Go Back   Cyber Tech Help Support Forums > Software > Malware Removal


Topic Tools
Old February 16th, 2012, 09:03 AM
pdreschnack pdreschnack is offline
New Member
Join Date: Feb 2012
Posts: 1

Hello gentlemen,

I believe that I have a virus. I have a business email at Medscape.com.
I receive email normally. I have Outlook on my computer for my private emails, but the problem only affects my business emails at Medscape.

Here it is: When I hit the reply button this immediately pops up in my reply:

"My name is Mr. Martin Johnson, a Business and Oil Merchant in Venezuela and some Oil region in Asia, I have been diagnosed with esophageal cancer which was discovered very late,Now that my health has deteriorated so badly.

I am From Swiss but in Dominican Republic hospital now were am receiving
treatment which I discussed with the doctor to discharge me back to my country
but I don't think I will survive it. Although, all powers belong to God.

I have $500,000,000.00, I want to transfer to your country for
investment on properties or hotel as you may chose and I need your assistance to
receive the fund and also invest the money for me. I will give you details as
soon as you respond.

Lets get this done urgently and finalize this transaction with you as the
beneficiary before my arrival in your country for partnership investment
agreement. Note that you will have 25% as of the total sum as when the funds get
into your hands for investment, while 5% will be expenses for both parties
before sharing.
reply to my private email: mart.jons@one.co.il

Martin Johnson"

I run Norton Power Eraser and it tells me that it has removed rikvm.sys, but as soon as it reboots, it is back again. I ran Super AntiSpyware, and that doesn't get rid of it. I hear it may be an MBR infection, but I don't know more then that. I need some help. Thanks!


Reply With Quote

Old February 16th, 2012, 11:23 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
Join Date: Dec 2004
Posts: 51,968
Welcome to CTH pdreschnack,

Right off, have you contacted Medscape about this issue, to get info from them? Have you tried logging out of Medscape, clearing all cookies and browser caches, then logging back in, and trying a Reply then?

That "rikvm.sys", oddly enough, only seems to be found by that Norton tool. Let's go ahead and get a detailed look at things, then make decisions on what we need there.

If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.


Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.


Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.


Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • {i}If avast! antivirus is already installed, just do the next step.{/i}
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.
Reply With Quote


Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +1. The time now is 08:09 AM.