Messages

1

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 04, 2017, 01:39:57 AM »

Will do, Curson.  I was able to run that other task manager program and didn't see anything out of the ordinary.  Also had Windows Defender run an offline scan and nothing was picked up.  When I try to open task manager, I can see in the other program that it is attempting to essentially open two processes at the same time.  Currently also running a McAfee Stinger scan on my system, since I read a couple places that it works fairly well for similar situations.  Also going to try and run TDSSKiller to see if it picks it up.

2

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 03, 2017, 10:54:56 PM »

Awesome, that one generated the file.  I've put the link to the zip with the log and the dump below.  I also attached the log file separately to this post.

https://drive.google.com/file/d/0B3IsTeqJsfsjcnM2N0VVLXljTFk/view?usp=sharing

3

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 03, 2017, 09:14:02 PM »

I followed your instructions, however the dump file is not being created.  I opened the log file that appeared on my desktop and all it says is:

"Waiting for process named taskmgr.exe...

[15:08:28] Multiple processes match the specified name."

It almost sounds like there's multiple task managers attempting to run.  Looking it up, it seems as if the malware has a taskmgr.exe program in it that's masquerading as the real thing.  Should I attempt to boot into safe mode and see if anything works then?

4

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 03, 2017, 08:37:38 PM »

I've attached the log file, but I am still unable to open the Task Manager.  The window opens in its small, less-detailed view, then immediately closes.  Also, I do use Team Viewer a fair bit, I've been replying on here, etc. while I'm at work using the app on my phone to control my desktop.

5

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 03, 2017, 01:15:22 PM »

Sorry for the late reply, I had MBAM run a full scan on both of my hard drives and it took 10+ hours (it did not detect anything).  I've attached all of the logs to this post.  Thank you!

6

Malware removal help / Re: Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 02, 2017, 05:39:14 PM »

Thanks for the reply, Curson!  I ran the build of MBAR in the post and did the cleanup/reboot.  I reran the scan after the reboot and it didn't detect anything (which is a little bit better considering that when I'd rebooted after running MBAR previously the scans would still pick up the same thing).  I've attached the before and after logs.  Another good bit of news is that I did a fresh install of MBAM and it actually ran (full scan is going on at the moment).  However, I am still unable to open the Task Manager, which seems to be indicative of there being a bit of the infection still hanging around.

7

Malware removal help / Unable to remove vmxclient, ntuserlite, etc., even after scan and cleanup

« on: August 01, 2017, 12:11:05 AM »

I know it has been posted a few times before, but I was wondering if it would be possible to get some help/advice regarding the ntuserlite/vmxclient/Yelloader malware.  My computer is infected and I have run Rogue Killer, but when I check the cleanup logs, it gives an error[5] result, which I've read means that the access to the file is denied.  I am at a bit of a loss as to what my next steps should be so that I can get rid of this once and for all.  I am unable to boot into Safe Mode, unable to open the Task Manager, unable to run Malwarebytes, unable to run TDSSkiller, etc.  I'm very scared that I am going to have to format my hard drive and attempt to reinstall Windows 10.  I have attached my log file for reference.  Thank you very much in advance!

EDIT: Added JSON version of log

Call to undefined function each()