My dad has had a laptop for a year now, it had used F-Secure for the year, and now we updated it to Norton 360 Premier Edition.
As the Norton was installed, it soon gave an alert of a serious problem in the computer, and required to install some files.
After a couple re-start and new Norton tools, it said that there's a file "c:\windows\system32\drivers\rikvm_*serialnumber*.sys" in "bad condition" and removed it after saving a system restoration point.
What is this file, and how can it be faulty?
rikvm_ is a know rootkit that is used disable the system config, it works by disabling boot after a short time. You don't want or need it, its safe to disable/remove and shouldn't be on your system.
Well Norton removed it, but now it got the same error..
It is replaced after every reboot.
You'll probably need to format and reinstall windows.
I'll take a more in depth look when I get home.
(2013-07-23 18:49)Roba Wrote: [ -> ]Well Norton removed it, but now it got the same error..
Any elaboration on the error? Have you tried combofix? if it will run.
Nice find lamp, I checked the community at virus total but the information I found wasn't as good as I would of liked.
The microsoft tool you gave a link to, lamp, says the computer is clean, but Norton Power Eraser finds it.
Thanks for the replies though..
So on the microsoft replies they say that it affects system configuration, and will eventually disable the system booting?
Someone also said it's because of CyberLink programs? Any confirmation on that?
And if it doesn't come from CyberLink programs, where does it come?
(2013-07-23 19:02)Fiona Wrote: [ -> ] (2013-07-23 18:49)Roba Wrote: [ -> ]Well Norton removed it, but now it got the same error..
Any elaboration on the error? Have you tried combofix? if it will run.
Sorry but I don't understand what you mean
Well it has disappeared now, after he deleted all the CyberLink programs..
We assume it was because of the CyberLink programs, as it hasn't came back anymore after those were deleted.. Might be lucky co-incidence though, never know.
Anyway, this is solved and may be closed
