Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan - The requested resource is in use.


  • Please log in to reply
18 replies to this topic

#1 eklypised

eklypised

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 25 April 2017 - 09:54 PM

I am unable to get this trojan off my PC. Every time I download a .ext file i get the requested resource is in us The only programs i have on this PC is spybot which Ive ran and it doesnt get it off. Some fixes i saw says to download MB and Adware but = Ive tried to download Malewarebytes and Adware but when I try to run that .exe i just get the requested resource is in use due to the trojan. Any ideas on how I can get this off my PC? Much appreciated.


Edited by eklypised, 25 April 2017 - 10:30 PM.


BC AdBot (Login to Remove)

 


#2 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 25 April 2017 - 10:14 PM

I ran the FRST scan. Heres the txt

I didnt run it in safe mode though

 

 

Attached Files


Edited by eklypised, 25 April 2017 - 10:26 PM.


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:46 PM

Posted 26 April 2017 - 08:49 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Download Malwarebytes Anti-Rootkit Supplement from here

Once you have downloaded the tool (contained in a .zip folder), you will need to extract the contents. We recommend extracting to your desktop.
 
To extract the files, locate the zipped folder that you want to unzip (extract) files or folders from. To unzip all the contents of the zipped folder, press and hold (or right-click) the folder, select Extract All, and then follow the instructions. Save them on your desktop

After the files are extracted, double-click the mbar.cmd file. If you are unsure which file this is, try double-clicking both files named mbar - only one of them will run.
 
Update the Database, then click on Next, then on Scan.

  • Let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Copy/paste the content of that log in your next reply;

 

2.

Please run FRST again as you did before and post the new FRST.txt

 

Things to include in your next reply::

MBAR log

Frst.txt

How is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 26 April 2017 - 10:01 PM

Heres the MBAR text

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
mhinson1442 :: DESKTOP-JN0U91M [administrator]
 
4/26/2017 9:31:31 PM
mbar-log-2017-04-26 (21-31-31).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 349363
Time elapsed: 58 minute(s), 40 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [0637a29b6517ab8bdfeef5ff897a8080]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [6fce6bd2106c2a0cdb0b6094ca39639d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [4fee53ea5d1f8ea826e0bc3b748f26da]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [c479fc412e4e2d09b716ab495fa43dc3]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [af8eec51bcc039fda1456f859c671ae6]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [16270c31e39984b2bb4b12e5d72c6997]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#5 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 26 April 2017 - 10:31 PM

Heres the FRST files after the scan

 

Preciate the help

 

Trying to download a .exe file its still saying the requested resource is in use

Attached Files


Edited by eklypised, 26 April 2017 - 10:57 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:46 PM

Posted 28 April 2017 - 07:40 AM

Please run MBAR again. make sure to follow the directions for running MBAR in my first post. Please post the new MBAR log.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 28 April 2017 - 01:04 PM

Should I run it in safe mode?

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:46 PM

Posted 01 May 2017 - 07:22 AM

No, run it in regular mode.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 01 May 2017 - 03:44 PM

It keeps freezing when running mbar. I've deleted it and downloaded it again. Ima gonna try it again in a few.

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:46 PM

Posted 01 May 2017 - 03:48 PM

Mbar may take awhile to run. It may seem to be froze but let it run for awhile.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 01 May 2017 - 06:29 PM

It didnt detect anything but its still not opening up .exe files. Im gonna run a few more things and see if it works if not guess ill just do a factory reset.

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 10 x64 NTFS
Internet Explorer 11.1066.14393.0
mhinson1442 :: DESKTOP-JN0U91M [administrator]
 
5/1/2017 6:12:37 PM
mbar-log-2017-05-01 (18-12-37).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 343151
Time elapsed: 48 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#12 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 01 May 2017 - 09:40 PM

Im running mbar again it's already found malware so I'll post the results when it's done

Edited by eklypised, 01 May 2017 - 10:08 PM.


#13 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 01 May 2017 - 10:04 PM

The mbar scan will detect up into the 700s then go into not responding ...posted the picture below

Well the pic won't upload on my phone...but the program itself goes into not responding...not sure what to do anymore except factory reset

Edited by eklypised, 01 May 2017 - 10:08 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:46 PM

Posted 03 May 2017 - 01:52 PM

Try running MBAR in Safemode? See if it makes a difference.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 eklypised

eklypised
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina
  • Local time:06:46 PM

Posted 03 May 2017 - 10:10 PM

Will this fix work for windows 10?

https://support.microsoft.com/en-us/help/2688326/can-t-open-.exe-files-in-windows-7-or-windows-vista




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users