01-19-2009 02:46 PM
Norton keeps detecting this file in my windows/system32/driver directory. It deletes it everytime it detects it. The thing is, whenever i access any of my harddrive, the same window from norton keeps popping up(saying that it has found a virus...and has deleted klif.sys. I have norton internet security 2006. I have all the updates and have done a full scan, but no viruses are found. Any suggestion on how to get rid of it? I also have trendmicro antispyware installed. Both of them came with the sony laptop.
01-19-2009 03:12 PM
klif.sys is a driver file belongs to the Kaspersky range of products, and seems most likely to be an anti-rootkit scanner. It is located in the folder C:\Windows\System32\drivers or sometimes in a subfolder of C:\Windows\System32. If you had Kaspersky Internet Security Suite earlier, you either have it still installed or remnants are left of it. Since it is a part of the anti-rootkit scanner of Kaspersky, Norton may be identifying it as a threat related to root kit. You should go to their web site (www.kasperskylabs.com) and download the Removal Tool for their products (here is the link http://support.kaspersky.com/faq/?qid=208279463). When you download the tool, save it to your desktop. Follow the instructions on the web page; these will explain how to remove their products leftover files even if you do not have the entire product installed any longer.
klif.sys can also be a varient of the threat "Hacktool.Rootkit". You can upgrade your current NIS 2006 to NIS 2009 and run a scan using it.
1. Download the Norton Internet Security 2009 from this LINK, don't install it now.
2. Go to your Norton Account using this LINK and note down the product key of NIS 2006.
2. Download and run Norton Removal Tool from this LINK. This is to remove the Norton 2006 program.
3. Now install Norton 2009 and activate it using the same Product key from your Norton Account.
4. Run a LiveUpdate, and then Full System Scan.
Let us know the results.
01-19-2009 10:40 PM
Couldn't find how to register product, so I didn't use NIS09. I never had kap so it couldn't be from that. It was a hacktool.rootkit for sure though. I got rid of it using another product. No more pop ups from norton when I access my drives. Not gonna mention it here since its not norton.
Thanks for the suggestions anyways.