Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Power Eraser


  • Please log in to reply
5 replies to this topic

#1 arthurbruinbear

arthurbruinbear

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 27 January 2012 - 12:34 PM

My son has been using my laptop of late, and things started happening. Windows Instant Messaging is now on my desktop. My internet settings keep changing. I get a Blue Tooth error message.
Norton 360 doesn't find anything. Norton Power Eraser (NPE) located a file rikvm_C6F09094.sys, and "removes" it, but it keeps coming back. Anyone else encountered this fun little friend?

Edited by hamluis, 27 January 2012 - 12:55 PM.
Moved from Win 7 to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 27 January 2012 - 09:23 PM

Do you use a Cyberlink Webcam?

it would seem that the driver is related to CyberLink and not a rootkit.

Please download SystemLook from jpshortstuff and save it to your Desktop
Link 1
Link 2
  • Double-click the SystemLook and copy/paste the following into the box
    :regfind
    rikvm
    C6F09094
    
  • Hit the Look button. Let it finish the scan, this may take a while.
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Edited by boopme, 28 January 2012 - 10:33 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 arthurbruinbear

arthurbruinbear
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 27 January 2012 - 11:21 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 23:19 on 27/01/2012 by Di Lorenzo Family
Administrator - Elevation successful

========== regfind ==========

Searching for "rikvm"
No data found.

Searching for "C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLKMDRV10_C6F09094]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"Service"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"DeviceDesc"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000\Control]
"ActiveService"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLKMSVC10_C6F09094]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLKMDRV10_C6F09094]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"Service"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"DeviceDesc"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CLKMSVC10_C6F09094]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLKMDRV10_C6F09094]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"Service"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000]
"DeviceDesc"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLKMDRV10_C6F09094\0000\Control]
"ActiveService"="CLKMDRV10_C6F09094"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CLKMSVC10_C6F09094]

-= EOF =-

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:04 AM

Posted 28 January 2012 - 09:01 PM

Hello,

Yes, that definitely belongs to cyberlink (and you have the cyberlink suite installed on your PC).

This is a false positive from Norton.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 arthurbruinbear

arthurbruinbear
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 22 February 2012 - 02:05 PM

Sorry it took so long to reply. We just closed on a house, moving, & my son went to Germany as a foreign exchange student. So I ran the Eset scan and this was all that was saved in the text file.............

C:\Users\Di Lorenzo Family\Downloads\installer_adobe_flash_player_English.exe Win32/Vittalia application

Since we have started this little journey, Google informed me that there has been excessive traffic (for lack of a better term)from my account and that it might be suspended. Google suspects a malware problem. I also found out that my wife has been using my laptop to shop with and now I have Babylon on board. Sorry if this complicates things.

#6 bob_white

bob_white

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 18 March 2012 - 05:22 AM

I have the same problem with this file : rikvm_C6F09094.sys

For no apparent reason I suddenly found that NONE of the Norton Internet Security 2012 tools would work - in fact the entire suit would not even open, not even the uninstall tool, and yet Norton was giving an error, listed as : error 8504,104
and advised downloading and running the Norton Power Eraser.

This I did and found the file rikvm_C6F09094.sys marked as 'Bad'. Norton Power Eraser said that it would be removed if I restarted my PC, which I did.
Result = Nothing.

Norton Internet Security still does not work (even in Safe Mode) and I'm still getting the error code 8504,104 and NPE still lists this file as 'Bad'.

Can't remove Norton from my PC, and now have no security (apart from Windows 7 own) to protect my 4 month old machine.

Would downloading & running the 'free' AVG security program help?

Yes, I DO have Cyberlink DVD Deluxe on my machine (it came already loaded by Hewlett Packard) so I'm hoping this irritating file has something to do with that program and is being shown as a false positive by Norton Power Eraser.

However, I am still no better off with Norton, as it won't work and it can't be uninstalled (even via the Control Panel).

Any help offered with this problem would be gratefully appreciated. It's driving me nuts.

Note: Contacted Norton, and all they said was to start my PC in Safe Mode, then run a full system scan. My question is - how, if Full System Scan doesn't work.

By the way, Norton want to charge $99.99 for extra help from one of their staff.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users