If your computer was infected, you got popups everywhere, the popups were appearing in Internet Explorer as well as Firefox and all popup blockers were not stopping the invasion.
The popups had several ad networks:
url.cpvfeed.com
upspiral.com
searchlocal.ws
xads.zedo.com
aavalue.com
Spybot found Smitfraud-c.core and and cant remove it, file core.cache.dsk. comes back every time when you reboot.
Download HijackThis and save the file to your desktop. Double click on the file for install.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your desktop.
Download Combofix by sUBs and save to your desktop.
Download CCleaner. Double click on the file for install.
Reboot your computer in Safe Mode by doing the following:
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:
O20 – Winlogon Notify: ****** -******.dll (file missing)
Where ****** is random chars, agggdbc for example (google this dll for confirm)
Close all browser and other windows except for HijackThis. Click “Fix Checked”.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd.
Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).
You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.
Run Combofix.
Close any open browsers. Double click on combofix.exe and follow the prompts.
Run CCleaner.
Click Analyze button. After scan your system, click Run Cleaner.
Download and install SuperAntiSpyware Home Edition Free Version.
Now Start SuperAntiSpyware. On the main screen click on ‘Scan your computer’. Check: ‘Perform Complete Scan’. Click ‘Next’ to start the scan.
Superantispyware will now scan your computer,when it’s finished it will list all/any infections found. Make sure everything found has a checkmark next to it,then press ‘Next’. Click on ‘Finish’ when you’ve done.
If you are still having problems with spyware after completing these instructions, it`s possible, then please follow the steps: How to use Spyware Removal Forum
Include into your post follow logs:
smitfraudfix log (can be found at the root of the system drive, usually at C:\rapport.txt)
combofix log
superantispyware log
Start pc in safe mode. Remove from file types dsk (tools/folder options/file types). Find core.cache.dsk (c:/windows/system32/drivers/) > right click > properties > remove archieve check > click read only > ok. Search for any recently suspicious programs created in search > when was it modified > specify date > created on (when infection suspected) .exe\\\\\\\\\\\\\\\’s and check publisher, delete if unknown of. Restart. Solved. Basically leaving it in read only mode disables it and renders it harmless. Happy surfing.
I also had Core.cache.dsk as a problem on my system but I stumbled upon a fix that worked for me.
I am by no means an expert on these malware issues but maybe someone here who is can
rationalize how I managed to clear this so simply.
What i did was this;
First i restarted the system in safe mode
second i found the Core.cache.dsk file
then i changed its file extension to .txt (Core.cache.txt)
I then opened the file with notepad and deleted its contents and saved it
then i changed its extension back to .dsk (Core.cache.dsk) and opened
the properties dialog and made it read only.
I downloaded the free version of Superantispyware and let it do its thing
and viola the system was clean even after several reboot checks.
I had core.cache.dsk, couldnt get rid of it. I just tried Kevins solution – seems to have worked fine. Only thing is when you boot in safe mode, I had to select safemode with networking inorder to sign on. Thank you kevin.