[Momin Khan]

Hello, as the topic says everytime I try to run an anti-virus software such as malwarebytes adw cleaner, VIPRE rescue and rkill it gives me the"the requested resource is in use" message. I've already tried running it in safe mode and have gotten the same result. Please any help will be greatly appreciated. I will attach the FRST logs and attach the scans. Thank you. PLATFORM: WINDOWS 10 64 ENGLISH UNITED STATES

Attached Files

•  FRST.txt   110.96KB   630 downloads
•  Addition.txt   56.14KB   735 downloads

Edited by Momin Khan, 12 July 2017 - 02:54 PM.

[Advertisements]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

This can be very stubborn to remove ! ! And a lot of malware gets installed.

Follow instructions here

https://forums.malwa...t-malwarebytes/

[zep516]

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

This can be very stubborn to remove ! ! And a lot of malware gets installed.

Follow instructions here

https://forums.malwa...t-malwarebytes/

[Momin Khan]

The programs runs which is a good thing, also thanks for the extremely quick respsonse time. When scanning it takes a very long time 2-4 hours. It stop responding after 2-3 hours and the scanning stops. What should I do? The longest time I let it scan was 5 hours.

[zep516]

Hello,

Lets see if we can move anything.

A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\Users\Momin\AppData\Local\wrirmrmv
Unlock: C:\Users\Momin\AppData\Local\wrirmrmv
C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Unlock: C:\Users\Momin\AppData\Local\ntuserlitelist
C:\Users\Momin\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-792130682-3646775307-2699870585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-792130682-3646775307-2699870585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 windowsmanagementservice; C:\Users\Momin\AppData\Local\wrirmrmv\wyivdei\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
Unlock: 2017-06-17 19:33 - 2017-06-17 19:46 - 00000000 ____D C:\Users\Momin\AppData\Local\llssoft
Unlock: C:\Users\Momin\AppData\Local\llssoft
C:\Users\Momin\AppData\Local\llssoft
2017-06-17 19:32 - 2017-06-17 19:32 - 00002048 _____ C:\Users\Momin\AppData\Local\uninstallro.exe
2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Roaming\c
2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Local\xgpsjqsh
Task: {6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} - \5004826 -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:

• Click Format and ensure Wordwrap is unchecked.
• Save as Fixlist.txt to C:\Users\Momin\OneDrive\Documents (Must be in this location)
• Run FRST/FRST64 and press the Fix button just once and wait.
• If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
• The tool will make a log in C:\Users\Momin\OneDrive\Documents (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Then

Before you go to bed start the scan and let run over nite, reboot the computer in the morning. The Malware installs over 2500 Malware files in some cases more.


I'll return about 4pm EST Tomorrow.

[Momin Khan]

I've attached the log and will now run the malwarebytes program overnight. thank you for helping me, but as of so far the Resource error is still present. The severity of this virus well, i dont know but the malwarebytes program reaches up to 6404 malware found and then freezes. god knows how much it is. yet the performance of the computer isnt changing. No pop ups.

Attached Files

•  Fixlog.txt   7.73KB   610 downloads

[Momin Khan]

Thank you, after that fixlist and the fix using FRST, the malwarebytes thing was able to scan completely and removed 1313 malwares. Thank you very much for helping me, I appreciate it

[zep516]

Hello,

Because of the amount of Malware that gets installed we need to run a few more scans.

Do you have the regular (Malwarebytes Anti Malware) installed ?

If so please run it. If not follow these directions:
 

• Please download Malwarebytes Anti-Malware to your desktop.
• Double-click mbam-setup-version.exe and follow the prompts to install the program.
• Launch Malwarebytes Anti-Malware
• Then click Finish.
• If an update is found, you will be prompted to download and install the latest version.
• Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
• When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
• Reboot your computer if prompted.
  
  
  Posting the Malwarebytes log.
  
  
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• post that saved log to your next reply.

[zep516]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.