 |
Intel Contributor
|
 |
|
Intel Classification
|
|
|
This intel has been classified as Existing Authored Content, which means it was authored by the contributor, and first appeared on the contributor's blog or website.
|
|
Navigation
|
|
|
Sign Up!
|
|
|
Not a member yet? You're missing out on one of the most powerful website promotion resources on the web. Sign up and join the party.
|
|
About Qassia
|
|
|
Find out more about Qassia by reading our About Us page, if you haven't done so already. Or you could skip straight to the Sign Up form.
|
|
|
  |  PRINT THIS INTEL  EMAIL THIS INTEL |
|
core.cache.dsk Virus Removal Howto
I had been plagued by this extremely annoying trojan for 2 straight days. It was a real pain when I had to face an endless barrage of ad popups. I tried using AVG to remove it but failed to do so. I then downloaded the Spyware Terminator 2 but sadly that failed too. Finally I downloaded Spyware Doctor through the google pack. It didn't remove it, but it at least helped me identify the faulty file. It was "core.cache.dsk" in my windows/system32/drivers folder. It however, just didn't let me delete it. I tried using killbox, but that wouldn't work either. I had a dualboot operating system with ubuntu and windows xp, so I tried booting into ubuntu and then deleting the file. To my surprise, there was not core.cache.dsk in the above mentioned folder. I got a hint that the file is created only when windows loads up. I then tried booting up windows xp in safe mode...again there was no file in there. Then I got the idea that there must be some other file in the windows/system32/drivers folder that must actually be responsible for generating the virus file. To find the file I followed the following steps: * Right click in the windows/system32/drivers folder and select arrange icons - modified. This will arrange the icons according to the date they were modified.
* The last 3 files in the folder were the latest. They included the spyware terminator driver, the spyware doctor driver and then there was a suspicious 3rd one, amdk77.sys. Now I know that there is an amdk7 but whats with an amdk77.sys. Upon further investigation, I discovered that there already was an amdk7.sys present in the folder, so this one wasn't supposed to be there. Secondly it was created on the same date as my system infection, 30th of January 2008. So, I figured out that the core.cache.dsk virus actually replicates one of the files in the system32 folder and adds a random number to the end of the filename and uses it to create the core.cache.dsk file each time windows boots. So, if it likes a file, as in my case, amdk7.sys....its going to create a file called amdk77.sys and place it in the folder. It may not always be a file named amdk77.sys though, it can be something else as well, so the best thing is to look for clues and their dates of creation. I was still in safe mode so I deleted the file and voila, when I booted back normally into windows, the file core.cache.dsk didn't get created!! I hope this gives you a clear insight onto how to get rid of this little bugger! Also remember that you can delete the file only when you are in safe mode, otherwise windows won't let you delete any file in the system32/drivers folder. Before deleting any file in that folder, you have to be absolutely sure what you are doing. Good luck!
|
|
|
|
Contributor's Note
I wanted to share how I removed the core.cache.dsk virus from my computer. This post can also be found on my website. If you found this post useful, don't forget to comment.
|
|
|
|
|
|
| Copyright Notice: All Rights Reserved. | |
Added by ukjadoon on May 6, 4:17 PM.
|
