shadowwar

Requested Resource is in use Error - Unable to start Malwarebytes

Recommended Posts

Posted (edited)

Note Updated on October 27, 2017

If you are trying to start Malwarebytes and you receive an error message that the resource is already in use then you may be infected with Adware.Yelloader.

Please follow the instructions below to remove the infection.

1. Download version 1.10.3.1001of Malwarebytes Anti Rootkit (MBAR)

https://malwarebytes.app.box.com/s/flmkkcawxhohv6jf6wlkentlvycq0f3z

2. Run the exe as administrator by right clicking and select run as administrator.

58e3ca096c5cc_Screenshot2017-04-0412_29_25.png.b9ce1b13f5d06463f7e59bf7d0872a04.png

Click ok to extract.

If Mbar wont run please download the zip copy from this article and follow the instructions at the link to get running. Then Continue at Step 3.

https://support.malwarebytes.com/docs/DOC-1267

3. After extraction MBAR should start.

59f33ec143e2e_Screenshot2017-10-2710_10_41.png.3ff9e16f1d5ba3197e859ac9008068fb.png

 

 

Click next.

 

4. Update by hitting the update button.

 

59f33ec1ec0ea_Screenshot2017-10-2710_11_14.png.0aa0fd0c6efc3b5f2a4a6abebd1c3d47.png

 

After the update completes hit next.

5.  Hit the scan button. Please let it finish the scan. This rootkit may slow your machine down and MBAR may look like it will freeze but it will continue to scan. Please allow it to do so.

 

 

59f33ec28879c_Screenshot2017-10-2710_11_19.png.dd54c0664c1ca8eb5918a9e81f394506.png

 

If you get the following error message:

 

59e22f56ecd2d_1-d4yOI3j.png.002d9208ddb162e5e305924936b2bd78.png

 

Click Yes and your computer will reboot.

After the reboot, the MBAR window should automatically open.

Note: If your Desktop is missing/black, do not worry. This is normal. Please proceed with the remaining instructions below.

Click Next followed by Next.

59f33ec143e2e_Screenshot2017-10-2710_10_41.png.3ff9e16f1d5ba3197e859ac9008068fb.png

Click Scan.

 

59f33ec28879c_Screenshot2017-10-2710_11_19.png.dd54c0664c1ca8eb5918a9e81f394506.png

If the scan successfully completes, please skip to the Remediation bullet points below.

If you receive the same message, "Could not load DDA driver", click Yes.

59e227654b09a_2-ryc47XZ.thumb.png.c26388b9f42911f1999a948cadb13024.png

 

Click OK. Your computer will automatically boot into the Recovery Environment. Proceed with the instructions below afterwards.

59e2276640e2d_3-OwwMgcE.thumb.png.a7d941ad5e8c261fee33d07aaa70e1dc.png

 

If Windows did not boot into the recovery environment hold the SHIFT key and click restart computer while holding the shift key down. You should then boot into the boot options menu. Select repair your computer from the list and follow the instructions below.

If still not successfull from a command prompt in normal windows run the following command:

bcdedit.exe /set {bootmgr} displaybootmenu yes

 

Windows 7:

  • Select your desired keyboard layout and click Next.
  • Select your user account, enter your user account password (leave blank if you don't have one and click OK.
  • Click Command Prompt.

 

Windows 10:

 

  • Click Troubleshoot.
  • Click Advanced Options followed by Command Prompt.
  • Select your account and enter your password if you have one.

 

Command Prompt in Recovery Environment:

  • Type the following text below into the Command Prompt and press Enter on the keyboard:
    C:\mbstart.cmd
  • Note: If you encounter an error stating the command is not recognized, replace "C" with the letter "D" (e.g. D:\mbstart.cmd).
  • Note: Repeat with each letter of the alphabet until the command successfully executes.
  • Once the command is successfully executed, your computer will automatically boot back into Normal Mode.
  • 59e227687e861_5-fi805Mn.thumb.png.ba9d1feafce752d964005c8c415d9421.png
  • The MBAR window should automatically open.
  • 59f33ec143e2e_Screenshot2017-10-2710_10_41.png.3ff9e16f1d5ba3197e859ac9008068fb.png
  • Click Next.
  • Click update
  • 59f33ec1ec0ea_Screenshot2017-10-2710_11_14.png.0aa0fd0c6efc3b5f2a4a6abebd1c3d47.png
  • Click Scan
  • 59f33ec28879c_Screenshot2017-10-2710_11_19.png.dd54c0664c1ca8eb5918a9e81f394506.png
  •  

 

Remediation:

  • If threats are detected, click the Cleanup button.
  • 59e227698947b_6-mbPDL9U.thumb.png.9551f899e405934987d65a266738912e.png
  • If you are prompted to restart, please hit Yes
  • 59e2276aa7802_7-93ixTys.thumb.png.b0901d5992765c6ab18f060026ca3f55.png.
  • Upon completion of the scan or after the reboot, two files named UdawJ7P.png mbar-log.txt and system-log.txt will be created.
  • Both files can be found in the extracted MBAR folder on your Desktop.
  • Please attach both files in your next reply.

 

7. Malwarebytes functionality should be restored. You must run a Malwarebytes custom scan with rootkit on so any remaining detections are removed.

 

This should remedy the rootkit. If you are still having issues please post in this forum or open a helpdesk ticket.

 

Changelog:

Made compatible if Malwarebytes 3 was already pre-installed.

Updated bundled defintions to more recent package.

Updated on 09-13-2017 for latest variants.

Updated on 10-14-2017 for latest variant.

Updated on 10-27-2017 for latest variant and better success with dda driver loading without Recovery environment.

 

 

 

 

 

 

 

 

 

Edited by shadowwar
updated mbar 10-26-2017

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.