Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected; Core.cache.dsk


  • Please log in to reply
6 replies to this topic

#1 Cheez23

Cheez23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 23 May 2008 - 04:38 PM

After googling the symptoms of my PC, I've discovered I have been infected with a somewhat common piece of adware;
Core.Cache.dsk
Every time I open firefox, I get plastered with IE popups every time I open a new page.
It's in my C:\WINDOWS\system32\drivers folder.
I am running Windows XP Professional Edition SP2, and the only time this is a bother is when I have firefox open. My PC is on Auto-Update from Windows, and is at the current updated version.
I already have Webroot Spysweeper, and AVG-Free Antivirus edition. I've run scans on both, and they come back blank.
I am willing to download any type of adware, spyware, or virus removal software to attach logs; Just anything to help get rid of this annoying file!
I've tried going into safe-mode and deleting it already, it just kept coming back every time I would reboot. Every time I try to delete it in normal XP mode, it tells me the file is in use. I've checked processes under Task Manager, and there is no process named "Core.Cache.dsk", or anything even similar.

Please, help!

Here is a screenshot of what the popups look like:
http://img518.imageshack.us/img518/7291/73257987gw7.jpg

Also, I have heard that most people who have "Core.Cache.dsk" also have "Core.sys". I do NOT have this file, unless it is not also in C:\WINDOWS\system32\drivers folder.

Edited by Cheez23, 23 May 2008 - 04:55 PM.


BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 23 May 2008 - 05:03 PM

I may be wrong but I think you will end up in the HJT section to get rid of this as all links from a google search manage to find threads IN HJT sections which use very powerful tools to get rid of it



TRY this


Superantispyware; guide on how to install and run


If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program


see what IT finds BUT I THINK you may need more powerful tools than are available this side OF the HJT section

#3 Cheez23

Cheez23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 24 May 2008 - 12:36 PM

I installed SUPERAntiSpyware, and when I began the scan, everything was going fine, until it got to a .DAT file in my FireFox profile folder. The moment it began to scan it, the program kept scanning the single file, never stopping. I let it keep scanning until it had been scanning the 150 kb or so file for over an hour. I backed up the file on my flash drive, then after deleting it on my HD rescanned. This time, the software had the SAME effect on the next .DAT file. This happened about 3 times before I just backed up all the .DAT files on my flash drive, and rescanned. Then, after getting to about the 900th file (Every time the software had aborted at around file 880), the scanner kept scanning my Windows Media Player.exe file for about 10 minutes before I just closed down the software.

Any other software I could use?

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 24 May 2008 - 12:57 PM

I have another tool you can try; take a system restore point NOW

then try this tool

from experience you need to I suggest clear your temp internet files folder

the grab this stand alone tool called stinger


http://vil.nai.com/vil/averttools.aspx#002

the exe you need is
http://download.nai.com/products/mcafee-avert/stinger.exe

you download IT to somewhere safe, so you know where to find it; then make sure you have a shortcut to your desktop; ;as I say it is a stand alone product that needs NO 'updating'

when you open the desktop shortcut you will see the program

under preferences, click on BOTH targets, on virus detection select repair ; on detection, go for everything BUT the top left two options; if you have any other than the C drive to scan?you ned to add it in the add directory section

once you have this program on board; please go OFF line to scan and set it off TO scan; it MAY take some time so let it run; let us know what if anything it finds?

#5 Cheez23

Cheez23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 24 May 2008 - 02:49 PM

Ok, just finished scanning, (And yes, it did take a good time) and Stinger came back with nothing.
Should I go ahead and post this problem in the HJT section?

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 24 May 2008 - 03:08 PM

lets try another tool maybe?


http://www.emsisoft.com/en/software/free/ asquared

exe is http://download6.emsisoft.com/a2FreeSetup.exe

download IT to somewhere safe ; install it and this DOES need FULLY updating !!!
once fully updsated I suggest you reboot and run the scan OFF line on a DEEP computer scan

this WILL take a wee while TOO to run and it too will produce a report;I suggest again you take a system restore point NOW BEFORE you run the scan




you can also run this tool
instructions created by Mod Boopme and quoted from thread http://www.bleepingcomputer.com/forums/ind...l=malawarebytes


Boopme

download Malwarebytes Anti-Malware
http://www.besttechie.net/tools/mbam-setup.exe

and save it to your desktop. Do Run from normal mode.
alternate download link 1 http://malwarebytes.gt500.org/mbam-setup.exe
alternate download link 2 http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Acan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



see what they produce; these two MAY take a while to run so be prepared

(ALL the direct exe links have been checked for validity at time of posting this )

you may yet end up IN the HJT section but lets see these scans results?

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:54 AM

Posted 24 May 2008 - 04:58 PM

Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".
-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"
-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.

When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users