Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rikvm_38f51d56.sys


  • Please log in to reply

#1
nikkidak

nikkidak

    New Member

  • Member
  • Pip
  • 2 posts
this root kit virus keeps returning after microsioft, norton and kaspersky rempovals
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
I think it's a false positive. The file is from Cyberlink PowerDVD. There are lots of people complaining about the file - all with Norton. http://www.tomshardw...ia-suit-rootkit

If you still want us to help you remove it you need to post an OTL log. (See the top post in this forum)

Ron
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#4
nikkidak

nikkidak

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
i appreciate your efforts but norton say not let the run/save program. also this is too technial for me to operate. i dont know what else to do nikkidak
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
There is nothing wrong with OTL. It is common for Norton to complain. We get them to fix it then OldTimer puts out a slightly different version then they flag it again. Just turn off Norton or tell them to ignore the file.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP