coordinator.exe no disk pop-up virus?

Posted on 2011-04-19
Last Modified: 2013-11-22
I have started getting a pop-up that says: coordinator.exe - no disk There is no disk in the drive.  Please insert a disk into drive \device\harddisk1\DR1." and it seems to stop the virus program from operating.  I can't find any way to get rid of it nor any information on it online.  I had Avast" and it indicated all was well. I switched to BitDefender and it wouldn't install until i managed to click the popup repeatedly off (it would re-appear immediately) and in between the new program managed to stop it.  But now that the new program is all installed, it has returned.  BitDefender has scanned all and reports no problems.  The pop-up is still there.  The buttons offered are Cancel (doesn't work) Try Again (doesn't work) and Continue (didn't try).
Question by:tallman1948
    LVL 38

    Accepted Solution

    Can you post a screen shot of what is showing on your monitor?
    There are a large number of malwre variants that MIGHT be causing this.
    LVL 38

    Assisted Solution

    OK - that pop-up appears to be caused by a fairly common chunk of malware.

    Read the instructions in these EE Articles and you should be able to effectively repair your system: (Stop-the-Bleeding-First-Aid-for-Malware) (Basic Malware Troubleshooting)
    LVL 47

    Assisted Solution

    Most likely one of the family of fake security rogues,

    Use TheKiller or Rkill to kill running process before running other tools as already suggested.

    1.  TheKiller,
    •Download TheKiller to your Desktop

    •Note that TheKiller is renamed as explorer.exe
    •Run it by double click
    •Press OK button after program finish
    •Do not restart your system after this step, but immediately run the next scan: MalwareBytes, ComboFix etc.

    Please download ComboFix by sUBs:

    Download and run it from your Desktop.
    Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    Double click combofix.exe & follow the prompts. Only run ComboFix once.

    When finished, it will produce a log. Please save that log and attach it in your next reply.
    Re-enable all the programs that were disabled during the running of ComboFix..

    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:


    Author Closing Comment

    I found the solution myself.  After searching on nearly everything known to man I finally found the source - it was in a hidden file - appdata\local\zoominfoCEutility\2055\coordinator.exe.  I renamed the file and rebooted and voila! it was gone.  Then I looked up Zoominfo and it is something that appears to be legit - a program for sharing my business contacts.  I have doubts, though, as I have been getting spam-mail for at least 6 business contacts with only links in the body - usually to viagra or something, and it embarrasses the clients who send apologies eventually.  I wondered it so many former clients could be getting into some mailing list through me!  Too much coincidence!  Time will tell. Meanwhile, no more Zoominfo.  Thanks for your efforts team!

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now