Hupigon

Hi, one day my PC just froze up and I had to restart it. I ran a spybot: search and destroy scan, I wasn’t really suspiscous as I was downloading and transferring large amounts of files to various drives at the time it crashed.
Anyway, I finished scanning and Spybot had found 2 Hupigon registry changes, I got rid of them successfully.
I’ve run an avast quick and standard scan and haven’t found anything so far. I’m now running a thorough scan.
Does avast find the Hupigon virus, and if so, can it remove it?

Or have I already removed it and am just being paranoid, but I doubt the hupigon virus is just registry changes…

avast detects 778 variants of the Hupigon trojan. However if this was only in the registry then avast is unlikely to find that only if the infected file were present.

Allow spybot S&D to clean the registry if you haven’t already.

Right, so do you think my PC is infected or not?

Sorry for being so dense, I just need to be 100% sure.

The registry keys could just be remnants of an infection.

Do those registry keys point to files on your HDD, what are the file names and location/s ?
If so then check if they exist, again if they do do a right click scan of the file/s.

If nothing in the files, you can get further confirmation at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them let us know the results plus. Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning.
Select for scanning archives.
Boot.
See the report file at: \Data\Report folder.

Hmm…
I get this:
http://img247.imageshack.us/img247/6461/hkey9pe.png

It doesn’t seem to point to any files, unless it does :S

I’m going to schedule a boot scan, and if it comes up clean, I think my PC is clean…

Edit: Ok, I scheduled a boot scan and it soon found a file infected by VBS:Malware [Gen]

Path: C:\documents and settings\Tom\application data\sun\java\deployment\cache\javapi\v1.0\loaderadv661.jar-897c2ff-35147e3f.Dummy.class

I deleted it and it’s still scanning, is this hupigon?

I don’t think this is hupignon but any java related malware detection is usually an indication that it is being exploited and possibly out of date.

Ensure you have the latest version of JRE because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove.

Then get the latest update from here http://www.java.com/en/download/index.jsp

If thats all it found, I think my PC is clean. Thanks you guys :smiley:

But please, if you think that there’s any reason why it wouldn’t be, then tell me.
If you want any more information, just ask, I need to be 100% sure my PC is ok.

It will be good if you download, install, update and run other trojan remover tools: a-squared, Free AVG Antispyware or SUPERantispyware (trojan removers). Some users recommend Spyware Terminator.

Sometimes, it’s useful to use the immunization of Windows Advanced Care features of spyware/adware cleaning and removal.

Other than the multi-application approach to security I think your done, with one of the anti-spyware programs mentioned avg-as, etc. it will compliment avast.

Awesome, so many programmes though, which ones would you recommend?

I use AVG anti-spyware, I find the interface good and it works well with avast.

I tried both the SUPERantispyware and Spyware Terminator and I just didn’t like them at all, they lasted less than a fortnight before they were uninstalled. I haven’t tried a-squared and that for the most part is because I prefer Ewido (bought out by Grisoft) now called AVG anti-spyware.

I suggest, in this order:

AVG Antispyware
a-squared
SUPERantispyware
Windows Advanced Care
Spyware Terminator