• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

iqvw64e.sys identified as threat

On my Windows 10 Dell computer the Norton Power Eraser scanning the registry has consistently identified iqvw64e.sys as "bad" and recommended it be removed.    But it always fails to remove it.

There was a thread on this last year.    The recommendation was to run Malwarebytes.    I did that and Malwarebytes could not identify a threat.    Has progress been made on this issue since the last thread?     What do I do now?

Thanks, Frankwich32

Replies

Kudos0

Re: iqvw64e.sys identified as threat

Kudos0

Re: iqvw64e.sys identified as threat

See if you can find the file on your computer from the information from the NPE scan. Then submit it to www.virustotal.com   If it comes back clean from there, it is possible it is a false positive detection. 

In that case you can report false positive indications here https://submit.symantec.com/false_positive/

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: iqvw64e.sys identified as threat

Thanks Norton Fighters.     I tried to locate where the file iqvw64e.sys is based on the Power Erasor link.    The locator pointed to the System32 Driver section, with the cursor landing alternately on the files 1020_Dell_INS_5570_Signature.mrk and the one just below it in the listing:  1394ohci.sys (called the "1394 Open HCI Driver").    Does one of these seem like the likely suspect?    I could open the files:  the Dell mrk file has a smaller contents that I can copy and paste below:

::-------------------------------------------------------
SDR Creating Date/Time 12/16/2017 12:25:59 AM UTC
Order Production Level: Production
::-------------------------------------------------------
::::**975ADC9C-DB52-11E1-0806-D4BED946D2D5**
HW snum 1000 - - NOT_SI
HW lang US US
HW destination US
SW odm_package IMAGEGROUP01 WT4 ENG OSVERSION01
SW odm_image_name btoapp64114_05A001.img
BP WT4 0/V4DPY
BP WINDOWSOS 0/V4DPY
BP TITAN 0/V4DPY
BP SIGNATURE 0/3XMWM
BP RCVRYIMG 0/0WJWR 0/N4V0W 0/W171T
BP OSL-ENG 0/V4DPY
BP FIST 0/57154
BP 64BIT 0/V4DPY
rem titan DISKPREP 
SI sw  V4DPY SRV,OS,WIN10,64,ENG
rem titan PREPUP 
rem titan EBTS 
SI sw  GYTDF SRV,SW,WIN10,RDX
SI sw  9MK2C SRV,REMOVE,CHINA,CTA
SI sw  T2673 SRV,OS,OCA-MARKER
SI sw  RDX5C SRV,W10,INTEL,PPM
SI sw  07HF9 SRV,DRVR,ESTR,XLOB
SI sw  53M1N SRV,WALLPAPER,INSP
SI sw  WXM2C SRV,BIOS RECOVERY 2
SI sw  334CH SRV,SW,APP,SACLIENT
SI sw  MTC9P SRV,DRVR,CHIPSET,LOKI INTEL
SI sw  K5XHW SRV,DRVR,SERIAL,IO,LOKI INTE
SI sw  YX5WD SRV,DRVR,RTK,USB,LOKI INTEL
SI sw  H6DHY SRV,DRVR,IRST,LOKI INTEL
SI sw  2MHR7 SRV,DRVR,ALC3246,AUD,LOKIINTEL
SI sw  N00CH SRV,DRVR,IHID,LOKI INTEL
SI sw  JX4VR SRV,DRVR,INTL,MEI,LOKI INTEL
SI sw  KYGCX SRV,DRVR,WIFI,3165,LOKI INTEL
SI sw  RT2M2 SRV,APPS,BT,3165,LOKI INTEL
SI sw  3H13G SRV,DRVR,FPR,GOODIX,W/PB,INTEL
SI sw  2DDPC SRV,DRVR,INTL HD GX,LOKI INTEL
SI sw  M1PNR SRV,DRVR,PCIE CTL,LOKI INTEL
SI sw  4GMXD SRV,DRVR,DPTF,LOKI INTEL
SI sw  0PW7F SRV,DRVR,SGX
rem titan BASE10 
SI sw  YR2T2 SRV,SW,CRRS,MUI
SI sw  8170G SRV,SW,SFTCON,CSMR,ALL
SI sw  58R15 SRV,SW,DELL-UPDATE
SI sw  0K1F2 SRV,SW,DROPBOX
SI sw  19G7R SRV,SW,CMS,ESLS,2.X,DVD
SI sw  WPPJ3 SRV,SW,APP,LRN-CTR
SI sw  7VDFT SRV,SW,OTB,SURV
SI sw  W171T SRV,SW,DDRE,CSMB
SI sw  N4V0W SRV,SW,PBRV2-DDRE-LITE
SI sw  KNG45 SRV,SW,APP,KS,RGTN
SI sw  0WJWR SRV,SW,EXCAL-SOS/DDRE,BASE
SI sw  6CVXH SRV,SW,EXCAL,WIN-CMPNT
SI sw  0C7WX SRV,SW,APP,NETFLIX
SI sw  8JGDK SRV,SW,APP,SMARTBYTE
SI sw  PT0YN SRV,SW,MS,XLTR,W10
SI sw  2PGXF SRV,SW,DPM
SI sw  0RR64 SRV,SW,JUMPSTART,W10
SI sw  NGC17 SRV,WINDOWS,REG,PWR
SI sw  57154 SRV,SW,FIST
SI sw  3XMWM SRV,OS,WIN10,MSSI
HW lcd FHD TFT 15.6
HW model 5570 YBXV_15_VAGRY NOTEBOOK NOTEBOOK
INFO D6KX0 INFO,WINDOWS,10
INFO X7V4Y INFO,RYLTY,W10,DOLBY5.1,CODEC
INFO 58548 INFO,SW,UTILITY-PARTITION,10MB
INFO 79DRF INFO,RYLTY,RIVET,SMARTBYTE,5K
INFO 83F5D INFO,IRST,META-PTN,5M
INFO 8564U INFO,SW,DEFAULT,NTFS
INFO M3C3H INFO,RYLTY,WAVES-MAXX,AUD,PRO
INFO NU242 INFO,WINRE-SIZE,15,GB-PTN
INFO D5YR4 INFO,RYLTY,DOLBY,ODD,LIC,W8+
INFO X903C INFO,RYLTY,KYBD,BLIT,XLOB
INFO 3VK86 INFO,RYLTY,CYB,MPEG2,W8+
INFO D6KX0 INFO,WINDOWS,10
INFO 9XP3W INFO,LBL,DEO,ESTAR
INFO 0616F INFO,BOOT,GPT,OVERRIDE
INFO D6KX0 INFO,WINDOWS,10
INFO HNX8N INFO,IE@V,110000
INFO KYWGW INFO,.NET@V,46000
INFO PJ289 INFO,VPEPR
INFO PY79K INFO,.NET@V,50000
INFO TM318 INFO,SLP2,ENABLE,WINDOWS
INFO X0601 INFO,BYPS,UPTN
INFO XP9T9 INFO,BOOT,CNTNR,GPT
INFO W21JJ INFO,GNRC,OEM,TRACKING,PN
INFO W21JJ INFO,GNRC,OEM,TRACKING,PN
INFO W21JJ INFO,GNRC,OEM,TRACKING,PN
INFO W21JJ INFO,GNRC,OEM,TRACKING,PN
INFO CDDD8 INFO,WIN10,HOME
INFO 4T44R INFO,RYLTY,CMS,ESLS,2.X,DVD
INFO 29GT3 INFO,RYLTY,DROPBOX,FI
INFO 2NMGP INFO,WINRE-ADDR,10,GB-PTN
INFO 1WY72 INFO,SW,KS,RGTN
INFO 44C2D INFO,RYLTY,NETFLIX
INFO K53RM INFO,RYLTY,SACLIENT
INFO C2N45 INFO,SW,CRRS,UPDATE
INFO 00159 INFO,1ST BOOT,HARD DRIVE
INFO 4XFT2 INFO,DIRSHP,CMPL,CHENGDU
INFO HXMYH INFO,SWSI,LCD,15.6,TCH
INFO DF3MX INFO,64-BIT,UEFI-MFG,PROCESS
INFO DMXX8 INFO,SWSI,NB,STD,INSP,5570
INFO XPRGW INFO,UEFI-CL3
 

the other 1394 file has such as huge amount of strange symbols I don't think copying it all is practical.    Do either of these files seem to be the likely suspect?   Neither one has the "iqvw64e" label I am looking for.    Thanks again!

Frankwich32

Kudos0

Re: iqvw64e.sys identified as threat

PS -- both of the files cited above were submitted to the www.virustotal.com website and the Dell file was scanned by 65 of the entries and the 1394 ohci file was scanned by 67, and they apparently no threats were found.     I still am unclear whether the "iqwv64e.sys" is contained in either of those two files identified or whether somehow they are "set up" as "decoys" by a real threat.

Frankwich32

Kudos0

Re: iqvw64e.sys identified as threat

PPS -- I think the comments about the individual two files (the Dell file and the 1394ohci file) is a "red herring".     Once I take the cursor away from where I clicked on the iqvw64e.sys link, there are no individual files highlighted, and no eqvw64e.sys appears in the System32 driver section that I can find.

Frankwhich32

Kudos0

Re: iqvw64e.sys identified as threat

The iqwv64e.sys file is a single file on its own. It is not inside another file.

Look in C:/Windows/System 32/Drivers. You should find the file there. Then submit it to virustotal and if that is clean, submit the false positive as I suggested above.

Norton Power Eraser is an aggressive tool that can give false positive detections. Is there some reason you are running NPE? It is not meant as a regular scanner. It is designed to be run if you feel there is some infection that regular Norton scans may have missed.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: iqvw64e.sys identified as threat

Sorry for the delay.   My new windows 10 computer was not connecting me to the one drive properly, so I took it back to the store.    They diagnosed an installation problem, and reinstalled windows, wiping out everything else on the computer in the process.    That resolved the one drive problem.

Working with the newly installed windows 10, the iqvw64e.sys warning has not occurred again.   I'm not sure what to conclude about the prior problem -- was it kicked off by the bad installation, an actual threat, or something else?

For completeness, I located the iqvw64e.sys file in the new system and uploaded it to virustotal.com as you suggested.    The 67 system scans were all clean.

To address your question about NPE, I do use the NPE to indicate potential threats even without particular reason to be concerned, because I like to "go the extra mile" to head off threats that may be sophisticated enough not to interfere noticeably with the daily operations of the system.   I realize I may encounter ambiguous situations.    I would not have brought this issue to your attention except that the NPE identified the file as unambiguously "bad".

Anyhow, thanks for all your help -- I did learn quite a bit during this process.   I am marking this thread as solved.

Frankwich32

Accepted Solution
Kudos0

Re: iqvw64e.sys identified as threat

Yes it does.

This thread is closed from further comment. Please visit the forum to start a new thread.