Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit ntuserlitelist


  • This topic is locked This topic is locked
2 replies to this topic

#1 Eighthook37

Eighthook37

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 12 July 2017 - 04:29 AM

over the course of a few weeks, I have been noticing that none of my anti-malware programs have been launching, I always get the error "Requested resource is in use." and I thought that maybe Zemana Anti-Malware just wasn't working correctly, and then I noticed MalwareBytes, Rkill, HitmanPro, ADWCleaner, and Windows Defender also wouldn't launch (because of my mother using my PC I have a long history with viruses), so I knew something was up. So after several attempts and launches into Safe Mode later, Zemana finally launched and warned me of the Rootkit ntuserlitelist, which it supposedly cleaned after booting my PC, but no luck. I have tried deleting the core folder ntuserlitelist multiple times, through an administrator and basic windows account, both saying they require permission from the other account. I even booted windows into Alternate Shell and tried terminating the program svcvmx, which caused windows to crash and boot into safe mode with networking. None of the about 20 anti-malware and anti-rootkit programs I have tried will even launch, even in safe mode (i tried every safe mode setting.) I can't even reset to a recovery image, as the recovery program is also blocked from launching. I followed a guide that told me to try doing an Offline Scan for windows defender, but it too is blocked. I am completely helpless trying to remove this rootkit, so finally, I figured I would post here to get help. and this is my last effort before just trashing or formatting my Disk and completely starting fresh, which would suck, but I'm willing to do what I have to do.


Edited by Eighthook37, 12 July 2017 - 04:31 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 12 July 2017 - 06:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is a nasty infection.

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.

https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

If you manage to run a scan, delete everything it finds, and then copy/paste the content of the "mbar-log-TODAY'S-DATE.txt" log that is located in the MBAR folder here after.
<<<>>>

Depending on the number of programs and applications installed it may take a many hours to complete.

Let it finish.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 18 July 2017 - 12:16 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users