Jump to content

Requested Resource is in use


Recommended Posts

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/16/17
Scan Time: 6:47 PM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2604
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JoshFowler-PC\Josh Fowler

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351786
Threats Detected: 5
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 2 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [322], [365171],0.0.0

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

You can click on the Quarantine button, and it should replace the hosts file with a clean one :) Next, we'll run a sweep with AdwCleaner and JRT.

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Press on any key to launch the scan and let it complete
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply

Your next reply(ies) should therefore contain:

  • Copy/pasted AdwCleaner clean log
  • Copy/pasted JRT log

Link to post
Share on other sites

oh nvm it is done haha. 

 

# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 02:44:38 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Josh Fowler\AppData\Roaming\Installer.dat


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\xs


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4137 B] - [2016/8/14 2:32:57]
C:/AdwCleaner/AdwCleaner[C2].txt - [2073 B] - [2016/8/14 3:25:14]
C:/AdwCleaner/AdwCleaner[S0].txt - [4585 B] - [2015/2/21 20:32:28]
C:/AdwCleaner/AdwCleaner[S1].txt - [3904 B] - [2016/8/14 2:31:56]
C:/AdwCleaner/AdwCleaner[S2].txt - [2628 B] - [2016/8/14 3:24:42]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

 

Link to post
Share on other sites

here is the log that came up after the reboot not sure if it was the same one as before but i got two different logs 

# AdwCleaner 7.0.1.0 - Logfile created on Thu Aug 17 02:45:29 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\Users\Josh Fowler\AppData\Roaming\\Installer.dat


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\xs


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

Link to post
Share on other sites

First one was a Scan log, second one is a Clean. I needed the Clean one so that's good :)

Once you're done running JRT, you can run a scan with FRST (normally this time) and provide me a fresh set of logs. I'll review them tomorrow.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
  • Click on the Scan button
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply

Link to post
Share on other sites

JRT log 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Josh Fowler (Administrator) on Wed 08/16/2017 at 21:50:43.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 10 

Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V5PO3KO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOLEDCSL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWO9K5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Josh Fowler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4SIZAJ8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8V5PO3KO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NOLEDCSL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NYWO9K5H (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4SIZAJ8 (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/16/2017 at 21:55:37.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Almost there :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

fixlist.txt

Link to post
Share on other sites

We'll run one last fix to fix your AppMgmt service. Once done, attach the fixlog.txt.

Also, I would like for you to delete the following folder:

C:\FRST\Quarantine\C\Users\Josh Fowler\AppData\Local\ntuserlitelist

After that, .zip the C:\FRST\Quarantine folder (right-click on it, select Send to then Compressed (zipped) folder and upload the .zip file to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

fixlist.txt

Edited by Aura
Link to post
Share on other sites

i have not had any issues at all since we got the rootkit beta and the adw removal / jrt to run honestly... 

 

But just because there are no symptoms does not mean it isnt there... So i have been here until the End with you :D  and i honestly thank you so much for taking time out of your personal life to assist me with this.. You are a saint.. 

 

and i already uploaded the file where requested. 

Link to post
Share on other sites

Quote

and i already uploaded the file where requested. 

 

Got it, thank you :)

Quote

i have not had any issues at all since we got the rootkit beta and the adw removal / jrt to run honestly... 

Awesome!

Quote

But just because there are no symptoms does not mean it isnt there... So i have been here until the End with you :D  and i honestly thank you so much for taking time out of your personal life to assist me with this.. You are a saint.. 

I don't see anything left (remnants, infection, etc.) in your logs anymore, so now we're done for real!

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Check the following options :
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Once all the options mentionned above are checked, click on Run
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits (and also 0-days) which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, Google Chrome, Mozilla Firefox, VLC Media Player, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and y5YE7At.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Anti-Virus

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Anti-Malware, Anti-Exploit and Anti-Ransomware

Having a decent security setup (which also includes an Antivirus) is the most crucial step to protect a system. These programs are additional layers of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Fortunately, the new Malwarebytes 3 bundle all these layers in one, easy to use and efficient product. Malwarebytes 3 offers Malware, Web, Exploit and Ransomware protection modules that works together in order to keep your system protected and stop an infection at multiple level.

  • j1Bynr2.pngMalwarebytes - Comes with a free trial of the Premium version for 14 days, after which it reverts back to the Free version

Note: Please note that only the Premium version of Malwarebytes 3 offers real-time protection (Malware, Web, Exploit and Ransomware). The free version only allows you to scan your system for threats and remove them.

Firewall

Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages)
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome, Mozilla Firefox, Microsoft Edge, Opera and most Chromium and Firefox-based browsers)
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera)
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers)
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers)
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera)
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser)

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

No problem Vualk, you're welcome :)

Quote

Hopefully i won't be back for Malware infections again.. I haven't had an infection i couldn't fix myself in a LONG time. 

Malwarebytes Premium could've prevented that infection from occurring, so it might be a good idea to invest in a Premium licence if you ever can. You'll also be protected against other threats as well at the same time :) 

Link to post
Share on other sites

Is premium An AV also or just All of the inbetweens? 

 

I know how i got it... And as soon as i did i said to myself.. "oh FK i am an idiot" 

I was downloading a program from the internet from a 3rd party site. It came bundled with A thousand things.. All of which i declined.. Trying to cancel the install.. As soon as the last decline went through it installed this malware immediately after in less than 3 seconds.. (not enough time to stop it) .. at that point it was ... okay lets start scanning things... i ended up killing alot of it myself. but i could not fix the rest. I was at a loss.. so i came here.. 

I am so glad i did

Link to post
Share on other sites

Quote

Is premium An AV also or just All of the inbetweens? 

Malwarebytes isn't an Antivirus. I still consider it an Anti-Malware, but Malwarebytes 3 is now much more: Anti-Malware, Anti-Exploit, Anti-Ransomware and Web Protection all in one. So that's an added 4 layers of protection to the one(s) already covered (or not) by your current Antivirus virus. Malwarebytes will supplement your security setup.

Quote

I was downloading a program from the internet from a 3rd party site. It came bundled with A thousand things.. All of which i declined.. Trying to cancel the install.. As soon as the last decline went through it installed this malware immediately after in less than 3 seconds.. (not enough time to stop it) .. at that point it was ... okay lets start scanning things... i ended up killing alot of it myself. but i could not fix the rest. I was at a loss.. so i came here.. 

SmartService is spread via bundled installers and mostly Windows loaders, activators, cracks, etc. from what I've seen. Same for CertLock, but on a smaller base (or more because MBAR can deal with it easily).

Quote

I am so glad i did

 

If by misfortune, you ever end up infected again, feel free to come seek assistance here, we'll do our best to help you with the clean-up process :) 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.