A few days ago, my Norton Internet Security 2012 crashed and popped up a link to download their Norton Power Eraser to fix the problem.
I follow the instruction and ran the scan with root kit, turn out there is a file name RIKVM_38F51D56.SYS under the C:\Windows\System32\drivers and infect the MBR. The file is invisible and can't be found at all. Only NPE can sees it. i ran it couple time and it kept coming back. I was very puzzled and tried to do some research. I googled RIKVM and only a very few record but with differet file name like RIKVM_xxxxxxxx.sys.
It seems that no one really know what / where it came from. I also searched the registry with 38F51D56 and i got some hit all relate to CyberLink, I then kept digging, and found the source, it's from CyberLink Product under the Services ( kmsvc.exe). It creates some type of dynamic driver (RIKVM_xxxxxxxx.sys) in MBR everytime computer reboots.
I guess my question is, it's obviously some type of root kit from cyberlink, but i have no idea what it does, right now i have the service turn off from start up and everything seems to be fine, power dvd is still working.
If i have to guess, this might be some type of security they run behind the use that relate to blu-ray and / or to collect user's data? contact cyberlink is no help, no respond. their KB is useless, can't find anything about rikvm nor kmsvc.exe.
Anyone has any idea?
I follow the instruction and ran the scan with root kit, turn out there is a file name RIKVM_38F51D56.SYS under the C:\Windows\System32\drivers and infect the MBR. The file is invisible and can't be found at all. Only NPE can sees it. i ran it couple time and it kept coming back. I was very puzzled and tried to do some research. I googled RIKVM and only a very few record but with differet file name like RIKVM_xxxxxxxx.sys.
It seems that no one really know what / where it came from. I also searched the registry with 38F51D56 and i got some hit all relate to CyberLink, I then kept digging, and found the source, it's from CyberLink Product under the Services ( kmsvc.exe). It creates some type of dynamic driver (RIKVM_xxxxxxxx.sys) in MBR everytime computer reboots.
I guess my question is, it's obviously some type of root kit from cyberlink, but i have no idea what it does, right now i have the service turn off from start up and everything seems to be fine, power dvd is still working.
If i have to guess, this might be some type of security they run behind the use that relate to blu-ray and / or to collect user's data? contact cyberlink is no help, no respond. their KB is useless, can't find anything about rikvm nor kmsvc.exe.
Anyone has any idea?
Facebook
Twitter
Instagram