VERY URGENT.System infected with umdmgr.exe.PLEASE HELP!!!

[Amitava83]

In HijackThis, go to "Misc Tools" - it has an option to delete files after a reboot. Do it on those two files and see how it goes.

If SammEl already did these two (or similar) things before, then there's probably something else hidden in the background.

I'll be doing this today and update you guys.....
Thanks

[Amitava83]

Hi guys,

My Internet problem is still not fixed.When I run Winsock XP and configure my LAN,it works fine...But the moment I restart XP,the settings somehow get corrupt and all I get is "Destination Host Unreachable" when I ping my DNS(172.16.0.1)....When I run WinSock XP,it gets fixed!!

Please help me out.

[CrazyMonkey]

Please fix entries

Code:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: PrTgressep - Unknown owner - C:\WINDOWS\system32\srvany.exe

Then browse to C:\WINDOWS\system32\srvany.exe and delete that file.

C:\WINDOWS\system32\drivers\CDAC11BA.EXE appears to be associated with anti-piracy software, however i'd run it through jotti and remove pending the results of the analysis.

Post a new hijackthis log when done. You're looking as clean as previous.
As for the internet issue im a little clueless at the moment, i have no idea why you have to rebuild you winsock api on each restart, my only instinct is that something is corrupting it each time. But i'll dig deeper.

It may be beneficial to restart the computer (Do not run winsockfix) go to Start>Run>Cmd type ipconfig /all and copy the contents here..

After try

netsh int ip reset reset.log
netsh winsock reset catalog

Reboot and see if the changes continue to take effect.

Failing that this link has some interesting information and steps http://networking.nitecruzr.net/2005...-layer-in.html

I'd try running through the steps they outline.

Also remove all programs that you do not use, have no purpose or are simply junk. Try and get your installation as clean as possible, remove most things that are not essential this also limits the amount of items that could be interfering. Oh and another note, be careful when downloading torrents and 'not quite legal' files, be very cautious when running cracks/keygens these are some of the best ways to spread malware. I'd advise employing something like 'sandboxie' to test such files before properly running them.

And why is everyone going against each other here? We are helping a guy solve a problem, if someone suggests something first, don't unsuggest and make it more diffucult for the guy.

Scanning two Malware scans at the same time is fine, one might pick up another - And if both find the same infections, whatever one you fix it with first will solve it, the second one will simply think it's fixed it as it no longer exists.

I believe this statement is a little exaggerated i have had pretty much most the input on this thread and smargh's input has been valid, correct and appreciated and at no point have i 'gone against him'.

As for your second assertion if you cant understand why running two simultaneously is a bad idea i do not think you should be helping others remove malware. There can be many complications from running multiple software at the same time, and the risk simply does not outweigh the time 'saved'.

I do not wish to enter into an argument, however rest assured that i have extensive knowledge in this field that reaches far past home user infections. My field is malware, both removing, analysing and creating it.

Cheers.

[SammEl]

as for your second assertion if you cant understand why running two simultaneously is a bad idea i do not think you should be helping others remove malware. There can be many complications from running multiple software at the same time, and the risk simply does not outweigh the time 'saved'

[peterb]

Okk guys here is the latest update.

After a marathon 5 hour session with Sammy on TeamViewer,it looks as if now my system is finally rid of all evil things.

I have absolutely no words to say thanks to him.....!!!

snip--->

Sounds like a good bit of work by all concerned, including Sammel's marathon 5 hour session! Good to see some here!

<---snip

And no one is having an arguement, it's called a discussion.

QFT - and its the discussion that is helping solve the problrem

[Amitava83]

[QUOTE=CrazyMonkey;1913345]Please fix entries

Code:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: PrTgressep - Unknown owner - C:\WINDOWS\system32\srvany.exe

When i selected the first file for fixing in HijackThis,it gave me the following warning:

Hijack This is about to remove a BDO and the corresponding file from your system.Close all Internet Explorer Windows
and all Windows Explorer windows before continuing for the best chance of success.

Should I continue??

[SammEl]

Yep continue - Select both and remove

[CrazyMonkey]

Please, explain in great detail why this is a problem, because in 10 years of dealing with infected computers myself, and spending many many hours helping others on professional Malware forums (and hearing input from Head Members on Malware forums who have 40,000 posts ) - I have not heard of a problem regarding scanning with a virus scanner and a malware scanner in this time. I have also not heard of anyone having a problem in my experience when scanning with two malware scanners, that's not to say there isn't, but I have not seen it first hand, or seen a post where someone has complained on this matter. There are certian scanners that will not work with each other, but the ones I use work flawlessly.

If this is the case, all my computers I have at home, old and new, for the last 10 years, should be screwed up. I've never had to format a PC of my own, even when they had .wmf and extreme cases of fake virus software which need at least 2 hours sorting out.

One mistake I did do, was not checking the HiJackThis log file, I did scan, but I forgot to look at the results when cleaning out his PC a few days ago - I was not the one suggesting to remove a .exe file that is needed to run a program on his machine.

The first point I made, it was way too hectic in here, and if I was a normal PC user, I would of had no idea what to do with all the input being thrown in.

In regards to the Internet Connection issue, I told Amitava83 to ask you to deal with it as I have limited experience with it in that subject.

And no one is having an arguement, it's called a discussion.

I spent a year as a malware remover on trojanantivirus.. And on most malware removal websites i have visited, members who are not part of the malware removal team are not allowed to post removal instructions unless they have consent of the expert on hand.

I understand what you had him do, scans which i was under the pretense had already been ran. However and i do not want to insult your experience or intellect on this matter but scanning with a few pieces of software isnt in my mind real 'know-how'. However i appreciate your input in this matter.

As for the internet issue i've drawn blank here.. I'll have a look when he gets back to me, we could manually rebuild his winsock and tcp stack but i think someone would have to do this remotely as it's quite a task.

I have work now, so i'll check back later.

Cheers.

[SammEl]

I understand what you had him do, scans which i was under the pretense had already been ran. However and i do not want to insult your experience or intellect on this matter but scanning with a few pieces of software isnt in my mind real 'know-how'. However i appreciate your input in this matter.

It takes a lot less than 5 hours to do a few scans CrazyMonkey, it was quite a bit more than a few scans, ask him yourself.

If I am wrong regarding the multiple software scan, then state and make me look like an idiot, but I've been doing this for a long time, it isn't rocket science, registry cleaning is not rocket science either, which is why registry advice forums exist that help people clean their registry without any knowhow what so ever. My family used to own a PC building store, I was in there at a young age, try and fix something where the users had physically installed the malware, and I think this was the case of Amitava83, it was not an infection, it was installed directly onto his computer from his own hand without him knowing (I know most Malware infections are, but it was a fake program kind of thing etc).

Lets just say something was downloaded off of backofalorry.com and it wasn't what he thought it was.

[SammEl]

Can I just add, you try and work on an infected PC that is bogged down with infections, then imagine controlling it with 56k speeds, that is an achievement to anyone, even the all mighty Bill Gates.

[CrazyMonkey]

It takes a lot less than 5 hours to do a few scans CrazyMonkey, it was quite a bit more than a few scans, ask him yourself.

If I am wrong regarding the multiple software scan, then state and make me look like an idiot, but I've been doing this for a long time, it isn't rocket science, registry cleaning is not rocket science either, which is why registry advice forums exist that help people clean their registry without any knowhow what so ever. My family used to own a PC building store, I was in there at a young age, try and fix something where the users had physically installed the malware, and I think this was the case of Amitava83, it was not an infection, it was installed directly onto his computer from his own hand without him knowing (I know most Malware infections are, but it was a fake program kind of thing etc).

Lets just say something was downloaded off of backofalorry.com and it wasn't what he thought it was.

I did ask him myself. And anyway, a scan is a variable time that can extend theoretically to infinity, it all depends on the amount of files required to scan. 4-5 scans on the amount of files he has easily totals 5 hours.

Understanding the registry is a little more difficult than you make out, but since it's not 'rocket science' how about you rebuild his winsock entries?

Also most infections are installed by users who run things unknown to themselves so i dont know what you are on about here. Most infections are usually from backdoored files (ie - when file a (a legit file) is binded with file b (malware) to create file c (which displays file a but silent installs file b). If instead you are referring to smitfraud infections they arent difficult.

Can I just add, you try and work on an infected PC that is bogged down with infections, then imagine controlling it with 56k speeds, that is an achievement to anyone, even the all mighty Bill Gates.

Again i really dont know what your on about or the point you are trying to make, to me you seem to be babbling nonsense. I dont need to make you look an idiot, i know what i specialise in and its enough for me to know you are talking utter dribble. I work on infected machines everyday, in fact i purposely infect machines.

Anyway enough on this matter, wait until Amitava replies.

[Disturbedguy]

Tbh, it doesn't matter who know's what or does what in which way, all that matters is that people are helping to resolve this users issues, so please less of the one up manship and work together to fix Amitava's issues.

Otherwise, it will be come another "someone v SammeL" thread.

[SammEl]

You should become a MP, never answer a question, brilliant!!

[Disturbedguy]

For gods sake, stop with the petty bickering. Instead of putting all your effort into arguing with each other, which is what its turning into, put your heads together and actually fix the users problem.

[SammEl]

For gods sake, stop with the petty bickering. Instead of putting all your effort into arguing with each other, which is what its turning into, put your heads together and actually fix the users problem.

I have asked Monkey to tell me his way of fixing this problem

[CrazyMonkey]

For the sake of ending this argument i am not going to continue.

I have already stated what the problem is, and its fixable as he manages to fix it everytime he reboots. The problem is why it is reverting every time he restarts, i gave him some steps a few posts back and have not heard the results and subsequently i am not giving more 'fixes' until he has tried the last.

If Sammel wants to try the steps they are there and have been for a relatively long period of time.

Unfortunately there does not seem to be a 'click and scan' method of resolving his problem.... lol.