RinoReader

Posted: May 4, 2015

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	13,455
Threat Level:	1/10
Infected PCs:	684

First Seen:	May 4, 2015
Last Seen:	August 29, 2023
OS(es) Affected:	Windows

RinoReader is an adware program that provides some legitimate features to justify its injection of new, sponsored content into your browser. Potentially Unwanted Programs (PUPs) like RinoReader may be evaluated individually, but may turn into unintended threats to your browser's security or sources of harm to your Web-surfing experience. In most cases, malware researchers see few to no reasons not to delete RinoReader with a qualified anti-adware program and find less advertising-heavy sources of its features.

Reading PDFs with a Rhino's Weight in Advertisements

RinoReader markets itself as an alternative to other brands of PDF-reading tools, such as Acrobat, albeit only as an add-on for your default Web browser. In addition to this feature, malware experts also saw RinoReader including features characteristic of Potentially Unwanted Programs that could harm your browsing experience, both in terms of security and quality of life. They narrowed the most notable of these side effects from RinoReader down as follows:

RinoReader may inject sponsored advertisements into your browser's Web pages, potentially interfering with the format of the websites in question.
RinoReader may reset your browser's homepage or new tab settings, a function also called a browser hijack.
RinoReader may install additional software besides itself, including, but not limiting to other browser add-ons or toolbars.

Along with these highly visible symptoms, RinoReader also may be identified through its files, which you can locate in the 'rinoreader' subdirectory of your Program Files folder. Unlike some adware, malware researchers have failed to find any signs of RinoReader's mislabeling its files for concealment purposes.

Since most of these side effects run the risk of exposing you to other, unwanted software or reduce your control over your Web browser, malware experts have classified RinoReader as a Potentially Unwanted Program. Although investigations are still verifying all the browsers modifiable by RinoReader, this adware only has been seen on Windows systems, including Windows Vista, 7 and 8.

Ducking Away from Charging Advertrisements

Despite RinoReader being installable at its website, RinoReader also may make use of alternate distribution methods, such as being bundled with third-party freeware on other sites. Many of these bundle-based installation tools can be identified by qualified PC security products. However, after being installed, RinoReader may install additional software, on its own, in addition to any changes RinoReader makes to your Web browser. The full consequences of any individual RinoReader installations are, therefore, highly variable.

Malware researchers rarely find any software benefits worth taking the risk of allowing third parties to control your Web browser or what applications are on your machine. While PDF readers provide valuable services for viewing specialized Web content, in no case should their functions be forced to include homepage hijackings, advertisement injections or other 'features' typical to RinoReader. Unless you've chosen to install this adware intentionally, using proper anti-adware solutions to delete RinoReader naturally should be considered as your first response.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Program Files\RinoReader\uninst.exe

File name: C:\Program Files\RinoReader\uninst.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

C:\Program Files\rinoreader\rinoreader.exe

File name: C:\Program Files\rinoreader\rinoreader.exe
MD5: 974375d436ff17602501eef7f1fe0333
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

pdfium.dll

File name: pdfium.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

PdfiumViewer.dll

File name: PdfiumViewer.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}Software\Classes\RinoReaderSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RinoReader.exeSoftware\RinoReaderSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\RinoReader.exeHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}RinoReader

Additional Information

The following directories were created:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\RinoReader%PROGRAMFILES%\RinoReader%PROGRAMFILES(x86)%\RinoReader