Not what you were looking for? Ask our experts!
Reply
Visitor
MarkMagruder
Posts: 2
Registered: ‎10-20-2011

Norton Power Eraser doesn't erase rikvm_C6F09094.sys...

Quick and Full Scan do not see this malware,rikvm_C6F09094.sys file, only NPE.exe sees it but does not erase it.  Not sure if the name means anything.  The only thing I know is NPE says the file is malware and after 5 attempts (3 I think constitutes OCD...) it keeps showing up.  I was told to try the Bootable Recovery Tool. Anyone have a fix or other info?

DistEd2
Posts: 1,965
Kudos: 412
Solutions: 81
Registered: ‎08-11-2011

Re: Norton Power Eraser doesn't erase rikvm_C6F09094.sys...

Hi, MarkMagruder,

 

Welcome to our community. I'm sorry your post got moved, as it will likely not be seen here by the folks who work with malware the most (who tend to frequent either the Norton 360 forum you started on or the Norton Internet Security forum).

 

In general, though, any malware that NPE can't remove is likely reflective of something much more severe--like a rootkit--that requires more advanced tools and one-on-one guidance from a real expert (which I am not!) to fix.

 

At this point, it is best to refer you to the recommended forums, where a real malware expert can work with you one-on-one in real time to dig these things out. Some of our best folks here have checked them out to make sure that they are capable, and competent to deal with rootkits and other nasties. Most of them handle tricky Windows problems as well.

 

 

Just sign up for one of their free accounts--where required--and go to the forums; don't click on any of the ads! Note that some of these forums (like bleepingcomputer) require that once they begin working with you, you not consult any other sources on your infection until it's resolved--and will close your case if you do. This is important, to avoid confusion (and really bad outcomes) resulting from trying to follow several people's advice at once! LOL

 

Good luck, and please let us know how it turns out!

Visitor
MarkMagruder
Posts: 2
Registered: ‎10-20-2011

Re: Norton Power Eraser doesn't erase rikvm_C6F09094.sys...

more info:  NPE Results: 

 

FILE INSIGHT

rikvm_ C6F09094.sys found in (but not visible): \Windows\system32\Drivers

 

Reputation Details

 

Signature: Not Available,  UNKNOWN  Number of users in the Norton Community that have used this file: Unknown

 

Installed: Not Available,  UNKNOWN  This file release is currently not known.

 

Startup Item: No    UNKNOWN There are no indications about this file.

 

Threat Details >  (missed it, it may have said UNKNOWN too)

 

Should I worry about this file?

Contributor
Defence
Posts: 32
Registered: ‎08-01-2011

Re: Norton Power Eraser doesn't erase rikvm_C6F09094.sys...

Obviously this Rootkit is blocking you from removing it, so what you would want to do is:

 

Restart computer...

 

While it is booting up keep pressing F8

Then when you see the list of options, click 'Safe mode with Networking'.

Wait for it to start-up, then when you're logged in run a full scan with Norton.

It should find your Rootkit ( If it is one ) and remove it, safe mode only starts system files up.

It doesn't let other unknown files execute.

 

If it doesn't find anything, and NPE still tells you that it is a bad file, remember that it uses ultra sensitive heuristics.