On Apr 7, 2:41 am, thang <thang> wrote:
> On Fri, 06 Apr 2007 11:33:50 +0200, FredW <f...@ninmule.invalid>
> wrote:
>
>
>
>
>
> >After serious thinking thang wrote :
> >> On Thu, 05 Apr 2007 13:29:09 +0200, FredW <f...@ninmule.invalid>
> >>> thang used her/his keyboard to write :
> >>>> On 4 Apr 2007 1817 -0700, "Gerald309" <gerald...@gmail.com> wrote:
>
> >>>>> SUPERAntiSpyware [working-freeware, and premium version]
> >>>>>http://www.superantispyare.com
>
> >>>>> a-squared trojan remover (Free Working Version for life and Proactive
> >>>>> Premium Version)
> >>>>>http://www.emsisoft.com/en/software/free/
> >>>>> a-squared (a-squared) is a complementary product to antivirus software
> >>>>> parties. To be able to use it, you only must set up a free a-squared
> >>>>> Account, to get access to the update server. (Note you register by
> >>>>> simple sign up to activate definitions downloads free).
>
> >>>> By the way, the first link to Antispyware.com is bad. Bewildering
> >>>> array of spam, search engines and software companies all uninvited and
> >>>> unsatisfying. The second one appears good, though - I'll try it in a
> >>>> minute (30 day trial).
>
> >>> Typo?
> >>>http://www.superantispyware.com/download.html
> >>> (SuperAntiSpyware Free Edition - version 3.6.1000)
>
> >>> For the second one registration is not (no longer) required.
> >>> (a-squared Free 2.1)
> >>>http://www.emsisoft.com/en/software/download/
>
> >> Sorry bud, I have run the a-squared 30 day trial fully enabled
> >> anti-malware. It has not picked up the url.cpvfeed.com infection,
> >> this is NOT coming from my temp, cookies or IE history caches, and the
> >> a-squared has left a HUGE 4.2GB folder called a2archive in my temp
> >> folder. What the hell is that? Thanks, but no thanks. I don't think
> >> I will try the free one.
>
> >Weekly I update and scan with
> >- a-squared Free 2.1
> >- AdAware 1.06r1 (Free)
> >- Spybot Search & Destroy 1.4 (Free)
> >- SuperAntiSpyware 3.6.1000 Free
> >I never had the problems you describe (huge folder).
>
> >Did you clean all temp files, etc. before scanning?
> >Did you scan in Safe Mode?
>
> >Did you scan with SuperAntiSpyware?
>
> >Did you Google on "cpvfeed"?
> >I just found some 38.000 hits, maybe you can find a solution there?
>
> Fixed it. Nothing found it bar Kasperskly Online Scanner, it was the
> ONLY ONE!!! It only identified two of the files though, and didn't
> pick up the service in registry. Also, it treated the files as locked
> and didn't implement a boottime delete. I did that myself using
> GiPo@Utilities. It is now gone.The malware came from a torrent
> screensaver I DL'd, it is a particularly nasty infection - the exe
> installstwo files core.sys and core.cache.dsk in \system32\drivers\
> and registers itself as a service
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\core
> deleted the lot on boot and presto, free of this ****ing infection.
>
> I must point out that the only suite to identify these files and the
> service was Kaspersky Online. Nothing else did, including my
> Zonealarm by which I normally swear. None of the forums were anywhere
> near the mark either, so much for the geeks and techo's who think they
> know it all. I found the solution in a piratebay comment forum on the
> particular torrent which has caused all of the problems. I will be
> very careful in the future.
>
> By the way, the simple expedient of setting the url to 127.0.0.1 in
> hosts stops it from promulgating, but it doesn't stop the popup.
>
> Hope this helps someone else, because no one here could help me, thats
> for sure, even though in a condescending way a few people thought they
> could help.
>
> thang- Hide quoted text -
>
> - Show quoted text -

Thang,

I seem to be having the exact same problem. I have tried the same
fix, but I am having trouble locating either one of the two files that
you mentioned. ie. core.sys and core.cache.dsk. Please provide
assistance if you can.