Jump to content

cannot open any security or anti virus programs due to running resource mes

Recommended Posts

Ok, that is really odd because I get both options to work... Run FRST again and post the fresh logs......

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"


Link to post
Share on other sites
  • Replies 163
  • Created
  • Last Reply

Top Posters In This Topic

AS I expected the infection is back once again because we cannot remove this file C:\Windows\System32\mshrjxt.exe That file is protected and the only way to remove it is from outside of normal windows.....  Another possibility is to use Chameleon to install and run Malwarebytes, try the following:

Install Malwarebytes via Chamelon...

Download the Chameleon zip file from https://downloads.malwarebytes.org/file/chameleon and extract it to a new folder on your desktop.

user posted image

Make certain that your PC is connected to the internet and then open the new folder.

Inside the folder expand each sub folder until you have windows folder open with list of entries of renamed Malwarebytes executable files....

user posted image

Double click on each in turn until one will work...

If successful follow the prompts to install and update.

When the update completes amend these settings :-
  • Select Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab,
  • When complete post the log..

and run a threat scan......

Post that log...
Link to post
Share on other sites

Yep sure is... a propper PITA. We really need to get to the recovery environment to kill of the infections protected dropper.... Have a look at the following link, that gives several options to access advanced start up....


Any luck....?

Link to post
Share on other sites

I have tried a couple of those at the end of post but to no avail I have sciatica in my leg now been sitting. Awkward at the pc.

Is malwarebytes the only one that can get rid of this? I tried a trial version on malware fighter which found the said file but failed to remove it. I will have a play around at times over the weekend and come back to you.

Cheers Kevin.


Link to post
Share on other sites

Hiya Mike,

The infection has more than likely also altered a couple of settings that is stopping the access to the recovery environment. I want you to run an frst fix to restore RE access, also list drivers and files...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.






Edited by kevinf80
amended script and attached file
Link to post
Share on other sites

Hiya Mike,

Back again, now we need to run a fix via the recovery environment, this time it should work as access has been restored...

Please download Farbar Recovery Scan Tool from here:


save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Also save attached fixlist.txt file (end of reply) and also save it to the USB flash drive...


From your Desktop select the start Flag (bottom lefthand corner of screen)

Hold down the "Shift key" of your keyboard, keep it down and select "Restart"

user posted image

Your PC should open to the "Choose an Option" window.... release shift key.

user posted image

From that window select "Troubleshoot"

user posted image

From the next window select "Advance Options"

user posted image

From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter
  • Note: Replace letter E with the drive letter of your flash drive. <<<----vey important
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixllog.txt) on the flash drive. You will need to boot back to Normal windows to post the log, or if applicable do that action from a spare PC...
  • To boot back to windows, type exit at the prompt and hit enter
  • Please copy and paste or attach FRST log to your reply.




Link to post
Share on other sites

Kevin I don't know whether this has anything to do with anything but recently I kept getting error message that my Windows 10 needed activating I spoke to the guy at the shop who had recently upgraded it for me. He told me to bring it in and he would do it for me, when I went to pick it up he said it was something to do with Office 13 and he showed me what to do if it asked for activation again apparently it has to be activated through Office 13 I don't know if that is where the NTuserlist comes from??

Anyway I have managed to boot the way you said with recovery USB drive and ran frst in fix so I have attached the log.


Hope all that makes sense


Link to post
Share on other sites

Hello Mike,

NTuserlist  is part of the infection, I want you to now boot back to Normal windows and run MBAR..

Use the instructions at this link:

On the fourth image you will see the "scan target" boxes, only drivers is checked, I also want you to Checkmark "Sectors" and "System" so all 3 boxes are checkmarked....

Post the produced logs.... If MBAR freezes for any reason run again, this time uncheck "Sectors" and "System" only leave drivers checkmarked...



Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.