Hi Guys.
If im browsing with firefox or IE I get inundated with popups from an IE window, I love browsing the net, but these popups makes it really unbearable.
I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work.
Any help you could give me or any advice would be greatly appreciated.
Many thanks Ste
Full Version: Can Any Kind Person Help Me Stop These Popups Please?
Have you run your antivirus software in Safe Mode and/or scanned with any anti-spyware applications? What makes you think that you are infected with the core.cache.dsk malware?
Yes I have tried everything but to no avail.
Superantispyware removes the core.cache.dsk, but after a reboot it returns along with all the ie popups as soon as i start browsing
Superantispyware removes the core.cache.dsk, but after a reboot it returns along with all the ie popups as soon as i start browsing
You may want to read How to Remove Popups from Powered By Zedo and Url.Cpvfeed.com It contains instructions on manually removing core.sys and core.cache.sys.
I was going to suggest you run an online scan but the popups would probably slow it. You may also want to run a boot scan with Avast! antivirus.
I was going to suggest you run an online scan but the popups would probably slow it. You may also want to run a boot scan with Avast! antivirus.
I tried that site, but there is no core.sys file or folder on my pc & I've been using Avast now for years, it doesn't even find the core.ache.dsk file at all:(
Could you post the log from Superantispyware for us to take a look at; there may be other malware present.
QUOTE
I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work
This can be a difficult infection to remove.
There is other malware (a driver) involved which protects the removal of core.cache.dsk. That driver needs to be identified and neutralized first.
Here is the Superantispyware Logfile.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/20/2008 at 02:43 PM
Application Version : 3.9.1008
Core Rules Database Version : 3384
Trace Rules Database Version: 1378
Scan type : Complete Scan
Total Scan Time : 00:37:13
Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 8859
Registry threats detected : 0
File items scanned : 45230
File threats detected : 7
Adware.Tracking Cookie
C:\Documents and Settings\steve j\Cookies\steve_j@hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@doubleclick[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@imrworldwide[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.yieldmanager[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.zanox[1].txt
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/20/2008 at 02:43 PM
Application Version : 3.9.1008
Core Rules Database Version : 3384
Trace Rules Database Version: 1378
Scan type : Complete Scan
Total Scan Time : 00:37:13
Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 8859
Registry threats detected : 0
File items scanned : 45230
File threats detected : 7
Adware.Tracking Cookie
C:\Documents and Settings\steve j\Cookies\steve_j@hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@doubleclick[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@imrworldwide[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.yieldmanager[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.zanox[1].txt
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
Quietman could you please tell me which driver needs to be identified and neutralized?
since i just did that scan with superantispyware to produce the log , i rebooted after it had quarantined the infected files & came on here to post the log, i was bombarded with 9 ie popups:(
since i just did that scan with superantispyware to produce the log , i rebooted after it had quarantined the infected files & came on here to post the log, i was bombarded with 9 ie popups:(
Although SAS indicated core.cache.dsk was removed, it will return. You will need specialized tools to identify the driver and assistance with removal.
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.
When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.
Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Thanks man, will prepare a HijackThis log and get it posted up.
Ok. This infection may be difficult to remove but it can be done. Good luck.
I'll give it a go, if nothing helps ill have to format, which im not looking forward to at all 
I put my hijack this log in the proper forum, just waiting on a response.
ste
I put my hijack this log in the proper forum, just waiting on a response.
ste
I see your hijackthis log is posted here and you are already getting assistance.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
To avoid confusion, I am closing this topic.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
To avoid confusion, I am closing this topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.