Cannot Remove Virus from Windows 7 - XP Virtual Disk

My Problem:

From the Windows 7 Professional desktop:
I have detected a trojan virus named “Win32:Hupigon-ONX” contained within my XP Virtual Hard Disk archive file.

The file is located at:
C:\Users\ken\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines
Windows XP Mode.vhd

I can detect the virus by running Avast within Windows 7 desktop, but I cannot remove it.
I have tried other virus removal tools such as Spybot and Microsoft Defender without success.

From the Windows Virtual XP desktop:
I have yet to detect the virus running within the Virtual XP desktop.
I have tried doing a full disk scan using Avast, Spybot, and Microsoft Defender without any detection of the virus. Whereby, I cannot remove the virus.

My Platform:

OS:
Microsoft Windows 7 Professional, 64bit.
Virtual XP desktop installed.

Virus protection:
In Windows 7 Pro, 64bit: I’m running Avast build 4.8.1368, virus update version: 100324-1
In Virtual XP: I’m running Avast build 5.0.418, virus update version: 100324-1

DETAILS

Avast detected Win32:Hupigon about 3 months after the XP mode was installed.

I’ve updated the virus packages multiple times with different versions in the past few weeks, but the Hupigon virus is always detected on the Windows 7 desktop in file:
C:\Users\ken\AppData\Local\Microsoft\Windows Virtual PC\Virtual Machines
Windows XP Mode.vhd

When running Avast on Windows 7 desktop…

I get a Warning Popup reading:
When I click “Move to chest” I get a warning message “File to large to move.”
I also fear to click “Delete” since this may corrupt my virtual hard disk for XP mode.

When running Avast on Virtual XP desktop…
The virus remains undetected when running Avast on the Virtual XP desktop.
Thus far, I have run Avast, Spybot, MS Defender, and Malware Bytes Anti-Malware on the Virtual XP desktop without any detection of the Hupigon virus.

QUESTIONS

  1. What should I do to detect and remove this virus from my system?

  2. Is there some way for me to determine the location of the virus within the virtual hard disk .vhd file – so that I can better focus my virus removal tools?

Any assistance that you provide is much appreciated.

Ken Huebner
Software Engineer


This may be one for essexboy and hopefully he can help you soon.


You aren’t alone - I’m having the same problem! Except that I’m running VMWare Fusion and Windows XP, I’ve had almost exactly the same experience and have done all the steps that you have.

Over 48 hours ago I sent an “Urgent” support ticket on this.

No acknowledgment, no reply. I’m REALLY not impressed with Avast at the moment, and just sent another addendum to my ticket to let them know that I’m very unhappy.

I’m hoping that this is a false positive for both of us … and that Avast gets it’s act together soon.

I’m a website designer who has been unwilling to access my websites for the past four days until this issue is resolved.

  1. have you tried a bootscan with avast and see if you can send it to the chest where it can not do any harm. if that wont work try delete it.

http://www.schmahl.net/avastbootscan.php for v5

http://www.techiecorner.com/166/avast-how-to-schedule-boot-time-scan-before-window-start/ for v 4.8

if the first option does not work move on to my second suggestion.

  1. I suggest you give malwarebytes and/or superantispyware a shot.

http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/

good luck and write back on your progress, or if you getting more troubles.
also welcome to the forum from me aswell:)

Send it to Avast as a false positive, as that is part of the XP emulator in windows 7