Home > General > C:\windows\system32\drivers\core.cache.dsk

C:\windows\system32\drivers\core.cache.dsk

Lucian Bara 26.01.2008 11:16 KAV sos does not have a great rootkit detection, that was enhanched in version 7 only, kav sos is based on version 6. Using the site is easy and fun. No, create an account now. Supplementary Scan . http://anyforgeek.com/general/c-windows-system32-drivers-str-sys.html

Please re-enable javascript to access full functionality. pandarius 31.01.2008 10:34 ok here it is i guess dawgg 31.01.2008 16:54 Just wondering, do you know what the following files are or where they are from or what company?... Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Several functions may not work.

Logged Print Pages: 1 [2] 3 4 ... 8 Go Up « previous next » Avast WEBforum » viruses and worms » viruses and worms (Moderators: Pavel, Maxx_original, misak) » PowerKord Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Use the search function to find the file mrxsmbb.vir.I know it seems like a lot, just take your time and do it one step at a time. 8) « Last Edit:

I fear you may have also been hit with a nasty vundo variant, which attacks exe. Error Type: MyBB Error (40) Error Message: Your board has not yet been installed and configured. I kill it with the task manager, and then quickly open a command prompt window to enter "shutdown -a", because killing the service schedules a system shutdown in 60 seconds.Then no Create Account How it Works Javascript Disabled Detected You currently have javascript disabled.

MyBB MyBB Internal Error MyBB has experienced an internal error and cannot continue. the folders, each have at least one BHO vundo in them. scanning hidden autostart entries ...scanning hidden files ... Drop that down and select Disabled.

Member Posts: 61 Re: PowerKord 's vundo « Reply #26 on: January 13, 2008, 11:11:22 PM » Hi,What service are we trying to delete/disable?Also, is it possible to give me the Click here to Register a free account now! C:\WINDOWS\system32\drivers\core.cache.dsk . . . . Right click on the compressed RegSearch folder, and choose "Extract All".

If you're not already familiar with forums, watch our Welcome Guide to get started. https://forum.kaspersky.com/lofiversion/index.php/t58755.html Show Ignored Content As Seen On Welcome to Tech Support Guy! scan completed successfully hidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]-> C:\Program Files\HyperSnap 6\dxsnap.dll.Completion time: 2008-01-11 22:31:37 - machine was rebootedComboFix-quarantined-files.txt 2008-01-12 03:31:30ComboFix2.txt 2008-01-11 23:49:35ComboFix3.txt 2008-01-11 03:27:31ComboFix4.txt DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\DP83815.SYS [2003-01-01 16512] S3 LxrSG20d;LxrSG20d;\??\c:\windows\system32\Drivers\LxrSG20d.sys [2007-08-17 68672] S3 LxrSG20s;Lexar SG20;LxrSG20s.exe [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35510fe0-48fe-11dd-a6c9-00904b48db47}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52fb330-7e31-11d9-a63e-00038a000015}] \Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure20.exe .

Download Combofix from any of the links below, and save it to your desktop. http://anyforgeek.com/general/c-windows-system32-drivers-smtpdrv-sys.html any other ideas? Completion time: 2008-12-10 11:54:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-12-10 16:54:39 ComboFix2.txt 2008-12-10 10:27:10 Pre-Run: 19,475,562,496 bytes free Post-Run: 19,483,217,920 bytes free 259 --- E O F --- 2008-12-08 18:39:35 Logfile In safe mode delete C:\WINDOWS\system32\drivers\ASLM755.sysC:\WINDOWS\system32\drivers\core.cache.dskand pop-ups will go away.remove / uninstall ASLM755.sys driver from Device Manager (do view>show hidden devices first) it's under Non-Plug and Play Drivers, just to be sure

Not clear to me.Regards,vince Logged oldman Avast Evangelist Massive Poster Posts: 4165 Some days..... Copy and paste the contents of the log in your next reply. Before doing any of the above, I performed a CleanUp scan.Thanks, again. http://anyforgeek.com/general/c-windows-system32-drivers-klif-sys.html the ..\core.cashe.dsk file is all they need?

Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm pandarius 24.01.2008 21:22 superantispyware put it in quarantine, I had forgotten all about Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... failed to delete.((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))).2008-01-11 18:44 . 2008-01-11 18:44

d--------C:\TEMP\tn32008-01-11 18:42 . 2008-01-11 18:42932---------C:\WINDOWS\system32\drivers\core.cache.dsk2008-01-10 20:23 . 2000-08-31 08:0051,200--a------C:\WINDOWS\NirCmd.exe2008-01-10 04:28 . 2008-01-10 07:00189--a------C:\WINDOWS\wininit.ini2008-01-09 22:37 . 2008-01-10 07:26155,648--a------C:\WINDOWS\system32\igfxtray.exe2008-01-09 22:37

failed to delete . ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))) . 2008-01-27 12:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-23 22:19 . 2008-01-23 22:19 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-01-23 22:19

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Invision Power Board © 2001-2017 Invision Power Services, Inc. Re a desktop image, I have none set now, though I have in the past. They seem to center somewhat around setthetrend.com.

Member Posts: 61 Re: PowerKord 's vundo « Reply #15 on: January 12, 2008, 05:45:57 AM » Hello, oldman,Ok, I performed the requested drag and drop. Re the files to scan with virustotal:C:\WINDOWS\System32\DRIVERS\MADFU804.sys - this file is apparently no longer present on my system.mrxsmbb.sys - virustotal reports 0 bytes rec'd. Thread Status: Not open for further replies. http://anyforgeek.com/general/c-windows-system32-drivers-ntndis-exe.html e.j 7.0.0.125 ?

Member Posts: 61 Re: PowerKord 's vundo « Reply #22 on: January 12, 2008, 11:07:14 PM » Hi,I'm again experiencing virus symptoms--popup windows appearing while I'm surfing, perhaps every 20 minutes Thread Status: Not open for further replies. failed to delete.((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))).2008-01-11 22:25 . 2008-01-11 22:25

d--------C:\TEMP\tn32008-01-11 22:24 . 2008-01-11 22:24932---------C:\WINDOWS\system32\drivers\core.cache.dsk2008-01-10 20:23 . 2000-08-31 08:0051,200--a------C:\WINDOWS\NirCmd.exe2008-01-10 04:28 . 2008-01-10 07:00189--a------C:\WINDOWS\wininit.ini2008-01-09 22:37 . 2008-01-10 07:26155,648--a------C:\WINDOWS\system32\igfxtray.exe2008-01-09 22:37 C:\WINDOWS\system32\drivers\core.cache.dsk . . . .

scan completed successfully hidden files: ************************************************************************** .