Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got infected. Malwarebytes and similar programs will not open. SVCVMX


  • This topic is locked This topic is locked
13 replies to this topic

#1 bluekrista

bluekrista

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 03 March 2017 - 05:52 PM

I got a hijacker and was able to (after some effort) get Avira on my Chrome browser. Adblocker has reported error but I haven't seen unusual ads or sent to unwanted pages since then. 

 

I can install Malwarebytes but it will not open to scan for anything.  It says "The requested resource is in use". Same message when I try to install combofix. Malwarebytes does not show up in the task manager. One thing I did notice in the task manager (which won't close) is several instances of winvmx client. 

 

I have gone into regedit and gotten rid of some things related to "svcvmx" and what that got me was Avira on my browser. 

 

I haven't been able to reboot in safe mode. I have windows 10.

 

svcvmx is found in my program files and in startup. I can't get rid of any of it. The computer makes excuses. 

 

What can I do?

 

 



BC AdBot (Login to Remove)

 


#2 gympz28

gympz28

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 04 March 2017 - 03:39 AM

Same problem as above after regrettable download. Winvmx client app running and restarting every time its killed. Svcvmx stuck in startup and registry. Program file can't be deleted and Malwarebytes won't startup. Running Windows 10 and Defender says nothing to be found here  :thumbsup2:   :hysterical:   Someone help please!



#3 acdbeat

acdbeat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 04 March 2017 - 05:01 PM

Hi, im having the exact same problem. got it from sketchy download yday. same error and cant get to safe mode or boot screen no matter what i do. windows 10. wont let any anti virus run or be downloaded.



#4 fatdcuk

fatdcuk

  • Security Colleague
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yeovil,England.
  • Local time:05:37 PM

Posted 04 March 2017 - 05:23 PM

Hi guys

 

The Trojan.Clicker install you have is protected by a rootkit which is blocking both us and many other security softwares from running.

 

Try a scan with the following :)

 

https://www.malwarebytes.com/antirootkit/


Edited by fatdcuk, 04 March 2017 - 05:26 PM.

Ade Gill
Senior Research Engineer (PUP)

marcinsig.gif

Follow us: Twitter, Become a fan: Facebook


#5 acdbeat

acdbeat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 06 March 2017 - 05:50 AM

hi, i ran the antirootkit and it was finding a bunch of stuff ...but it gets 'stuck' in 'nonresponding mode' everytime. tried it twice, waited for hours for it to 'respond' again...never did. now the virus wont let met run that antiroot kit at all and gives an error message. downloaded sophos antiroot and it wouldnt let me run it either ...gave the same error "the requested resources in use". Basically, it will not let an antiroot kit run.



#6 fatdcuk

fatdcuk

  • Security Colleague
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yeovil,England.
  • Local time:05:37 PM

Posted 06 March 2017 - 06:37 AM

hi, i ran the antirootkit and it was finding a bunch of stuff ...but it gets 'stuck' in 'nonresponding mode' everytime. tried it twice, waited for hours for it to 'respond' again...never did. now the virus wont let met run that antiroot kit at all and gives an error message. downloaded sophos antiroot and it wouldnt let me run it either ...gave the same error "the requested resources in use". Basically, it will not let an antiroot kit run.

 

Hi

 

Sometimes the following folder contains many files which might throw the RK tool into a loop.

 

%LOCALAPPDATA%\llssoft\winvmx

 

Manually deleting the folder should address that .

 

If you delete the folder and restart/reboot the computer then attempt to run MBAR does the error still occur for you ?


Edited by fatdcuk, 06 March 2017 - 06:38 AM.

Ade Gill
Senior Research Engineer (PUP)

marcinsig.gif

Follow us: Twitter, Become a fan: Facebook


#7 acdbeat

acdbeat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 06 March 2017 - 06:14 PM

Hi, thanks for taking the time to help ....first it wouldnt let me delete that folder as it was "in use" ...then I was able to delete it ...ran the rootkit ...and ...same thing happened ...rootkit gets into its non responding mode ...I noticed at the point when its 'not responding' that it had found over 3000 malicious items by that time. I also notice that the 'folder' is there again ...and it once again says its 'in use' when I try to delete it. Sorry Im a computer novice and not sure how to properly explain everything : ) .



#8 fatdcuk

fatdcuk

  • Security Colleague
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yeovil,England.
  • Local time:05:37 PM

Posted 06 March 2017 - 06:41 PM



Hi, thanks for taking the time to help ....first it wouldnt let me delete that folder as it was "in use" ...then I was able to delete it ...ran the rootkit ...and ...same thing happened ...rootkit gets into its non responding mode ...I noticed at the point when its 'not responding' that it had found over 3000 malicious items by that time. I also notice that the 'folder' is there again ...and it once again says its 'in use' when I try to delete it. Sorry Im a computer novice and not sure how to properly explain everything : ) .

 

No Problems and your most welcome :)

 

Could you please try the following.

 

Turn the computer off(Full power down via start menu)

 

Restart again after 30 seconds and then open MBAR.

 

Select check for updates and once it has updated select scan*.

*Once it is scanning please avoid either clicking on the MBAR user interface/window or minimizing it to the system tray.

 

Allow MBAR to remove what it finds and then restart your computer.

 

Finally to finish of cleaning  run a threat scan with Malwarebytes.

 

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/


Edited by fatdcuk, 08 March 2017 - 06:39 AM.

Ade Gill
Senior Research Engineer (PUP)

marcinsig.gif

Follow us: Twitter, Become a fan: Facebook


#9 acdbeat

acdbeat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 07 March 2017 - 08:57 PM

Hi, your advice worked! Not minimizing or touching the mbar window worked! All my anti virus programs are working again and I think I got rid of everything. Thanks again for your help!! lesson learned, no more sketchy downloads for me : ) thank you!



#10 gympz28

gympz28

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 07 March 2017 - 09:34 PM

Hi guys

 

The Trojan.Clicker install you have is protected by a rootkit which is blocking both us and many other security softwares from running.

 

Try a scan with the following :)

 

https://www.malwarebytes.com/antirootkit/

 

Fatdcuk, Thank you for your help!!! Had to run MB a few times after it became non responsive but finally worked and now all traces have been removed. Anyone having a problem follow the comments above and leave the system alone while it scans. Thanks again and Good Luck everyone!



#11 xViviDx

xViviDx

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 05 April 2017 - 06:49 PM

Hi everyone.

I have been dealing with this exact issue all day. Tried to install every antivirus and even MBAR. This winvmx client has ahold of my pc and won't let me run any of it. Every time I try I get a, this resource is in use error. I'm getting desperate since I just built this pc and just can't seem to get around it.
I've found a microleaves folder in my registry but have never done anything in there so I'm a little nervous to touch the folder.
Any advice?

#12 desperado21

desperado21

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 06 June 2017 - 06:51 PM

i now have the same problem.  I've tried running the programs to clean it up that were on my laptop prior to the issue, but getting "resource in use" error.  Tried downloading the new programs (beta and others) to go after to roots, but same issue.  Even tried to run them while in SAFE MODE, still nothing.  i even went as far as trying to rename some of the programs (tdsskiller.exe to test.exe).  Any ideas on how to get past this block?



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 07 June 2017 - 12:37 PM

If you need assistance with this infection (which is SmartService), please start a new thread in the Virus, Trojan, Spyware, and Malware Removal Logs and follow the instructions in the thread below.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

Once MBAR is done scanning, and your computer restarted, a file called "mbar-log-TODAY'S-DATE.txt" (where TODAY'S-DATE will be the date on which the MBAR scan was ran) will be located in the MBAR folder. Copy/paste the content of that file in your thread.

Thank you.

Edited by Aura, 07 June 2017 - 12:38 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 hamluis

hamluis

    Moderator


  • Moderator
  • 55,549 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:37 AM

Posted 07 June 2017 - 12:58 PM

Topic closed, OP overwhelmed by thread-stealers who need to initiate own topics.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users