By ambushedbaby
Feb 5, 2008
  1. Hi, all :wave:

    One of our computers is infected with smitfraud-c.coreservices.

    The user tried going into safemode/command file and creating his own file w/o virus called "core.cache.dsk" as a read only file. That file is 19 bytes.
    When rebooting it doesn't get overwritten but spybot sees the read only file as a virus.

    When the file is then deleted and spybot runs again it says the machine is clean. But--when the machine is rebooted the virus file is recreated. The recreated file is 167 K, so we know it's not the read only file used to replace the original.

    Does anyone know what causes the file to be recreated?

    What files other than the core.cache.dsk are part of the smitfraud 'package'?
    We have AVG Pro and AVG is finding things in restore points. Removing the restore points doesn't seem to help.

    We set 'show all hidden files and folders' and ran AdAware, Spybot (several times) the AVG anti-spy, anti-virus and the smitfraud C remover. The smitfraud remover seems to have messed up the hosts file.

    The user is a programmer who is interested in finding out what files are associated with this virus and getting rid of it manually. He's out there hunting for the info, but since you all have been so helpful for me in the past, I thought I'd ask the gurus to perhaps expedite his search.

    Thanks for any feedback.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...