Hello , Iam a huge fan of avast …but today dodnt know what to do …Im so confused .
I have an external drive and i backup the system image with backup options in windows 7 …
I found this trojan wun32:hupigon-onx.I never found this trojan when i scan my system …I scan 2 times a week and never found that …
I have an external drive with this image and today avast found this…
I also scan this folder (with the trojan) with antimalware software .and nothing found …
Is this a false threat detection ???Please help me with that …I backup my system and i have very serious documents in it .
Hi kokonis,
First go read up here: http://forum.avast.com/index.php?topic=57768.0
You will have to enable an avast boot scan to delete Win32:Hupigon-ONX. Boot scan takes place before the operating system loads into the computer. This means that the infections will not be able to execute at this time. As a result of this, the threats will be inactive while the boot scan is going on. Thus, any types of infections can be deleted with the help of this technique.
Try that first, another last dolution could be a system restore to a point before the infection took place, remember that system restore is a better method than formatting, but first start the boot-time scan…
polonus
what i must to do …I move this trojan to the chest or delete …
I dodnt understand why all the antivirus and antispyware dodnt found this trojan and avast did.
This is my image when i setup a new pc…I didnt have internet …The image file only contains the operating system windows 7 64 bit …without the drivers …This is so weird …or avast faulted
Hi kokonis,
Anyway upload to avast for analysis, also upload to virustotal and give us their scan report. Could be an FP, anyway deleting is the worst option, just putting it in the chest, because there it is safe and can be brought up back again in case of a new av file download that clears the FP (if that should be the case). Do not panic, scan again because avast just came up with a new iAVS update, good luck my friend, all will be well for you,
polonus
THIS image file is some gb …How can i upload …
i scanned with other antiviruses …and nothing …
i have this image backup file in 2 seperate external drives …
Hi kokonis,
No that is no option, but wait there will be someone soon coming to analyze this further and come up with a solution for you. For the moment try this: http://www.eset.eu/download/ezimuse-remover
polonus
i dodnt have the image twice .They have different dates of backup …
Can i shift delete the image backup to delete this annoying trojan ?
This tojan in the image backup can destroy my system without running it ?
Hi kokonis,
Try this manual removal routine first.
Backdoor.Win32.Hupigon manual removal:
Kill processes:
Windows Antivirus Pro.exe ANTI_files.exe dbsinit.exe svchast.exe desot.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Softimer
HKEY_CURRENT_USER\Software\Windows Antivirus Pro
HKEY_CLASSES_ROOT\CLSID{425882B0-B0BF-11CE-B59F-00AA006CB37D}
HKEY_CLASSES_ROOT\CLSID{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{F54AF7DE-6038-4026-8433-CC30E3F17212}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Antivirus Pro
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AntipPro2009_12
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AntipPro2009_12
Unregister malicious DLLs:
msvcm80.dll msvcp80.dll msvcr80.dll dddesot.dll
Delete files:
Desktop\\Windows Antivirus Pro.lnk ANTI_files.exe msvcm80.dll msvcp80.dll msvcr80.dll Windows Antivirus Pro.exe dbsinit.exe wispex.html i1.gif i2.gif i3.gif j1.gif j2.gif j3.gif jj1.gif jj2.gif jj3.gif l1.gif l2.gif l3.gif pix.gif t1.gif t2.gif up1.gif up2.gif w1.gif w11.gif w2.gif w3.gif w3.jpg wt1.gif wt2.gif wt3.gif ppp3.dat ppp4.dat svchast.exe bennuar.old dddesot.dll desot.exe sysnet.dat
polonus
Hi kokonis,
The issue could be with avast if you use virtualization software, that has issues with Avast.
Here is one of the disscussions:
http://communities.vmware.com/message/1500404#1500404
polonus
why i must delete those registry stuff. ITS so easy to delete the windows image backup …I dodnt wand if it contains virus …
look at the photo …2 different image files from different dates .
http://i243.photobucket.com/albums/ff1/fuzzjo/avirascan.jpg
http://social.technet.microsoft.com/Forums/en-US/w7itprovirt/thread/8c04e447-33ca-4456-983b-d4e44a80d5ae
I don’t think the antivirus program can scan inside VHD files.
iam sure that this is an avast bug …Because i scanned only the .vhd file …This file is 23gb and avast scanned only the 7 gb …Is this a bug ?
Maybe its time to remove from avast …i read that this is a bug of avast …in a lot of forums
I don’t think there is much I can add much here, as I know nothing about the program creating the images.
If the origin of the data is reported as clean (I always scan before creation of drive image back-ups) then in theory the image backup file should be clear; but these highly compressed files might well throw up some strange data strings which may match a signature.
I also don’t know what the scan type is Quick, Full System Scan or a Custom, more thorough scan including archives, etc. which this file is ?
So I don’t know if this file would be one that avast can unpack (very slow also) or if it scans the raw data of the file, resulting in the strange alert.
Me I exclude my drive image file types (*.v2i) from on-demand scans.
Hi kokonis,
David’s last advice might be a good advice for you as well to exclude this file from the avast scan…
polonus
You say to me that this is a bug of the antivirus and the result is wrong …You want me to exclude my drive image?
the ext. of the image files is .vhd
I think you can safely exclude vhd files from the scanning.
At least, if you do not share folders between guest/host, it’s safe to do that as far I know.
is this a bug of avast …Cans you answer to me please ?
Technically it’s not a bug (problem in the program).
It could be a false detection. But it’s difficult to check as the virtual drive is too big to be uploaded to, for instance, www.virustotal.com
Did you install avast in the virtual guest OS?
No No …this is an image back up (operating system) with the build in tool into the windows 7 …
So, is the original OS clean? How did you build that image?
This is a imageback with the operating system and some programs i had …I think is 20gb .I backed up in case of a virus …
The avast never find this trojan in my pc …It is so weird …to find this only in the image backup file
It’s not strange. Most probably a false positive. Hope they correct it soon.