core.cache.dsk

  DavidM4 20:12 17 Jan 08
Locked

core.cache.dsk keeps getting outted by SUPERAntispyware and Spybot and is give me pop ups galore! The apps pick it up and delete the rascal but low n behold it re-installs itself, help me get shot once and for all! Thanks in advance.

  SANTOS7 20:29 17 Jan 08

How to Remove Core.sys

Follow the instructions below to remove core.sys and core.cache.dsk and rid your computer of the "Powered by Zedo" and other ads.

1) Boot into Safe Mode
2) Click on Start, Search, and choose All Files and Folders
3) In the all or part of file name box, type the following

core.sys

4) In the Look In box, choose local hard drives and click Search
5) When core.sys is found in the c:\windows\system32\drivers directory, right-click on it and choose Delete
6) Repeat steps 2-5 for the file core.cache.dsk
7) Close the Search box
8) Click on Start, Run and type REGEDIT and press Enter
9) Click on the Plus sign (+) next to HKEY_LOCAL_MACHINE
10) Click the plus next to SYSTEM
11) Click the plus next to CurrentControlSet
12) Click the plus next to Services
13) Find the folder called CORE and right-click on it and choose Delete

*** WARNING *** If the folder CORE does not exist, dont do anything

14) Close the Registry Editor by clicking on the X in the right-hand corner of the window

15) Reboot your computer in Normal mode

  DavidM4 21:51 17 Jan 08

Tried this buddy, didn't work.

Search didn't bring up either core.sys or core.cache dsk, thanks for the advice tho.

The regedit never found a core folder either.

  DavidM4 22:11 17 Jan 08

After Googlin it for 4 days this is as close to a cure as I've got, a lot of folk are formatting their drives but I'm hangin on.

  SANTOS7 22:16 17 Jan 08

If you are still getting the popups and your scans show nothing i can only suggest the infection is sat in your system volume info files which is where your restore points are kept they are HIDDEN from any scan so will not show up.
Turn off system restore reboot and turn back on again...

  DavidM4 18:17 18 Jan 08

I can find the core.cache.dsk file in WINDOWS/system32/drivers but I can't delete, move or rename it.

Spybot and SUPERAntispyware can also find it and both claim to delete it but they aint doing.

It says it is use by another program malarkey when I try and mess with it.

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARGH! POP UPS!

  SANTOS7 18:28 18 Jan 08

click here

if you cant rename it then delete it try the prog in the link...

  DavidM4 19:11 18 Jan 08

Good program, let me unlock it and delete it but it came back after reboot.

I deleted it again and went online whilst deleted and I'm still getting pop ups but they are blank, just an IE window.

  SANTOS7 19:21 18 Jan 08

click here

and i think i know why, it is a smitfraud variant scroll down the link till you see a link for combo fix download and run that...

  Burpie 19:29 18 Jan 08

SuperAntispyware and Spybot were capable of removing older variants of this pest, but not the variant you have (yet).

The malware authors "tweak" their code and the anti-malware vendors play catch-up.


"Search didn't bring up either core.sys or core.cache dsk, thanks for the advice tho."

"The regedit never found a core folder either."

This could be because Core.sys is a kernel-level driver and is hiding itself and other files from the Windows GUI. (Rootkit behaviour).


I think you have two choices:

1) Post a HJT Log on a malware removal site and get specialist help to remove it.
This has the advantage that it should result in a complete tidy-up 0f all the crud left behind by this thing (it plasters a fair few dlls into the system as well as Core.sys and core.cache.dsk.


2) If you're fed-up with the thing you can try the following:

Do you have a Windows CD that you can use to access the Recovery Console? (Win XP)

If your hard drive is FAT32 formatted you can use a DOS boot disk that contains Command.com.

Assuming you have a CD:

Boot from the CD and access the Recovery Console- you should see a prompt C:\>WINDOWS.
If you boot from a floppy disk you'll see a prompt C:\>

Navigate to C:\WINDOWS\SYSTEM32\DRIVERS.

Type "del Core.sys" no quotes.

Then type "del core.cache.dsk". no quotes.

Exit Recovery Console and reboot.

The pop-ups should be gone.

As I say, this method will leave a fair few dlls lurking around, but they should be just dross.

More runs with anti-spyware apps might now be able to remove them.

  SANTOS7 19:35 18 Jan 08

Good info Burpie, you up on this sort of stuff..

the HJT forum was me next step

click here

This thread is now locked and can not be replied to.

Nintendo Switch review: Hands-on with the intuitive modular console and its disappointing games…

1995-2015: How technology has changed the world in 20 years

The updated 'Corel Painter inside Photoshop' plugin ParticleShop offers new brushes

Best running headphones | Best sport & fitness headphones: 4 brilliant pairs of wireless…