VERY URGENT.System infected with umdmgr.exe.PLEASE HELP!!!

[Amitava83]

My XP(SP2)has been infected with umdmgr.exe.Windows 7 is fine.
XP hangs within seconds after logging in and around 300 processes start in the background...I have to force restart the system then.
I'm writing this post from Windows 7.

Please suggest a solution immediately guys...plzzz

[kalniel]

Disinfect the computer using your anti-virus program?

[Amitava83]

Disinfect the computer using your anti-virus program?

Obviously my Antivirus (AVG 9)is not working!!!I tried that!

[pollaxe]

Download Malwarebyte's AntiMalware on your Windows 7 PC.
Copy it to a USB drive you don't care about/have anything useful on.
Safe mode on XP.
Run MBAM install from USB key on infected machine.
^Something like that is what I'd probably try....

[kalniel]

AVG have a ready made boot CD/USB you can use as well now:
http://www.avg.com/ww-en/avg-rescue-cd

[Amitava83]

Download Malwarebyte's AntiMalware on your Windows 7 PC.
Copy it to a USB drive you don't care about/have anything useful on.
Safe mode on XP.
Run MBAM install from USB key on infected machine.
^Something like that is what I'd probably try....

Hi,

Do you mean to say that I copy the installer only to the USB drive and install it from there on my infected Windows XP??Please could you clarify??

[pollaxe]

Yes, that's what I'd try as MBAM is an executable and needs to be installed. So copy the mbam.exe from your Win 7 PC and try to install it on the affected XP PC from the USB key.

Not sure if that's possible in your situation, though..

[watercooled]

For such a badly infected machine I'd recommend reformatting really but if that's not an option then I'd go with what kalniel said and use an AV recovery CD like that AVG one or there's a few others listed in this post. Clean up what you can with that which should hopefully make the system usable then run malwarebytes which is usually very good for cleaning infected systems. It wouldn't hurt to run ESET's online scanner too as their detection engine is very good. After that maybe you should consider using something other than AVG as your antivirus if it let your system get that bad. ESET and Kaspersky are about the best paid options.

[Amitava83]

For such a badly infected machine I'd recommend reformatting really but if that's not an option then I'd go with what kalniel said and use an AV recovery CD like that AVG one or there's a few others listed in this post. Clean up what you can with that which should hopefully make the system usable then run malwarebytes which is usually very good for cleaning infected systems. It wouldn't hurt to run ESET's online scanner too as their detection engine is very good. After that maybe you should consider using something other than AVG as your antivirus if it let your system get that bad. ESET and Kaspersky are about the best paid options.

I tried installing Malwarebytres's AntiMalware in XP.But the trojan is not even allowing me to do that.I'm going crazy!I installed it on Windows 7 and ran and it detected 31 infections on my XP partition.Even after cleaning them(from Win 7),XP is having the same problems.

Is AVG boot CD the only option left now??

[pollaxe]

The boot cd may be your only option if you can't get the pc stable enough to work with - give it a try, it should help you..

I've had some success with MBAM without having to resort to rescue disks but it's mostly been with Vista machines. Some Trojans are actively aware of MBAM so another thing to try is renaming the executable to something completely different before installing like 1234.exe - sounds stupid, I know, but it's worked on a couple of machines I had to disinfect in the past...

[vti_786]

wouldn't it be easier to just recover everything from the drive and install a fresh copy of XP

[CrazyMonkey]

Download a copy of hijackthis (http://free.antivirus.com/hijackthis/)

Run it, and click "Scan and save a log file" or something along those lines.

When the scan has finished and notepad pops up with the logfile, copy it's contents and post it here - ill analyse it for you and then we can move from there.

A format is a pretty hefty decision, and rushing it due to malware can often lead to mistakes.

Running Malwarebytes AntiMalware is also a good idea (as suggested) try just installing normally in windows and scanning, see if it detects anything. If it does, attempt to remove it, if it doesnt remove it successfully, repeat the scan in safe mode (tap F8 on booting the system) and post the contents of any log files that Malwarebytes AntiMalware produces.

99.99% of malware can successfully and effectively be removed from a computer.

EDIT - seeing as you are unable to get into windows without it hanging, try all the above steps straight from safemode. The hijackthis log is the vital part in me being able to help you.
Also does AVG offer any name for the infection? Knowing what classification of malware it is will greatly help in it's removal.

Also check the directories -

C:\Documents and Settings\Administrator\Local Settings\Temp\umdmgr.ini
C:\WINDOWS\system32\umdmgr.exe
C:\sand-box\13a04f20a93c84b6bd1f3b77e3ef68e4.exe

Do these directories contain the above files? If so you can attempt to delete these from outside the XP partition (ie, in windows 7) i expect it will have some registry keys associated with it for startup runtime. Im not sure if you can browse and edit the registry from outside of the partition as of yet, but pending your reply i will look into it.


Feel free to pm me too as im working on two seperate machines atm.

[Kumagoro]

could try combofix

[lazer]

Have you tried going into safe mode, installing malwarebytes there and then running it?

Or, take out hard drive and connect to another PC and scan it that way?

[Amitava83]

Download a copy of hijackthis (http://free.antivirus.com/hijackthis/)

Run it, and click "Scan and save a log file" or something along those lines.

When the scan has finished and notepad pops up with the logfile, copy it's contents and post it here - ill analyse it for you and then we can move from there.

A format is a pretty hefty decision, and rushing it due to malware can often lead to mistakes.

Running Malwarebytes AntiMalware is also a good idea (as suggested) try just installing normally in windows and scanning, see if it detects anything. If it does, attempt to remove it, if it doesnt remove it successfully, repeat the scan in safe mode (tap F8 on booting the system) and post the contents of any log files that Malwarebytes AntiMalware produces.

99.99% of malware can successfully and effectively be removed from a computer.

EDIT - seeing as you are unable to get into windows without it hanging, try all the above steps straight from safemode. The hijackthis log is the vital part in me being able to help you.
Also does AVG offer any name for the infection? Knowing what classification of malware it is will greatly help in it's removal.

Also check the directories -

C:\Documents and Settings\Administrator\Local Settings\Temp\umdmgr.ini
C:\WINDOWS\system32\umdmgr.exe
C:\sand-box\13a04f20a93c84b6bd1f3b77e3ef68e4.exe

Do these directories contain the above files? If so you can attempt to delete these from outside the XP partition (ie, in windows 7) i expect it will have some registry keys associated with it for startup runtime. Im not sure if you can browse and edit the registry from outside of the partition as of yet, but pending your reply i will look into it.


Feel free to pm me too as im working on two seperate machines atm.

First of all,thanks a lot!
Secondly,I cannot login into XP Safe Mode(XP and Win 7 in dual boot..Safe Mode option not coming for XP).
Do you want me to run Hijack This from Windows 7??

[Amitava83]

Trojan Horse Crypt.txj
Virus Worm/Downadup
Virus Win32/Polipos

These are coming on Resident Shield Alert of AVG on Win 7..All are in 'D' Partition(ie XP ).AVG is unable to remove them or Move to Vault.