Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Requested resource is in use" rootkit on computer


  • This topic is locked This topic is locked
6 replies to this topic

#1 numburs

numburs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 28 April 2017 - 02:47 PM

After removing some other malware that I got from a bogus download, I restart my computer to a pop up that says my antivirus (Avira Free Version) and Windows Security are both disabled. Whenever I try to start them, or any other antivirus program, I get a pop up that says "Requested resource is in use." I searched this up on my laptop (what I'm using while my infected desktop is unplugged) and tried solutions from other threads. I downloaded Rkiller, Chameleon, and Malwarebytes Anti-rootkit onto a flash drive and tried to use them on my desktop in minimal safe mode but I still got the same pop up. It seems like the rootkit only affects antivirus software but I still don't want to risk connecting to the internet longer than necessary so my desktop has been off ever since. I'm on Windows 10 and my desktop is custom built.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:22 PM

Posted 28 April 2017 - 03:21 PM

Welcome :)

 

 

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 numburs

numburs
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 29 April 2017 - 12:41 AM

When I tried to run MBAR.exe I still get the "Requested resource is in use" error. And when I try to run the Farbar tool the loading wheel appears for a split second but nothing else happens.

 

 

Downloading a new copy. Would that help?


Edited by JSntgRvr, 29 April 2017 - 02:54 PM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:22 PM

Posted 29 April 2017 - 02:35 PM

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as Runme.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Once saved, right click on the Runme.bat file and select Run as an Administrator.


 

ECHO OFF

BCDEDIT /ENUM ALL >"%Userprofile%\Desktop\BCDReport.txt"

DEL %0

 

 

A report will be created on your desktop. Please post its contents to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:22 PM

Posted 29 April 2017 - 02:56 PM

When I tried to run MBAR.exe I still get the "Requested resource is in use" error. And when I try to run the Farbar tool the loading wheel appears for a split second but nothing else happens.

 
Downloading a new copy. Would that help?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:22 PM

Posted 02 May 2017 - 12:01 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:22 PM

Posted 05 May 2017 - 07:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users