Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The requested resource is in use


  • This topic is locked This topic is locked
20 replies to this topic

#1 BluExSanctuM

BluExSanctuM

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 22 August 2017 - 01:07 PM

Hey guys! I'm pretty new to this. I've recently attracted a virus that continuously shows a "Requested resource is in use" error when trying to open certain programs; mostly .exe files. I'm seeing that many people are having the same issue but I can't seem gain any traction when using their methods of removing this virus. I've tried to run as many anti-malware and anti-rootkit program as I could but the results are generally the same; Error message would pop up blocking the program or the program would run but wouldn't fix the issue. I'm not sure what else to do. I would definitely appreciate some guidance.


Edited by hamluis, 22 August 2017 - 02:19 PM.
Moved from MRL to Am I Infected, back per Aura - Hamluis.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 02:53 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 03:06 PM

Hello! Thanks for taking the time to help me deal with this.

 

I went ahead and ran the recovery tool. I obtained the files and attached them.

Attached Files



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 03:27 PM

  • Please download Malwarebytes Anti-Rootkit and save the file to your Desktop.
  • Right-Click MBAR.exe and select AVOiBNU.jpgRun as administrator to run the installer.
  • Select your Desktop as the location to extract the contents and click OK. The programme should open upon completion.
  • Click Next, followed by Update. Upon update completion, click Next.
  • Ensure Drivers, Sectors & System are checked and click Scan.
  • Note: Do not use your computer during the scan.
  • Upon completion:
    • If no infection is found, close the MBAR window.
    • If an infection is found, ensure Create Restore Point is checked and click Cleanup. Reboot when prompted.
  • Two logs (mbar-log.txt and system-log.txt) will be created. Copy the contents of both logs and paste in your next reply. Both logs can be found in the MBAR folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 05:48 PM

Alright so I've tried to do as the instructions say but I can't seem to get the rootkit to work. I extract the files, the program opens, I do the update but then I'm met with "dda driver not installed". I follow the directions the program gives and reboot to install the driver. When my computer reboots the only thing I get is a blank cmd prompt and the toolkit program. I go ahead and attempt to run through the program again but when I hit scan I get "DDA Driver is not active". What's your take on this? 



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 05:57 PM

  • Highlight the entire content of the quote box below.

Start::  
HKLM-x32\...\Run: [] => [X]
FirewallRules: [{5E054A39-9443-4B4F-8507-118749853E19}] => (Allow) LPort=12292
FirewallRules: [{D058D198-5EED-4A2D-9C1B-3A8BF4B9AE79}] => (Allow) LPort=1688
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {084BF23A-3CCC-40BD-919F-4436A149FC0E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {35041B0F-ACD3-474E-913E-4E166B08D0FE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {36BAA07A-7F55-4661-B975-EF84106D7D9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {408E3061-529C-491F-A2F2-A485097C5A70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A04BED18-33CA-4C82-A388-403B4B41BAC4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A7A45593-DF6C-43A3-B273-385827AAD858} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9378D21-5A40-488D-B299-59EC3095AA66} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BC700A0C-CDBC-4D4B-B868-B98041896AE7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BCA60594-4ECA-4032-A121-64264B13AFB0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D7CE23A1-F24C-4BC8-A58C-9EC4489A2F9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F23472F1-DCA5-41AE-9FB8-ECCB825E51A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FDF8E524-5F4B-4408-962D-D048B926F99F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} =>  -> No File
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} =>  -> No File
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} =>  -> No File
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =>  -> No File
Task: {084BF23A-3CCC-40BD-919F-4436A149FC0E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {35041B0F-ACD3-474E-913E-4E166B08D0FE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {36BAA07A-7F55-4661-B975-EF84106D7D9F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {408E3061-529C-491F-A2F2-A485097C5A70} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A04BED18-33CA-4C82-A388-403B4B41BAC4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A7A45593-DF6C-43A3-B273-385827AAD858} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B9378D21-5A40-488D-B299-59EC3095AA66} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BC700A0C-CDBC-4D4B-B868-B98041896AE7} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {BCA60594-4ECA-4032-A121-64264B13AFB0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D7CE23A1-F24C-4BC8-A58C-9EC4489A2F9B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F23472F1-DCA5-41AE-9FB8-ECCB825E51A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FDF8E524-5F4B-4408-962D-D048B926F99F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
2017-08-17 12:08 - 2017-08-17 13:48 - 000000000 ____D C:\Users\BluE\AppData\Local\ntuserlitelist
2015-04-27 01:27 - 2015-04-27 01:27 - 000000786 _____ () C:\Users\BluE\AppData\Local\Temp-log.txt
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process what you copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 06:55 PM

I was able to obtain the fixlog but was stopped at the junkware removal tool step. I tried to run the program and the "the requested resource is in use" popped up. FRST64 had me reboot the computer after the fix step. Since it wasn't on your list, I just wanted to let you know encase that may have altered something. Same problem occurs when I try to run the adware tool.


Edited by BluExSanctuM, 23 August 2017 - 07:01 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 08:00 PM

Did FRST produce a Fixlog.txt? If it did, it should be in the same location FRST was ran from. Please post its contents.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 08:02 PM

Yup sorry about that.

Attached Files


Edited by BluExSanctuM, 23 August 2017 - 08:02 PM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 08:11 PM

Please open FRST. Make sure there is a checkmark next to Addition.txt and Scan. Post a new set of logs, FRST.txt and addition.txt.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 09:08 PM

Alright done

Attached Files



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 23 August 2017 - 09:38 PM

  • Highlight the entire content of the quote box below.

Start::
2017-08-17 13:30 - 2017-08-17 13:30 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\huryvu.sys
2017-08-17 12:25 - 2017-08-17 12:25 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\jitolwxw.sys
2017-08-17 12:00 - 2017-08-17 12:00 - 002793472 ____N C:\WINDOWS\system32\mscneqt.exe
S4 ajnd; C:\WINDOWS\System32\drivers\huryvu.sys [79064 2017-08-17] (Malwarebytes)
S4 hgwybvb; C:\WINDOWS\System32\drivers\jitolwxw.sys [79064 2017-08-17] (Malwarebytes)
Folder: C:\WINDOWS\system32\Drivers
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.


Give MBAR another try and let me know.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 23 August 2017 - 11:17 PM

I gave MBAR another try but still getting the same DDA Driver scenario. I also have the new fixlog.

Attached Files



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:36 AM

Posted 24 August 2017 - 10:11 AM

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

rdphrdvo.sys;msidntfs.sys

It then should look like:

Search: rdphrdvo.sys;msidntfs.sys

Click Search Registry button and post the log (Search.txt) it makes on the USB drive in your next reply.

.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 BluExSanctuM

BluExSanctuM
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:36 AM

Posted 24 August 2017 - 10:50 AM

I did what you instructed but nothing was made on my USB drive. I've been running this program on my desktop and it made the search text file.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users