Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
General Category
»
Malware removal help
»
ntuserlitelist,SVCVMX Found but not removed after reboot
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: ntuserlitelist,SVCVMX Found but not removed after reboot (Read 21234 times)
0 Members and 3 Guests are viewing this topic.
June 19, 2017, 05:32:20 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
ntuserlitelist,SVCVMX Found but not removed after reboot
«
on:
June 19, 2017, 05:32:20 PM »
Rogue Killer has been able to detect Adw.Yelloader, ntuserlitelist, dataup, and svcvmx but upon reboot they are all still there and svcvmx continues to clone itself and eat up my memory, any advice?
Edit : Added RogueKiller JSON report.
«
Last Edit: June 19, 2017, 05:42:33 PM by Curson
»
Logged
Reply #1
June 19, 2017, 05:41:36 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #1 on:
June 19, 2017, 05:41:36 PM »
Hi Louis,
Welcome to Adlice.com Forum and thanks for supporting our product.
Please download
Farbar Recovery Scan Tool (x64)
and save it to your Desktop.
Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click
Yes
to disclaimer.
Press
Scan
button.
It will produce a log called
FRST.txt
in the same directory the tool is run from.
Please attach log back here.
The first time the tool is run it generates another log (
Addition.txt
- also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.
Regards.
Logged
Reply #2
June 20, 2017, 12:55:11 AM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #2 on:
June 20, 2017, 12:55:11 AM »
FRST & Addition
Logged
Reply #3
June 20, 2017, 01:00:04 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #3 on:
June 20, 2017, 01:00:04 PM »
Hi Louis,
Please uninstall TeamViewer if you haven't installed it.
Download attached
fixlist.txt
file and save it to the Desktop.
NOTE.
It's important that both files,
FRST
and
fixlist.txt
are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run
FRST
and press the
Fix
button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply. A file using the Date_Time.zip notation should have been created, please attach it as well.
How is your computer running ?
Regards.
Logged
Reply #4
June 21, 2017, 06:01:19 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #4 on:
June 21, 2017, 06:01:19 PM »
Computer seems to be running fine i don't see any of the programs running found in the ntuserlitelist folder (Dataup,svcvmx,retool,winscr), But the ntuserlitelist folder is still there (AppData\Local\ntuserlitelist).
Logged
Reply #5
June 21, 2017, 06:31:40 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #5 on:
June 21, 2017, 06:31:40 PM »
Hi Louis,
The infection is not completely gone.
Download attached
fixlist.txt
file and save it to the Desktop.
NOTE.
It's important that both files,
FRST
and
fixlist.txt
are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run
FRST
and press the
Fix
button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Regards.
Logged
Reply #6
July 01, 2017, 12:46:40 AM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #6 on:
July 01, 2017, 12:46:40 AM »
Here is the Fixlog
Logged
Reply #7
July 02, 2017, 09:50:02 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #7 on:
July 02, 2017, 09:50:02 AM »
Hi Louis,
It's still here. We are going to use another method.
Please restart your system in
Safe Mode with Networking
.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Regards.
Logged
Reply #8
July 03, 2017, 05:19:40 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #8 on:
July 03, 2017, 05:19:40 PM »
Fixlog
Logged
Reply #9
July 03, 2017, 05:40:13 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #9 on:
July 03, 2017, 05:40:13 PM »
Hi Louis,
It was a long time since I saw such resistant malware.
Could you please generate new FRST.txt and Addition.txt reports ?
Regards.
Logged
Reply #10
July 03, 2017, 07:50:18 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #10 on:
July 03, 2017, 07:50:18 PM »
Here is the new Addition and FRST.
Thanks
Logged
Reply #11
July 03, 2017, 08:47:25 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #11 on:
July 03, 2017, 08:47:25 PM »
Hi Louis,
Let's give Safe Mode another try.
Please restart your system in
Safe Mode with Networking
.
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !
Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Regards.
Logged
Reply #12
July 03, 2017, 09:15:30 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #12 on:
July 03, 2017, 09:15:30 PM »
New Fixlog
Logged
Reply #13
July 03, 2017, 09:34:02 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #13 on:
July 03, 2017, 09:34:02 PM »
Hi Louis,
It seems that FRST is unable to set proper permissions on some files / registry keys.
I must speak to the developper of the tool before proceding any further.
Please download
TDSSKiller
and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on
Change parameters
.
Check
Loaded Modules
and
Detect TDLFS file system
.
If you are asked to reboot because an "Extended Monitoring Driver is required" please click
Reboot now
.
Click
Start Scan
and allow the scan process to run.
If threats are detected select
Skip
for all of them unless I instruct you otherwise.
Click
Continue
Click
Reboot computer
Please attach the contents of
TDSSKiller.[Version]_[Date]_[Time]_log.txt
found in your root directory (typically C:\) in your next reply.
Regards.
«
Last Edit: July 03, 2017, 09:35:44 PM by Curson
»
Logged
Reply #14
July 03, 2017, 09:57:24 PM
Louis Lata
Newbie
Offline
15
Reputation:
0
Re: ntuserlitelist,SVCVMX Found but not removed after reboot
«
Reply #14 on:
July 03, 2017, 09:57:24 PM »
Everytime i click it i get a error says, Resource is in use
Logged
Print
Pages: [
1
]
2
« previous
next »
Adlice forum
»
General Category
»
Malware removal help
»
ntuserlitelist,SVCVMX Found but not removed after reboot