Solved

Viruses and worms
1

i scan the infected file with malware bytes,super anti spyware,spybot search and destroy,
all of them found nothing. Anyways i’ve moved the file to avast chest,not sure why got infected…

The websites i usually visits are mangafox.com,onemanga.com,animecrazy.net,yahoo.com,crunchyroll.com
They’re all safe,So i’m not sure why got infected and is it an possibly false positive ?

Jotti online malware scan result

File: np268.tmp
Status: INFECTED/MALWARE
MD5: c873f9cae08a37c385a71e538b3971ed
Packers detected: -
Scanner results
Scan taken on 08 Dec 2008 17:04:14 (GMT)

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
*Avast Found Win32:Hupigon-MED
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
*G DATA Found Win32:Hupigon-MED
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

2

It may well be an FP.

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

Is that Jotti you uploaded to ?
If so virustotal has more scanners (37 last count) and uses windows versions of scanners so may include more unpackers if the file happens to be an archive. GData uses avast as one of its two scanners so effectively only one detection in your list.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

If it is indeed a false positive, possible, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

3

Sign of “Win32:Hupigon-MED [trj]” has been found in “C:\DOCUME~1\Owner\LOCALS~1\Temp\np268.tmp” file.

VirusTotal result

AhnLab-V3 2008.12.6.0 2008.12.06 -
AntiVir 7.9.0.42 2008.12.08 -
Authentium 5.1.0.4 2008.12.08 -
*Avast 4.8.1281.0 2008.12.08 Win32:Hupigon-MED
AVG 8.0.0.199 2008.12.07 -
BitDefender 7.2 2008.12.07 -
CAT-QuickHeal 10.00 2008.12.08 -
ClamAV 0.94.1 2008.12.07 -
Comodo 708 2008.12.08 -
DrWeb 4.44.0.09170 2008.12.07 -
eSafe 7.0.17.0 2008.12.08 -
eTrust-Vet 31.6.6246 2008.12.05 -
Ewido 4.0 2008.12.07 -
F-Prot 4.4.4.56 2008.12.04 -
F-Secure 8.0.14332.0 2008.12.08 -
Fortinet 3.117.0.0 2008.12.07 -
*GData 19 2008.12.07 Win32:Hupigon-MED
Ikarus T3.1.1.45.0 2008.12.08 -
K7AntiVirus 7.10.548 2008.12.08 -
Kaspersky 7.0.0.125 2008.12.07 -
McAfee 5456 2008.12.06 -
McAfee+Artemis 5456 2008.12.06 -
Microsoft 1.4205 2008.12.08 -
NOD32 3670 2008.12.08 -
Norman 5.80.02 2008.12.05 -
Panda 9.0.0.4 2008.12.07 -
PCTools 4.4.2.0 2008.12.08 -
Prevx1 V2 2008.12.08 -
Rising 21.07.02.00 2008.12.08 -
SecureWeb-Gateway 6.7.6 2008.12.08 -
Sophos 4.36.0 2008.12.07 -
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.07 -
TheHacker 6.3.1.2.179 2008.12.06 -
TrendMicro 8.700.0.1004 2008.12.08 -
VBA32 3.12.8.10 2008.12.07 -
ViRobot 2008.12.6.1504 2008.12.06 -
VirusBuster 4.5.11.0 2008.12.08 -

Additional information

File size: 578560 bytes
MD5…: c873f9cae08a37c385a71e538b3971ed
SHA1…: 54a06a3f4319b61d16e2a955316f7f3f251cd53f
SHA256: 54a5deb731b36b2885dcd6053a48f69d04c643f5cea59d46c2e2422ea1d506b0
SHA512: 225fd812299f8a4aaaea31a48a213807a45bfa07d5516de8da1a0a00e416a671
663cea40e412072d8e7c90af1053fedb0dc73b15d566e069def1fd0892d95b97
ssdeep: 12288:B/rmSbNWxIY7mORds7U3Gzv1qYQm9BfAWclzGmZd2o+9TOJ5cE:ZmmNlYy
OCU2QYP9B4WckmZEgKE
PEiD…: -
TrID…: File type identification
MP3 audio (ID3 v1.x tag) (71.4%)
MP3 audio (28.5%)
PEInfo: -

4

Hi newbie7!
Since avast detects it i a temorary directory, you can just clean the *temp files without any harm

5

Thanks,cleaned the files. But how about the detected file in avast chest?
If delete the detected file in chest,is it just delete by right clicking or extract
to somewhere (to desktop etc) and use file shredder (Spybot) to delete it permanently?

6

You should still submit it for further analysis as a possible false positive.

There is no rush to delete anything from the chest, a protected area where it can do no harm. In fact by leaving it in the chest you can periodically scan it to see if the detection has been corrected.

Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

When that time comes, deletion is the option you should choose (nothing else need be done) and not extract, that is just used to make a copy in a temporary location of your choice.

7

Thanks David and Avatar for all the helpful informations :wink:

8

Welcome to the forums, newbie7. :slight_smile:

Please come back often, learn more, and maybe help others.

9

No problem, glad I could help.

Welcome to the forums.