 Can Any Kind Person Help Me Stop These Popups Please? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
  Jan 19 2008, 01:45 PM
Post
#1
|
|
 New Member  Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874  |
If im browsing with firefox or IE I get inundated with popups from an IE window, I love browsing the net, but these popups makes it really unbearable. I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work. Any help you could give me or any advice would be greatly appreciated. Many thanks Ste |
 |
 
|
|
Jan 19 2008, 05:45 PM
Post
#2
|
|
 Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052 |
Have you run your antivirus software in Safe Mode and/or scanned with any anti-spyware applications? What makes you think that you are infected with the core.cache.dsk malware?
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation.   |
|
|
|
|
Jan 19 2008, 06:28 PM
Post
#3
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
Yes I have tried everything but to no avail.
Superantispyware removes the core.cache.dsk, but after a reboot it returns along with all the ie popups as soon as i start browsing 
|
|
|
|
|
Jan 19 2008, 07:53 PM
Post
#4
|
|
 Senior Member Group: Members Posts: 402 Joined: 23-December 07 From: Wanganui, Aotearoa NZ Member No.: 178,459 |
You may want to read How to Remove Popups from Powered By Zedo and Url.Cpvfeed.com It contains instructions on manually removing core.sys and core.cache.sys.
I was going to suggest you run an online scan but the popups would probably slow it. You may also want to run a boot scan with Avast! antivirus. -------------------- L&P, World Famous in New Zealand since ages ago!  Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This Don't be too open minded - your brains will fall out |
|
|
|
|
Jan 20 2008, 08:41 AM
Post
#5
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
I tried that site, but there is no core.sys file or folder on my pc & I've been using Avast now for years, it doesn't even find the core.ache.dsk file at all:(
|
|
|
|
|
Jan 20 2008, 08:56 AM
Post
#6
|
|
|
Forum Addict Group: HJT Team Coach Posts: 5,271 Joined: 1-April 06 Member No.: 62,052 |
Could you post the log from Superantispyware for us to take a look at; there may be other malware present.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
Jan 20 2008, 09:39 AM
Post
#7
|
|
 Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
QUOTE I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work This can be a difficult infection to remove. There is other malware (a driver) involved which protects the removal of core.cache.dsk. That driver needs to be identified and neutralized first. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009  |
|
|
|
|
Jan 20 2008, 09:51 AM
Post
#8
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
Here is the Superantispyware Logfile.
SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 01/20/2008 at 02:43 PM Application Version : 3.9.1008 Core Rules Database Version : 3384 Trace Rules Database Version: 1378 Scan type : Complete Scan Total Scan Time : 00:37:13 Memory items scanned : 383 Memory threats detected : 0 Registry items scanned : 8859 Registry threats detected : 0 File items scanned : 45230 File threats detected : 7 Adware.Tracking Cookie C:\Documents and Settings\steve j\Cookies\steve_j@hitbox[2].txt C:\Documents and Settings\steve j\Cookies\steve_j@doubleclick[2].txt C:\Documents and Settings\steve j\Cookies\steve_j@ehg-pcsecurityshield.hitbox[2].txt C:\Documents and Settings\steve j\Cookies\steve_j@imrworldwide[2].txt C:\Documents and Settings\steve j\Cookies\steve_j@ad.yieldmanager[2].txt C:\Documents and Settings\steve j\Cookies\steve_j@ad.zanox[1].txt RootKit.TnCore/Trace C:\WINDOWS\system32\drivers\core.cache.dsk |
|
|
|
|
Jan 20 2008, 09:55 AM
Post
#9
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
Quietman could you please tell me which driver needs to be identified and neutralized?
since i just did that scan with superantispyware to produce the log , i rebooted after it had quarantined the infected files & came on here to post the log, i was bombarded with 9 ie popups:( |
|
|
|
|
Jan 20 2008, 09:57 AM
Post
#10
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Although SAS indicated core.cache.dsk was removed, it will return. You will need specialized tools to identify the driver and assistance with removal.
Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator. When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team. Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 |
|
|
|
|
Jan 20 2008, 10:00 AM
Post
#11
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
Thanks man, will prepare a HijackThis log and get it posted up.
|
|
|
|
|
Jan 20 2008, 10:08 AM
Post
#12
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
Ok. This infection may be difficult to remove but it can be done. Good luck.
-------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 |
|
|
|
|
Jan 20 2008, 01:43 PM
Post
#13
|
|
|
New Member Group: Members Posts: 12 Joined: 15-December 05 Member No.: 44,874 |
I'll give it a go, if nothing helps ill have to format, which im not looking forward to at all
I put my hijack this log in the proper forum, just waiting on a response. ste |
|
|
|
|
Jan 20 2008, 03:10 PM
Post
#14
|
|
|
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513 |
I see your hijackthis log is posted here and you are already getting assistance.
From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean. To avoid confusion, I am closing this topic. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009 |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 04:52 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.