Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Core.cache.dsk


  • This topic is locked This topic is locked
9 replies to this topic

#1 WCBoudreaux

WCBoudreaux

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 31 January 2008 - 09:06 PM

Hey guys, I'm a DJ for an online radio service, and I've recently been invaded by the Core.Cache.Dsk thingy... It's really effecting my radio station, because of the random pop-ups it generates... Any help in removing this thing, would be MUCH APPRECIATED... Here's my HiJackThis log attached to my post... Hope this helps...

I've downloaded, and run all of the programs in the "Preparation Guide"... And followed the instructions to the letter...

Thanks In Advance!

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:27 PM

Posted 31 January 2008 - 10:09 PM

Hello WCBoudreaux, DJ Extraordinaire!

Welcome to Bleeping Computer :blink:

Let's get rid of this critter..........it'll take a couple of posts, at least, so please be patient. :thumbsup:

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 WCBoudreaux

WCBoudreaux
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 31 January 2008 - 10:54 PM

Tea!

Thanks for the warm welcome! Glad to be here! When this is all over, I'm going to give you guys MAD PROPS on air! You, and the site!

Ok, here's my Combofix log, and HiJackThis log as well...

Again, thank you for your assistance in this matter!

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:27 PM

Posted 31 January 2008 - 11:24 PM

Hello,

You're welcome. :blink:

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\wmilibb.sys

Driver::
wmilibb


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Did you used to run Norton Symantec? I still see traces in your log, but also that you use AVG now.

Please let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 WCBoudreaux

WCBoudreaux
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 31 January 2008 - 11:51 PM

Hey Tea, so far, it seems to have done the trick... I haven't had a popup yet... Thank You!

I DID use Norton Symantec at one time... But something happened, and it started blocking all my ports... At random... If I recall correctly... So I ditched it, and use AVG now... With ZoneAlarm... Not sure if that was a wise move, but I had to come up with something quickly that day...

And, as requested, here's the 2 logs...


Again, thank you very much... Be looking for a donation very soon...

Will

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:27 PM

Posted 01 February 2008 - 12:02 AM

Hi Will,

You're most welcome. :thumbsup:

I'd say that was a very wise move, for several reasons. AVG is good, and you can't beat the price tag. :blink:

Just some leftovers now :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Still running well?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 WCBoudreaux

WCBoudreaux
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 01 February 2008 - 12:59 AM

Running great! Thanks!

There is only one issue... This line :

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

Apparently has something to do with my Radio Station... Because now, I get an error when trying to open my studio... Is there a way to restore that one line?

Again, thanks for solving this issue!

#8 WCBoudreaux

WCBoudreaux
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 01 February 2008 - 01:07 AM

Nevermind! I got it! It was something else... But it's all back and running great! Again, thank you sooooo much! And no more popups! w00t

:thumbsup:

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:27 PM

Posted 01 February 2008 - 01:11 AM

Hi Will,

Usually, when an entry says (no file) or (file missing) there really isn't a file there. Sorry about that. It can be restored :blink:

To restore the backups:
  • Open HiJackThis
  • Click on "View the list of Backups"
  • Place a check mark next that entry
  • Click Restore
  • Click Yes
  • Reboot your computer
Let me know for sure that you got it back. :thumbsup:

You're most welcome for the help. :)

tea

LOL....we cross posted. Glad you got it back. :wacko:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:27 PM

Posted 17 February 2008 - 04:42 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users