Jump to content

Recommended Posts

Hi everyone,

I need help removing a virus/malware from my computer. I followed several forum/blog posts that seem to describe my problem, but every malware removal tool I tried (including while in Safe Mode, or Running it as an Admin, even when I renamed the exe files), I get the dreaded "Requested Resource in Use".

I was able to run Farbar, see attached reports.

Any help will be very appreciated.

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Replies 55
  • Created
  • Last Reply

Top Posters In This Topic

Hi sbachman :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;

This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after. 

Link to post
Share on other sites

Thank you!

MBAR seems to be working for me, it started scanning, but one problem that started coming up is this "Select Region" window that overlays the screen and doesn't let me use any other program.

Attaching a screenshot I found online from someone with the same problem.

 

select-region.png

Link to post
Share on other sites

I tried following this guide: https://www.bleepingcomputer.com/virus-removal/remove-select-region-tech-support-scam

I just get "The wait operation timed out" at step 5.

UPDATE: Okay, it looks like the scan is still running in the background and I might be able to work around the blue screen. I'll update the thread once I have more info!

Edited by sbachman
Link to post
Share on other sites

Speaking of stuck, I got to the point where I need to reboot, but the screen is frozen with "Restarting", the spinner hasn't moved for a few minutes now. Not sure if it's safe to just reboot the PC.

Edited by sbachman
Link to post
Share on other sites

It's been about 30 minutes, so I just rebooted. Windows Defender is working again, and it seems that I might be able to install stuff some of the other anti-malware tools, although AdwCleaner was showing an error ("This app has been blocked for your protection").

Furthermore, the blue popup screen still comes up.

Attaching the report.

mbar-log-2017-05-17 (11-53-17).txt

Link to post
Share on other sites

Quote

although AdwCleaner was showing an error ("This app has been blocked for your protection").

Probably SmartScreen interfering (from Windows, this is normal). Alright, now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button;
    • If it asks you to restart your computer to complete the removal, do so;
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply;

Link to post
Share on other sites

I attached a photo with the error. (It seems that the PrtScr button and the Snipping Tool are both disabled while the popup is showing.)

 

I just run rkill, which terminated one rogue process (C:\Windows\windows-3d6hatn\RuntimeBroker.exe -- I deleted the whole folder afterwards) and it looks like the blue screen problem might have stopped. (Also attaching the report, not sure if it's useful at all.)

I also run MBAR again, just in case, and it found no malware.

IMG_20170517_145854840.jpg

Rkill.txt

Edited by sbachman
Link to post
Share on other sites

The logs you provided in your first post are from FRST. So launch FRST again, click on the "Scan" button, wait for it to complete, and attach the two logs that will be produced (FRST.txt and Addiiton.txt).

Quote

I was able to run Farbar, see attached reports.

 

Link to post
Share on other sites

All good :) Alright, follow the instructions below.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

After running the fix and restart your computer, are you able to run Malwarebytes?

fixlist.txt

Link to post
Share on other sites

I was expecting that. And you're still not able to run AdwCleaner, right? Are you able to run JRT?

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

Link to post
Share on other sites

That would be the easy out, though I would really like to know what's going on your system.

I'm going to bed right now, however, there is at least one other thread on this forum with a user facing the same issue as yours, and they're quite advanced in their troubleshooting already. I'll take a look at it tomorrow morning if I have time to see if we can find more information about this infection. Right now, we confirmed that none of Malwarebytes tools (except MBAR) can be ran, and that might be related to their certificates.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.