Company:
Product: Smitfraud-C.CoreService
Threat: Trojan


Functionality
Supposed to be some kind of driver

Description
This trojan horse gets installed as a driver and constantly runs in background and connects to malicious servers without any user consent. Removal may require to manually close the file handles of the core.cahce.dsk and core.sys residing in the folder \windows\system32\drivers\. To receive help on this please contact Team Spybot S&D via forums or email.

Any idea how to help...I am able to delete the file but it doesn't get rid of the popups....So...How do i close the file handles?

Thanks,
Ben

Please go into Spybot > Help > About. Make sure you are running the most resent version of Spybot with the latest detection updates:
Spybot - Search & Destroy 1.5.2.20
Latest detection update 1 /31 /2008
If not, download and install Search & Destroy 1.5.2 from here (http://www.spybot.info/en/mirrors/index.html) or update as appropriate and try running Spybot again.

Try running Spybot in Safe Mode (http://www.laplink.com/support/kb/article.asp?ID=102) and see if that helps with the removal of the problem.

If Spybot still fails to correct the problem consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the logs produced from the above instructions.