Jump to content

I CANNOT INSTALL MALWARE BYTES BECAUSE OF "system resource is in use"


Recommended Posts

  • Replies 167
  • Created
  • Last Reply

Top Posters In This Topic

You mean in other web browsers, like Internet Explorer and Mozilla Firefox? Which email client are you using?

Link to post
Share on other sites

No, I only use chrome. So if the chrome application isn't even opened, like if I am playing a game or something, would get a pop-up ad. 

Oh, would you look a,t that I just got on my first pop-up ad from 'quickprivacycheck.com' saying my computer is being tracked.

I use chrome for my email, I just go to gmail.com.

Link to post
Share on other sites

This is weird indeed. Alright, follow the instructions below please.

G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

Link to post
Share on other sites

Alright. Next, I would like to see what RogueKiller can find.

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit);
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner);
  • Let the scan complete;
    ldMR2zP.png
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the buttom left corner);
  • This will open the report in Notepad. Copy/paste its content in your next reply;

Link to post
Share on other sites

RogueKiller V12.10.8.0 (x64) [May  8 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : ckurl [Administrator]
Started from : C:\Users\ckurl\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 05/11/2017 19:01:57 (Duration : 00:54:41)

¤¤¤ Processes : 1 ¤¤¤
[VT.not-a-virus:RiskTool.MSIL.BitCoinMiner.ah] NiceHashMiner.exe(3520) -- C:\Users\ckurl\Desktop\NiceHashMiner_v1.7.5.10\NiceHashMiner.exe[7] -> Found        *

¤¤¤ Registry : 11 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} (C:\Program Files\BDServices\BDUpdateServiceCom.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} (C:\Program Files\BDServices\scan.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} (C:\Program Files\BDServices\scan.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0} (C:\Program Files\BDServices\BDUpdateServiceCom.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} (C:\Program Files\BDServices\scan.dll) -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Windows\CurrentVersion\Run | Gaijin.Net Agent : "C:\Users\ckurl\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" [7] -> Found                                                                         *
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3379452668-3058411388-1845388906-1001\Software\Microsoft\Windows\CurrentVersion\Run | Gaijin.Net Agent : "C:\Users\ckurl\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" [7] -> Found                                                                        *
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx :  [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klids (\??\C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys) -> Found       *
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cfe21422-8cd3-41c5-9d18-19018f8541fe} | DhcpNameServer : 10.0.1.1 ([])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP.Filefinder][Folder] C:\Users\ckurl\AppData\Roaming\Pluto TV -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] 70b7a7f8df8e6d04800322b634f81da1
[BSP] c435b2756a98160cd71c93f623657a67 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 796672 | Size: 926584 MB
3 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1898442752 | Size: 849 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1900181504 | Size: 26043 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] 0c85d70d5cec6b73c7768c62a5f422f4
[BSP] dd23538c0b876bd80f6d8290a33783c0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8064 | Size: 30604 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

*The lines which I have put the asterisk (*) are files that I know are safe.

plz tell me if I should remove the selected threats

Link to post
Share on other sites

Check the following threats, and remove them.

[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{4ABDD67C-44E3-42E0-816D-D7F0E54761DF} (C:\Program Files\BDServices\BDUpdateServiceCom.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{65416821-217D-44BD-9C61-F53398FB1B46} (C:\Program Files\BDServices\scan.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC} (C:\Program Files\BDServices\scan.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{94915A56-4D71-4F85-B59C-CC040F5AC6F0} (C:\Program Files\BDServices\BDUpdateServiceCom.dll) -> Found
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC} (C:\Program Files\BDServices\scan.dll) -> Found
[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx :  [x] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cfe21422-8cd3-41c5-9d18-19018f8541fe} | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUP.Filefinder][Folder] C:\Users\ckurl\AppData\Roaming\Pluto TV -> Found

 

Link to post
Share on other sites

There is, yes, but you need to add them one by one.

Quote

No, I only use chrome. So if the chrome application isn't even opened, like if I am playing a game or something, would get a pop-up ad. 

In which web browser would that ad open? Are you able to reproduce it? And which game(s) are you playing?

Link to post
Share on other sites

Alright let's try something. Download and execute proxexp64.exe. Close all your programs, and wait for an ad to appear. Once done, take a screenshot of the procexp64.exe window, where I can see the chrome.exe process listed, and post it here.

https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

Link to post
Share on other sites

The idea here is that hopefully we'll see what process launched the chrome.exe process with the ad, and it'll give me ideas on where to look for it.

Link to post
Share on other sites

Alright, please provide me a frest set of FRST logs (FRST.txt and Addition.txt). Looks like I'll have to review them line by line. The chrome.exe processes seems to be normally invoked.

Link to post
Share on other sites

Please, leave the whitelisting off. We only uncheck these in case of extreme need. I don't think it is necessary right now. Run a scan again with the default settings.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.