• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

ctsvgn.sys?

I did a scan with Norton Power Eraser and it found ctsvgn.sys which it identified as dangerous, but was unable to remove it. Any idea what it is and how I can get rid of it?

Thanks.

Replies

Kudos0

Re: ctsvgn.sys?

Did you submit the item to Symantec/Norton with the button on the far right?

If you click on the item (risk column) you can copy the info to the clipboard and paste it in your next post.

Kudos0

Re: ctsvgn.sys?

I just did another scan and it came back with "no threats". Any idea what happened?

Kudos0

Re: ctsvgn.sys?

Maybe the reputation of this program changed, or it was detected (the first time) because it was temporary (in memory but not on the disk) and now after a reboot it is in neither place.

If it is still on your computer you can go to:

C:\Windows\System32\drivers\

and right click on it there and pick "file insight". Post the copy to clipboard details here.

Kudos0

Re: ctsvgn.sys?

I looked under System 32 and found nothing, plus I did a basic search, plus "run". Nothing.

I looked it up on Google but found nothing. Any idea what it was?

Kudos0

Re: ctsvgn.sys?

slsl60:

I looked under System 32 and found nothing.

 You need to look in the drivers folder (I'm not sure if you did or not)

plus I did a basic search, plus "run". Nothing.

I looked it up on Google but found nothing. Any idea what it was?

Not sure how "run" comes into play. All I find in searches is your other posts asking elsewhere. Are you sure you don't have a typo?

NPE saves logs which we may be able to read (they can be long and painful to read due to excess data)

C:\Users\[YourUserNameHere]\AppData\Local\NPE\

The logs would be *.XML files from the date you ran the scan. It would contain detailed info about the software running on your computer. Upload it if you want me to take a look.

Kudos0

Re: ctsvgn.sys?

Yes, I looked in the drivers folder and everything in System 32 as well. Run can sometimes find files than a search doesn't. No typo (I tried a number of permutations just to make sure). There are three .xml entries in NPE but it won't allow me to upload with this extension.

I opened the first in Wordpad and found this--

"><File_Information><Path>c:\windows\system32\drivers\ctsvgn.sys</Path><FileVersion>&lt;&gt;</FileVersion><ProductVersion>&lt;&gt;</ProductVersion><ProductName>&lt;&gt;</ProductName><Company>&lt;&gt;</Company><Copyrights>&lt;&gt;</Copyrights><MD5>02993EB0F7164E88502741BB7D53EAB5</MD5><SHA256>EB05A82708B224612B5E6CC6793BBC6EB9F81593CFCFC5C62B12EFB409AB8FAC</SHA256><FileSize>&lt;&gt;</FileSize><FileName>&lt;&gt;</FileName><Age>&lt;&gt;</Age><NortonRating>&lt;&gt;</NortonRating><Prevalence>&lt;&gt;</Prevalence></File_Information></File></FILES><SYSTEM_SETTINGS Count="0"/></Infections_Remediated></RemediationStatusPostReboot></Session0></Norton_Power_Eraser_Information>

Kudos0

Re: ctsvgn.sys?

You will need to put the XML file(s) in a zip file to upload it (also it may be semi-large).

Also, did you run any scans on your computer with any other software prior to scanning with NPE?

Kudos0

Re: ctsvgn.sys?

I'll give it a shot. At any rate, what I posed is the only part of the file that pertains to the Power Eraser.

I know I ran an Avast and a Malwarebytes scan and maybe a Kaspersky rootkit scan.

Kudos0

Re: ctsvgn.sys?

The reason I was doing overkill with the various scans is because I knee-jerked clicked on a link in an e-mail message that had a friend's address (I was waiting for his response) and someone had hijacked his address book (normally I'm very wary of links in e-mail messages). Te link was dead, but I was worried that something had been installed on my computer. But every scan except Norton has come up clean and now it appears that Norton is clean as well (?).

Kudos0

Re: ctsvgn.sys?

Well, if you had any 3rd party product like loaded (I'm not sure which avast product you could have used safely in parallel with Norton..) and you didn't reboot after running them (before running NPE) you likely picked up the in-memory trace of one of their temporary driver(s). A temporary driver may even use a random name.

The whole XML file was created by NPE, it's all NPE.

Kudos0

Re: ctsvgn.sys?

I'm going to assume that was the problem. I thank you very much for your help!

This thread is closed from further comment. Please visit the forum to start a new thread.