Winudpmgr.exe Problem

[Guest]

[JonnyDark]

Hi all,
First to say I'm new here so sorry if I put this in the wrong location or if it's already been discussed somewhere but searching winudpmgr.exe over the forum turned up nothing.

But just thought I'd join and see if anyone else has had an encounter with this bit of malware? I installed a driver package on my system (while CIS was active) and noticed this executable tried gaining some system priveleges from windows that I was none too happy with.

I brought up CIS UI afterwards and noticed around 200 intrusion attempts had been blocked and the number was rising very rapidly. So I checked them out and noticed it was something called Winudpmgr.exe going through my ports one-by-one (all of which had been blocked luckily by my earlier skepticism) and attempting to set up an external connection to an unknown IP address on the net every 8 seconds.

So I ended its process, did a search on this little file name and turned up zero on google, Spybot S&D, COMODO and MalwareBytes all dont recognize it as malware and cant detect it and the path that the process in the task manager and COMODOS intrusion attempt log identified as C:\Windows\winudpmgr.exe just isn't there, as a normal or hidden file.

Luckily the intrusion attempts are stopped by COMODO and the process can be terminated using task manager but it starts automatically right after a system startup (nothing in the startup menu of windows defender or services btw).

So the main question is, has anybody had a run-in with this before and if so, how do I kill it?

Thanks for any and all help offered.

[EricJH]

The file name is at least bit suspect to me. It looks like a windows update file but it is not something I immediately recognise.

Please try the following:
Check the properties of the file and see if it is an officially signed file made by Microsoft.
Upload it to the the following sites and let us know what they tell:
www.virustotal.com
http://camas.comodo.com/cgi-bin/submit (Comodo Instant Malware Analysis).

[kail]

Google searches & ThreatExpert suggest that this is potentially something nasty.

[JamesFrance]

This one seems to be well known at Bleeping Computer, see here:
http://www.bleepingcomputer.com/startups/winudpmgr.exe-23094.html

Edit: Malwarebytes should be able to remove this, it has done so before, so make sure your program is updated and the database is also up to date, then run a quick scan with it again.

[JonnyDark]

Hi all, thanks for the reply,
I managed to get it off with Malwarebytes after a manual update (forgot the the free edition doesn't auto update  )

EricJH - You're right, it wasn't the file, Winudpmgr is for Windows update manager (I'm such a dunce) but the reason I couldn't check the file properties was because it doesn't appear in the Windows directory even with hidden files set to show, so sorry, couldn't get any info on it.

Kail - I remember when I googled and looked at the ThreatExpert definition it did say it was nasty, but it was referring to winupdmgr, so I got confused, especially when winudpmgr turned up zilch anywhere on google or ThreatExpert - even that winudpmgr was a system file (though after some system monitoring i realized it was the vista update manager)

JamesFrance - thanks for reminding me about updating MalwareBytes, it identified it as a Backdoor.bot that had hijacked windows update.

So thanks for your help you guys, if I hadn't had your replies to kick some common sense in to me I'd probably still be threatening my laptop with the hammer lol

[Tags:]