Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Any Kind Person Help Me Stop These Popups Please?


  • This topic is locked This topic is locked
13 replies to this topic

#1 horsemouth

horsemouth

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 19 January 2008 - 01:45 PM

Hi Guys.
If im browsing with firefox or IE I get inundated with popups from an IE window, I love browsing the net, but these popups makes it really unbearable.

I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work.

Any help you could give me or any advice would be greatly appreciated.

Many thanks Ste

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 19 January 2008 - 05:45 PM

Have you run your antivirus software in Safe Mode and/or scanned with any anti-spyware applications? What makes you think that you are infected with the core.cache.dsk malware?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 19 January 2008 - 06:28 PM

Yes I have tried everything but to no avail.

Superantispyware removes the core.cache.dsk, but after a reboot it returns along with all the ie popups as soon as i start browsing :thumbsup:

#4 Tomo2

Tomo2

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wanganui, Aotearoa NZ
  • Local time:11:55 AM

Posted 19 January 2008 - 07:53 PM

You may want to read How to Remove Popups from Powered By Zedo and Url.Cpvfeed.com It contains instructions on manually removing core.sys and core.cache.sys.
I was going to suggest you run an online scan but the popups would probably slow it. You may also want to run a boot scan with Avast! antivirus.

L&P, World Famous in New Zealand since ages ago!
Posted Image
Avast! Antivirus : Spybot S&D : Trend Micro Housecall : Hosts file : HiJack This
Don't be too open minded - your brains will fall out


#5 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 January 2008 - 08:41 AM

I tried that site, but there is no core.sys file or folder on my pc & I've been using Avast now for years, it doesn't even find the core.ache.dsk file at all:(

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 20 January 2008 - 08:56 AM

Could you post the log from Superantispyware for us to take a look at; there may be other malware present.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 20 January 2008 - 09:39 AM

I have read and re-read about removing the core.cache.dsk file from system32/drivers, but nothing i have tried seems to work

This can be a difficult infection to remove.

There is other malware (a driver) involved which protects the removal of core.cache.dsk. That driver needs to be identified and neutralized first.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 January 2008 - 09:51 AM

Here is the Superantispyware Logfile.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 02:43 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 00:37:13

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 8859
Registry threats detected : 0
File items scanned : 45230
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\steve j\Cookies\steve_j@hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@doubleclick[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ehg-pcsecurityshield.hitbox[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@imrworldwide[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.yieldmanager[2].txt
C:\Documents and Settings\steve j\Cookies\steve_j@ad.zanox[1].txt

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

#9 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 January 2008 - 09:55 AM

Quietman could you please tell me which driver needs to be identified and neutralized?

since i just did that scan with superantispyware to produce the log , i rebooted after it had quarantined the infected files & came on here to post the log, i was bombarded with 9 ie popups:(

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 20 January 2008 - 09:57 AM

Although SAS indicated core.cache.dsk was removed, it will return. You will need specialized tools to identify the driver and assistance with removal.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 January 2008 - 10:00 AM

Thanks man, will prepare a HijackThis log and get it posted up.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 20 January 2008 - 10:08 AM

Ok. This infection may be difficult to remove but it can be done. Good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 horsemouth

horsemouth
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 20 January 2008 - 01:43 PM

I'll give it a go, if nothing helps ill have to format, which im not looking forward to at all :thumbsup:

I put my hijack this log in the proper forum, just waiting on a response.

ste

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:55 PM

Posted 20 January 2008 - 03:10 PM

I see your hijackthis log is posted here and you are already getting assistance.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users