Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'requested resource in use' window


  • Please log in to reply
6 replies to this topic

#1 WhoLou

WhoLou

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 19 March 2017 - 08:37 AM

At wits end (short trip). Every anti-virus-malware asset on my comp is met with a window extolling "requested resource in use." No doubt this is a result of my once rabid habit of biting at every freeware offering in extant. History: Things went from OK to turmoil in quick order.(unfortunately I don't recall at the exact point, thinking I could handle it locally) A flash of offensive and intrusive ads, etc. as my protection assets became compromised with the stated message. I discover the vmxclient, svcvmx, and qdcomsvc intrusions and attempted to  eradicate them going so far as to kill them in the reg. I do understand that this is useless if the offenders remain somewhere hidden, etc. I went so far as to attempt to delete my anti-virus progrms with the intention of reinstalling which was a bad move. Half were locked promising dire  consequences should I attempt to unlock, and the other were left mangled beyond usefulness. So as a result, though I'm able to use my comp after a fashion, basic gaming, you tube, music, etc, as long as I'm willing to be opened to further attacks and erratic functioning which is no trade off far as I'm concerned.

 

 

Here's a listing of my current compromised protections:

 

Win Patrol

Malwarebytes

Panda free antiVirus

Win defender

Advance SysrtemCare (great when operational)

Reason Core Security (trial)

Windows Repair Pro from Tweaking,com (not officially anti-virus, but of little value with the present issue)

 

I've tried to run these in Safe Mode with and without networking all to no avail. I recently purchased a new copy of Win 7, again understanding that if I dont kill the offending intrusions they will just tag along should I choose to install a fresh install, which I'm considering because I fear the OS itself is damaged either though the virus attack or my ham fisted attempts to seek and destroy.

 

I would appreciate any suggestion on what action I should take at this point. Your attention and time is greatly appreciated.


Edited by hamluis, 19 March 2017 - 09:56 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:18 PM

Posted 19 March 2017 - 12:33 PM

WhoLou:

:welcome: to the Bleeping Computer Am I Infected? - What Do I Do? Forum. My name is Phil . May I address you by your first name?

I am sorry to hear of the issues that you are having with your computer. I imagine that you have learned "the lesson". :(

Let's try a couple of preliminary scans and cross our fingers! :)

.

:step1: Please download Rkill by Grinler from one of the 3 links below (if one of them does not work, try another...) and save it to your desktop:

  • rkill.scr
  • rkill.com
  • rkill.exe
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator.)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.

If nothing happens or if the tool does not run, please let me know in your next reply.

 

.


:step2: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

*Click this link to open ESET OnlineScan.
* Place a checkmark next to "Yes, I accept the Terms of Use", then click the greenstart.png button.
* When prompted allow the Add-On/Active X to install.
* In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
* Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):

  • Remove found threats
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

*Then click the shieldstart.png button and ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
*When the scan completes, click List Found Threats (only if anything is found).
*Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Copy and paste the contents of this report in your next reply.
*Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 WhoLou

WhoLou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 22 March 2017 - 05:22 PM

 
Firstly, thanks for the warm welcome. I remember it was some time ago that I had in fact been registered here. It escapes me now when and how long--but that can sit for another day. Meanwhile, to the matter at hand: I trust I have followed your instructions correctly and there is some value to be minded from the data below from the rkill and ESET scans. Being advised to close anti-virus and malware protection is not do-able since as I've mentioned above I cannot access the applications and instead get the message that the "resource is etc.," further they are not even listed under processes in task manager. I was however able to remove Panda from the start menu under Win Patrol. One final inquiry, Phil. I don't quite get how I should handle quarantine files in ESET. As of this post I have neither remove nor restored them. I will search further but would appreciate your advice since I will cease using this computer until I have word it is safe to continue. Thanks again for the welcome and your time and attention.
 
                                                                                 ************************
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/22/2017 01:37:56 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * TBS [Missing Service]
 
 * TermService => %SystemRoot%\system32\rdpwrap.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us
 
  20 out of 36 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 03/22/2017 01:38:17 PM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)
 
 
ESET SCAN RESULTS
 
C:\Program Files (x86)\Activision\Call of Duty - World at War\private-client.exe a variant of Win32/GameHack.RG potentially unsafe application
 
cleaned by deleting
C:\Program Files (x86)\dataup\dataup.exe a variant of Win32/Adware.5Hex.B application cleaned by deleting (after the next restart)
C:\Program Files (x86)\Freemake\Freemake YouTube To MP3 Boom\SetupUpdate.exe a variant of Win32/FusionCore.I potentially unwanted application
 
cleaned by deleting
C:\Program Files (x86)\Ghostery Storage Server\ghstore.exe a variant of Win32/Adware.Adgosteru.H application cleaned by deleting
C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted 
 
application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win64/Toolbar.Visicom.A potentially unwanted application,a 
 
variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of Win32/Toolbar.Visicom.E potentially unwanted application,a variant of 
 
Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\SCS Software\American Truck Simulator - Arizona\bin\win_x86\steam_api64.dll a variant of Win32/Packed.VMProtect.ABO trojan
 
cleaned by deleting
C:\Users\WhoLou\AppData\Local\ewyzuf.dll a variant of Win32/TrojanProxy.Agent.OAL trojan cleaned by deleting
C:\Users\WhoLou\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0008c6 HTML/ScrInject.B trojan deleted
C:\Users\WhoLou\AppData\Local\Izfgsoft\cardsman.dll a variant of Win32/Kryptik.FJFE trojan cleaned by deleting
C:\Users\WhoLou\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\170316092756741.rsc a variant of Win32/Bifrose.NIO trojan deleted
C:\Users\WhoLou\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\170318124425059.rsc a variant of Win32/Adware.5Hex.B application deleted
C:\Users\WhoLou\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\170318213840558.rsc a variant of Win32/FusionCore.K potentially unwanted application,a 
 
variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of 
 
Win64/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application,a variant of 
 
Win32/Toolbar.Visicom.E potentially unwanted application,a variant of Win64/NetFilter.A potentially unsafe application,a variant of Win32/NetFilter.A 
 
potentially unsafe application deleted
C:\Users\WhoLou\Contacts\Desktop\gamz\HATRED_.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted
C:\Users\WhoLou\Contacts\Desktop\gamz\PrimalTrainer\FarCryPrimal_12Trainer.exe a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
 
cleaned by deleting
C:\Users\WhoLou\Contacts\Desktop\New folder (5)\raixgames.android.fishfarm2.googleplay.apk Android/Anydown.N potentially unsafe application
 
deleted
C:\Users\WhoLou\Downloads\advanced-systemcare-setup.exe Win32/Deceptor.AdvancedSystemCare.A application cleaned by deleting
C:\Users\WhoLou\Downloads\freevideocutterjoiner.exe multiple threats,Win32/Adware.Agent.NQE application,a variant of Win32/BundleLoader.C potentially 
 
unwanted application cleaned by deleting
C:\Users\WhoLou\Downloads\spsetup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\WhoLou\Downloads\spsetup130 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows\Installer\12040e1.msi Win32/Adware.Hicosmea.I application deleted
C:\Windows\System32\drivers\drmkpro64.sys a variant of Win32/Adware.5Hex.C application cleaned by deleting
C:\Windows\SysWOW64\splsrv.exe a variant of Win32/Adware.5Hex.B application cleaned by deleting
D:\Dwnloads\System.Mechanic.Pro.10.5.4.19\Assistant.exe Win32/HackTool.Crack.E potentially unsafe application cleaned by deleting
D:\Dwnloads\System.Mechanic.Pro.10.5.4.19\Assistant.rar Win32/HackTool.Crack.E potentially unsafe application deleted
D:\Programs (x86) S-II\Air Conflicts Vietnam\steam_api.dll Win32/HackTool.Crack.BL potentially unsafe application cleaned by deleting
D:\Programs (x86) S-II\Men of War Assault Squad 2 - Men of War Origins\steam_api.dll a variant of Win32/Packed.VMProtect.ABO trojan cleaned by 
 
deleting
D:\Programs (x86) S-II\Rogue.State.v1.11\steam_api.dll a variant of Win32/HackTool.Crack.EE potentially unsafe application cleaned by deleting
D:\Programs (x86) S-II\Splinter Cell - Blacklist\src\SYSTEM\uplay_r1.dll Win32/HackTool.Crack.DG potentially unsafe application cleaned by 
 
deleting
D:\Programs (x86) S-II\Universe Sandbox 2\settings.dll Win32/TrojanDownloader.Agent.CSE trojan cleaned by deleting
 
 
 
 
 
Restarted computer after removing several quarantine files I deemed unknown, suspicious, or no longer necessary. Surprisingly Panda anti-virus shows on taskbar and is now enabled in star menu. I have yet to do a repair with Windows to see if any other charges have taken effect or has an any way impacted the OS. Wanted to rush this to include in any analysis you may undertake.

Edited by WhoLou, 22 March 2017 - 07:46 PM.


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:18 PM

Posted 23 March 2017 - 03:38 AM

WhoLou:
 
Thank you for the RKill and ESET Online scan logs.
 
Before we proceed further, let's run a Malwarebytes Anti-Rootkit (MBAR) Scan.

  • Download Malwarebytes Anti-Rootkit from this link.
  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the "fixdamage" tool included with Malwarebytes Anti-Rootkit located within the "Plugins" folder and reboot.
  • Verify that your system is now functioning normally.
  • If you experience any problems running the tool or it hasn't fully resolved all of the issues you had, please let me know.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 xakRE

xakRE

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 23 March 2017 - 09:20 PM

Running Malwarebytes Anti-rootkit in Safe Mode worked for me.
Rumor is you can run it in command prompt too (ReadMe, page 7).

 

This did not work (Zamana would not run after Rkill completed):

https://www.bleepingcomputer.com/virus-removal/remove-the-requested-resource-is-in-use-error


Edited by xakRE, 24 March 2017 - 11:27 AM.


#6 WhoLou

WhoLou
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 24 March 2017 - 08:49 AM

Bingo! Though I'm sure there are demonstrably perfectly reasonable explanations as to why this course of remedies has worked for me I cannot help but assent to AC Clark's "Any sufficiently advanced technology is indistinguishable from magic." It certainly seems that other-worldy forces are in play considering the energy and effort I put into this self-created quagmire. But be that as it may, I must tip my hat and offer sincere gratitude and appreciation to Phil.

 

(Actually, I was tempted to not even continue with the root-kit scan since everything appeared to be functioning after the ESET scan. But good thing I did, for the root-kit scan unearthed 29 additional instances of nasty-ware. And as a nod to xakRE, though I did the scan under normal Windows, perhaps it would have been more effective in Safe Mode but in this instance I think I"ll leave well enough alone. :dance: 

 

And finally, as I mentioned above about a previous registration here at bleepingComp, I recall now that I did register and download rkill when you had install it and run it in either in Safe Mode or after a re-boot, as I recall. Well, I've gone on enough. Again, my thanks to Phil and bleepingComp for a job well done.  :thumbup2: 



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:18 PM

Posted 24 March 2017 - 01:54 PM

WhoLou:

 

I am delighted to hear that your issues are resolved! :thumbsup:

 

Thank you for your very kind words.  It was my pleasure to be able to successfully assist you!

 

Thank you also for choosing Bleeping Computer to provide help with your computer issues.

 

Have a great weekend.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users