Trojan Hupigon-EA detected

Hi everyone,

i need some help over here. My avast home edition just detected a trojan Hupigon-EA in one of my temp internet folder and a 0.exe in my windows/system32 folder. I deleted both files, but the trojan keeps coming back at every reboot. Any solutions to clear away the trojan once and for all? Thanks.

:slight_smile: Hi :

 Tell us the NAME of your Operating System ; if it is
 Win XP, is it SP1 OR SP2 ?

Ah sorry for the lack of information… :smiley:

My O/S is WinXP sp2.

Hi hupi,

Here’s the info: http://www.sophos.com/virusinfo/analyses/trojhupigonbs.html

polonus

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode, Ewido anti-spyware

Permission is required to place files in the system folders and create registry keys, etc.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Thanks for the info, but from what i read, apparently there are a lot of strains of Hupigon out there, and my strain is not listed in the above-mentioned website.

Thanks for all the info as well, i will have to try out ewido first and pray hard that it will get rid of the trojan horse.

The DropMyRights stuff looks good, will look more indepth into it, thanks again.

Just some updates,

i tried using Trojanhunter to scan my pc, and it sniffed out 2 files found to contain the Hupigon. One is the exe file inside the temp internet files folder, the other one is netcfgw.dll inside windows/system32. The interesting thing is, it missed out the 0.exe inside the windows/system32, which was previously detected by avast.

So i googled on this netcfgw.dll and i found that it also comes with a netcfgn.exe inside the same directory. I deleted both netcfgw.dll and netcfgn.exe in safe mode, but somehow or other, they manage to ressurrect themselves again >:(

As you can see, there is not a perfect software ;D 8)

If a virus is replicant (coming and coming again), you should:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, ewido or Spyware Terminator (trojan removers).

Other option is scanning in SafeMode (repeatedly press F8 while booting): http://support.microsoft.com/default.aspx?scid=kb;en-us;315222

Tech, thanks for your help. The ewido software is a real life saver! ;D

I agree with you ~~
ewido is a nice anti-Trojan ,anti-spyware soft~
I have two anti-virus in my computer
one is Avast!,and the other is ewido