Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan.cachecachekit in rdriv.sys

  • Please log in to reply
3 replies to this topic

#1 Nereid


  • Members
  • 0 posts
  • Local time:12:55 PM

Posted 22 July 2005 - 09:19 AM

Norton detects Trojan.cachecachekit in rdriv.sys but cannot delete it.

I have deleted all registry entries related to this according to Symantec and other sources on the web.

I disabled some in MSConfig/Startup but cannot get osoa to go away.

I then started in Safe Mode and ran Norton. I'm sure it said it cleaned it. I restarted and scanned and there was nothing but then I scanned again and it detected it again.

I started in Safe Mode again and deleted all files including rdriv.sys but this doesn't help.

What have I missed?


BC AdBot (Login to Remove)


#2 River_Rat


  • Members
  • 773 posts
  • Gender:Male
  • Location:SW Oklahoma - USA
  • Local time:12:55 PM

Posted 22 July 2005 - 11:58 AM

See this article:
Taking out the Trash

See this article:
Deleting Stubborn Files

Have you tried a complete cleaning to see if that helps?
Show all Files & Folders
Try these free tools.
Trendmicro (free virus scan only)
Adware SE (update after installing)
Spybot S&D (update after installing)

After doing this and the problems are not better feel free to post a HJT log.
Be sure to read the How to submit a HJT Log and submit it to the appropriate forum. HJT Forum links provided below.

How to submit a Hijackthis Log
HJT Forum

Edited by River_Rat, 22 July 2005 - 12:00 PM.

#3 groovicus


  • Security Colleague
  • 9,963 posts
  • Gender:Male
  • Location:Centerville, SD
  • Local time:11:55 AM

Posted 22 July 2005 - 12:02 PM

That is essentially a rootkit... well, not exactly. It is a file that hides other files, so just deleting what you see won't do it. There are hidden processes happening that you will need someone that is used to dealing with this type of thing to help you out. Use the last two links that RiverRat gave you to get you on the right track.

#4 rmm55


  • Members
  • 35 posts
  • Local time:12:55 PM

Posted 22 July 2005 - 12:48 PM

If you feel up to it, go to www.sysinternals.com and download processexplorer, autoruns and rootkitrevealer. Use processexplorer first to see if there are any un-published rogue processess running hidden. But first follow RR's instructions.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users