10-13-2012 01:13 PM
Norton gave me an error message and adviced me to download NPE.
I did and NPE found the following to be a BAD file RIKVM_38F51D56.SYS.
I had NPE fix the file....meaning delete it, but after every computer reboot this RIKVM_38F51D56.SYS file shows back up. Online research did not help in finding out what this file does except that it is linked to Cyberlink DVD or one of it's products. I disabled cyberlink at startup and NPE can not find RIKVM_38F51D56.SYS file anymore.
Now, is this a virus or spyware from cyberlink, and how do i get rid of it? It is hidden and can only be detected by NPE.
I do not know much about these things and need some advice if I should be worried for my computer or not.
10-13-2012 03:41 PM
It is a legitimate Cyberlink file. Norton Power Eraser is more aggressive than the regular Norton security products and posible false positives are something you need to be aware of when using the product. You always need to verify that the items NPE suggests to remove, are, in fact, malicious.
10-13-2012 04:36 PM
NPE was not able to delete that file. Initially it shows it as removed, but as soon as i reboot the computer and run another scan that file is right back. Isn't that suspicious? Just wondering since NPE is as you say more aggressive.
Thanks for your help
10-19-2012 07:32 AM
This file was also flagged up by Norton Power Eraser on my computer today (after NIS said it had detected an error).
I've read various replies from all sorts of people about this file - some say it's a genuine Cyberlink file, while others say it's definitely a rootkit virus! What are we to believe? For example - how do you know for sure, SendOfJive, that it is a genuine Cyberlink file? Have you checked with Cyberlink and got a definitive answer?
What I can't understand is that I can't see the file in the system32 drivers folder (where NPE says it is located), even with the options switched on to "show hidden files" and "not to hide protected operating system files".
Does any Symantec engineer have a view on this and, equally importantly, is NIS still protecting me if I ignore the error message that it produces (3048,3).
A view from someone who actually knows for sure whether this file is dangerous or not would be greatly appreciated.
10-19-2012 10:36 AM - edited 10-19-2012 10:37 AM
Searching the internet about the file seems mixed, while the majority say it's harmless/not a virus but is part of Cyberlink power DVD others are saying that it only appeared after downloading the Cyberlink dvd update & to not download this update at all as it is a rootkit virus. It seems if you uninstall the update the problem file also is removed however some cannot find the update listed, quite possible you may have to remove Cyberlink completely in order to get rid of the update & then reinstall the programme & leave the update alone.
All are using Norton products to discover it but are using NPE to try & clean their systems.
10-19-2012 12:38 PM
Are you having any symptoms of a rootkit (unexplained computer activity or internet usage, popups, browser redirects, etc.)? Do you have a Cyberlink program installed? If you have Cyberlink installed and the only suspicious thing you have seen is the NPE detection of that file, I would say it is most likely a false positive.
10-20-2012 10:22 AM
I don't have the symptoms of a rootkit (that you have described), but I have 3 Cyberlink programs that came preinstalled.
I've contacted Cyberlink techies to try and find out if the file in question is a genuine Cyberlink file or not. So far, I've only got a reply about not giving them enough info (even though I gave them the name of the file in question and also the names and version numbers of the Cyberlink progs I have on my pc. I've since sent another post to them to try and get a reply to the simple question "Is rikvm_38F51D56.sys a genuine Cyberlink file or not"? (You would think that shouldn't be too difficult a question to answer ... but who knows!).
10-24-2012 01:41 AM
I've finally got a reply from Cyberlink confirming that this file is indeed a genuine Cyberlink file that is part of PowerDVD 10 - see screenshot below. Also, it appears that they have informed Norton of the false positive detection of this file, so hopefully Norton can do something about it now. This should finally put this issue to rest.