmp\readme.txt
If you find readme.txt file in any of these locations, your computer is very likely to be infected with the following malware:
IMPORTANT: Malware files can be camouflaged with the same file names as legitimate
files. The readme.txt file is associated with malware only if found in the locations
listed above.
Notes:
- You can check if readme.txt is associated with the malware listed above by running a Exterminate It! Free Scan.
- You can easily remove all the files listed above with Exterminate It! Antimalware.
Different Variations of readme.txt File^
| File Size | File Md5 | Last Seen |
|---|---|---|
| 515 | B4DD5A73CC167FC36AACEFDBC60F618E | Jun 20, 2010 |
| 2137 | 12FE93ABA3319838E27E133F77724048 | Jul 7, 2010 |
| 1533 | E4C96FC384C06DA6B6E186D3A1358EE2 | Jul 12, 2010 |
| 139 | F704CA34DBA8EC8B447F41CA69118884 | Jul 12, 2010 |
| 2386 | 63DAC046804DFF044C1F41CBCA9B2A91 | Oct 17, 2010 |
| 3065 | 7B53A3CF6DC6975296120167AAD84C09 | Jul 16, 2010 |
| 3851 | AFF2B4C4362988B323B39CBE3559DC02 | Aug 1, 2010 |
| 791 | 798923940DE97898CA025072EBF0221E | Aug 17, 2010 |
| 4137 | EDE13C986094C567EC2B4EBE937D23A4 | Jun 20, 2016 |
| 10171 | 80CB216040E5852A4BFDAE494BA883A9 | Nov 10, 2010 |
| 552 | DA9B5B50A50D19BA7CEB6912D33BBC57 | Jul 12, 2011 |
| 1888 | FA1A9EE568E62FBB048A3D2F471B794B | Sep 30, 2012 |
| 6642 | 8B514F4DFE4F583A8FC1FDC44054C94B | Aug 10, 2011 |
| 442 | 563FA561BE8C5C5FA37CA661C54F35FA | Aug 18, 2011 |
| 1304 | C009202CA70E7F5AEA3867331D48D1CB | Nov 11, 2011 |
| 356 | B05412AF5F00DC3108A148334A086EB0 | Jan 22, 2012 |
| 995 | 8B7884126AB54CE7945CFC42956BCADC | Jul 14, 2014 |
| 4484 | 52C29009363DC0457A7887C4CEB878B8 | Oct 14, 2012 |
| 2242 | 464C727D7C7BAF46D2061D314462903E | Oct 19, 2012 |
| 204 | E95A74136CB65B9D5DA070758FAD45AB | Oct 19, 2012 |
| 9774 | 82632B820C3A824786D7E08004642063 | Nov 19, 2012 |
| 2387 | 27B9061094B5C3A3B070553ABD22214B | Mar 21, 2014 |
| 416 | 42BE71ACB9066B848688908DC3B2DFAD | Jun 6, 2013 |
| 255 | 3C0DBEBACAD99E6B32344D03B492DEA9 | Jul 4, 2013 |
| 4952 | AC147455863608B1E253C9E2BBB7749E | Mar 29, 2014 |
| 4566 | 49C215FDD4BEEEC2C83381280AD62AAB | Jul 2, 2014 |
| 939 | 92FCF5BB8D5074E61991BD6E3BE528FB | Mar 9, 2015 |
| 69 | 13AACE1DD9A721B6B145BA7F5A342F77 | Apr 14, 2015 |
| 2339 | 332C2F998F790CFC834749323156862E | Nov 2, 2015 |
| 1013 | 816329C308E91F70A31B366CCEA9FF88 | Mar 1, 2016 |
| 1795 | 29F17D0E5B977182EB5B9472CC2E3DBB | Feb 12, 2016 |
| 2954 | D613741468518D359ACE3BCB6DC8832C | Feb 19, 2016 |
| 831 | C6E6C2FF38A623353A61B9C48BAE8AEF | Mar 26, 2016 |
Why Is It Important to Remove Malware Files?^
It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:
- Disrupting the normal functioning of the operating system or rendering it completely useless.
- Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
- Directing all your Web searches to the same unwanted or malicious sites.
- Dramatically slowing down your computer.
- Gaining total control of your PC to spread viruses and trojans and send out spam.
How to Remove readme.txt^
- To enable deleting the readme.txt file, terminate the associated process in the
Task Manager as follows:
- Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
- In the Tasks Manager window, click the Processes tab.
- On the Processes tab, select readme.txt and click End Process.
- Using your file explorer, browse to the file using the paths listed in Location of readme.txt and Associated Malware.
- Select the file and press SHIFT+Delete on the keyboard.
- Click Yes in the confirm deletion dialog box.
- Repeat steps 2-4 for each location listed in Location of readme.txt and Associated Malware.
- The deletion of readme.txt will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
- The deletion of readme.txt will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.
Notes:
Deleting Locked Files^
You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.
After you delete a locked file, you need to delete all the references to the file in Windows registry.
To delete a locked file:
- Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
- Restart your computer.
The file will be deleted on restart.
Note: In the case of complex viruses that can replicate themselves, malware
files can reappear in the same locations even after you have deleted those files
and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.
To remove all registry references to a readme.txt malware file:
- On the Windows Start menu, click Run.
- In the Open box, type regedit and click OK. The Registry Editor window opens.
- On the Edit menu, select Find.
- In the Find dialog box, type readme.txt. The name of the first found registry value referencing readme.txt is highlighted in the right pane of the Registry Editor window.
- Right-click the registry value name and select Delete on the menu.
- Click Yes in the Confirm Value Delete dialog box.
- To delete all other references to readme.txt, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the
same file names. To avoid deleting a harmless file, ensure that the Value column
for the registry value displays exactly one of the paths listed in Location of readme.txt
and Associated Malware.
I got to say that so far I'm very please with your service. This is my first experience with your company. I have used in the past SpyHunter,Malwarebytes,SpyBlaster, for my detection with Mcafee antivirus/firewall.