|
  |
|
|
core.cache.dsk Virus Removal Howto
I had been plagued by this extremely annoying trojan for 2 straight days. It was a real pain when I had to face an endless barrage of ad popups. I tried using AVG to remove it but failed to do so. I then downloaded the Spyware Terminator 2 but sadly that failed too. Finally I downloaded Spyware Doctor through the google pack. It didn't remove it, but it at least helped me identify the faulty file. It was "core.cache.dsk" in my windows/system32/drivers folder. It however, just didn't let me delete it. I tried using killbox, but that wouldn't work either. I had a dualboot operating system with ubuntu and windows xp, so I tried booting into ubuntu and then deleting the file. To my surprise, there was not core.cache.dsk in the above mentioned folder. I got a hint that the file is created only when windows loads up. I then tried booting up windows xp in safe mode...again there was no file in there. Then I got the idea that there must be some other file in the windows/system32/drivers folder that must actually be responsible for generating the virus file. To find the file I followed the following steps: * Right click in the windows/system32/drivers folder and select arrange icons - modified. This will arrange the icons according to the date they were modified.
* The last 3 files in the folder were the latest. They included the spyware terminator driver, the spyware doctor driver and then there was a suspicious 3rd one, amdk77.sys. Now I know that there is an amdk7 but whats with an amdk77.sys. Upon further investigation, I discovered that there already was an amdk7.sys present in the folder, so this one wasn't supposed to be there. Secondly it was created on the same date as my system infection, 30th of January 2008. So, I figured out that the core.cache.dsk virus actually replicates one of the files in the system32 folder and adds a random number to the end of the filename and uses it to create the core.cache.dsk file each time windows boots. So, if it likes a file, as in my case, amdk7.sys....its going to create a file called amdk77.sys and place it in the folder. It may not always be a file named amdk77.sys though, it can be something else as well, so the best thing is to look for clues and their dates of creation. I was still in safe mode so I deleted the file and voila, when I booted back normally into windows, the file core.cache.dsk didn't get created!! I hope this gives you a clear insight onto how to get rid of this little bugger! Also remember that you can delete the file only when you are in safe mode, otherwise windows won't let you delete any file in the system32/drivers folder. Before deleting any file in that folder, you have to be absolutely sure what you are doing. Good luck!
|
Contributor's Note
I wanted to share how I removed the core.cache.dsk virus from my computer. This post can also be found on my website. If you found this post useful, don't forget to comment.
|
|
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
The copyright for this content entitled "core.cache.dsk Virus Removal Howto" has been specified by the contributor as:
All Rights Reserved
This content may not be copied, distributed or adapted by anyone under any circumstances.
|
 |
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
