Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rikvm_38f51d56.sys

Started by nikkidak , Sep 23 2012 02:42 AM

  • Please log in to reply

#1
nikkidak
Posted 23 September 2012 - 02:42 AM

nikkidak

    New Member

  • Member
  • Pip
  • 2 posts
this root kit virus keeps returning after microsioft, norton and kaspersky rempovals
  • 0

Advertisements

#2
RKinner
Posted 24 September 2012 - 07:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I think it's a false positive. The file is from Cyberlink PowerDVD. There are lots of people complaining about the file - all with Norton. http://www.tomshardw...ia-suit-rootkit

If you still want us to help you remove it you need to post an OTL log. (See the top post in this forum)

Ron
  • 0

#3
RKinner
Posted 25 September 2012 - 01:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#4
nikkidak
Posted 25 September 2012 - 03:59 PM

nikkidak

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
i appreciate your efforts but norton say not let the run/save program. also this is too technial for me to operate. i dont know what else to do nikkidak
  • 0

#5
RKinner
Posted 25 September 2012 - 04:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
There is nothing wrong with OTL. It is common for Norton to complain. We get them to fix it then OldTimer puts out a slightly different version then they flag it again. Just turn off Norton or tell them to ignore the file.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP