10-20-2011 12:58 AM
Quick and Full Scan do not see this malware,rikvm_C6F09094.sys file, only NPE.exe sees it but does not erase it. Not sure if the name means anything. The only thing I know is NPE says the file is malware and after 5 attempts (3 I think constitutes OCD...) it keeps showing up. I was told to try the Bootable Recovery Tool. Anyone have a fix or other info?
10-20-2011 08:29 AM
Welcome to our community. I'm sorry your post got moved, as it will likely not be seen here by the folks who work with malware the most (who tend to frequent either the Norton 360 forum you started on or the Norton Internet Security forum).
In general, though, any malware that NPE can't remove is likely reflective of something much more severe--like a rootkit--that requires more advanced tools and one-on-one guidance from a real expert (which I am not!) to fix.
At this point, it is best to refer you to the recommended forums, where a real malware expert can work with you one-on-one in real time to dig these things out. Some of our best folks here have checked them out to make sure that they are capable, and competent to deal with rootkits and other nasties. Most of them handle tricky Windows problems as well.
Just sign up for one of their free accounts--where required--and go to the forums; don't click on any of the ads! Note that some of these forums (like bleepingcomputer) require that once they begin working with you, you not consult any other sources on your infection until it's resolved--and will close your case if you do. This is important, to avoid confusion (and really bad outcomes) resulting from trying to follow several people's advice at once! LOL
Good luck, and please let us know how it turns out!
10-20-2011 11:33 AM
more info: NPE Results:
rikvm_ C6F09094.sys found in (but not visible): \Windows\system32\Drivers
Signature: Not Available, UNKNOWN Number of users in the Norton Community that have used this file: Unknown
Installed: Not Available, UNKNOWN This file release is currently not known.
Startup Item: No UNKNOWN There are no indications about this file.
Threat Details > (missed it, it may have said UNKNOWN too)
Should I worry about this file?
10-20-2011 02:25 PM
Obviously this Rootkit is blocking you from removing it, so what you would want to do is:
While it is booting up keep pressing F8
Then when you see the list of options, click 'Safe mode with Networking'.
Wait for it to start-up, then when you're logged in run a full scan with Norton.
It should find your Rootkit ( If it is one ) and remove it, safe mode only starts system files up.
It doesn't let other unknown files execute.
If it doesn't find anything, and NPE still tells you that it is a bad file, remember that it uses ultra sensitive heuristics.