Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something preventing me from running MBAR or doing a factory reset


  • This topic is locked This topic is locked
3 replies to this topic

#1 wxarmstrong

wxarmstrong

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 12 February 2018 - 02:31 PM

Hi,

I've been noticing some new issues with slowdown and CPU usage, and finally started getting a random "The requested resource is in use" message periodically popping up by itself. So I looked that up and got results suggesting that it was a rootkit infection. I downloaded the antirootkit application from MalwareBytes but even when I run it in safe mode I get another "The requested resource is in use" if I try to run it. I even tried to just do a factory reset but it seems to be blocking me from doing that as well. When I try to do it through Windows settings the computer just hangs when I click the "Get Started" button, and when I tried to do it by resetting and pushing F8 on startup I got a message stating "There was a problem resetting your PC" no matter what settings I choose. 

 

These are my logs from FRST64:

 

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 AM

Posted 12 February 2018 - 03:37 PM

Hii and welcome.
 
The computer seem to be infected with a version of the SmartService Rootkit. This is a very difficult Rootkit to remove.
 
You will need a non infected secondary system to download FRST64 in a USB drive (Pen Drive), boot the infected computer in the Recovery Environment and run FRST64 at the command prompt. What it is most important is the the USB drive should not be inserted in the infected computer, but until you have reached the command prompt in the Recovery Environment. Here are the instructions.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. In your case is FRST64.exe.

Boot in the Recovery Environment

  • You are running Windows 10
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
     
  • Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, plug your USB Flash Drive in the infected computer.
  • Type notepad at the prompt and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe64 and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for it to complete
  • A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

 

If you successfully run FRST64 in the Recovery Enironment, boot the computer in Normal Mode and follow these steps:

 

favicon-32x32.png Please download Malwarebytes to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".
  • The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

02-malwarebytes-premium-scan-methods.jpg


  • After a scan has been executed, scan results are displayed.
  • Put a checkmark on all detected and click on "Quarantine Selected"
  • Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.

 

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 AM

Posted 15 February 2018 - 05:30 PM

Are you still with us?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:08 AM

Posted 18 February 2018 - 09:45 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users