Feels so stupid to ask about this again but don´t know what to else do.
I had this maleware some time ago and only way to get rid of it was to format harddrive and reinstall Windows. All ok but now it´s back. At least if the Avast scanner is right.
So I installled Windows and all my softwares from the start. I scanned drives with Avast, HitmanPro, Malwarebyte´s Anti-Malware & Junkware Removal. All clear, no viruses or trojans found. Because all looked good I made backup from C-drive with Drive Image 2002. But when I scanned the image-files with Avast, it says that all files (*.pqi) are infected with Hupigon (other scanners didn´t found anything alarming).
I removed backup folder and scanned all drives again with those four programs => no viruses, trojans. Made new image-files and same thing again, Avast found Hupigon. This time only half of the files were infected. Removed image files again, scanners didn´t find anything.
My question is, how easily this kind of mallwares spread. Because I have another backup folder on that same partion:
\Image1\ c-drive with only windows
\Image2\ c-drive with windows+software (the one that keeps infecting)
…both folders contains *.pqi files but Avast founds infections only from the newer files (Image2). Files in Image1-folder are all clear.
False alarm? I mean, where could the mallware hide after deleting the new image-files. And why it doesn´t infect the files in folder Image1… Right??
[*]Step #1 Scan with Zemana Anti-malware
Download and install Zemana anti-malware from here.
[*]Double-click to run the software;
[*]Click on the gear-icon on the top right portion to navigate to Settings.
[list][*]Click on Scan > put a tick on Create System Restore
[*]Click on Advanced > put a tick on Check for Suspicious Root Certificates
[*]Click the home icon on top left and click on Scan
[*]After scan finishes click on the report tab on the top right corner;
[*]Choose the latest report by clicking on it and click on Open Report afterward.
[*]Copy and Paste the contents of the report in your next reply.
[/list]
[*]Step #2 Fix with AdwCleaner
[*]Download AdwCleaner by Xplode to your Desktop from the following link.
[list][]Download Link #1
[]Download Link #2
[*]Right-click on AdwCleaner.exe and choose Run as administrator;
[*]Click on Option and put a tick mark on everything;
[*]Click on Scan and let the program run unhindered;
[*]When done, click on Clean and allow the system to reboot after it is done;
[*]A log will be opened automatically after the restart. If not, it is located in C:\AdwCleaner\AdwCleaner[CX].txt, where X is replaced with a number;
[*][Attach this log in your reply.[/list]
[*]Step #3 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
[*]Download esetsmartinstaller_enu.exe by clicking here.
[*]Right-click on the program and choose Run as administrator.
[*]Accept their terms and condition and proceed.
[*]Install Add-On/Active X if prompted.
[*]From the Computer Scan Setting check the following box –
[list][*]Enable detection for potentially unwanted programs
[*]Click on Advanced Setting –
[*]Uncheck the box beside Remove Found Threats;
[*]Check the box beside Scan archives
[*]Check the box beside Scan for potentially unsafe applications
[*]Check the box beside Enable Anti-Stealth Technology
[*]Click on Start and wait for the virus signature database to update.
[*]The online scan will begin automatically and can take several hours. Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
[*]After the Scan finishes –
[*]If no threats were found:
[list][*]Put a checkmark in Uninstall application on close.
[*]Close the program and report that nothing was found
[*]If threats were found:
[*]Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
[*]Attach the log file in your next reply.[/list][/list] Note: Enable your security programs afterwards.
I am not expert but all seems to work as it shoud. Windows starts quickly, internet connects fine, no “pauses” while using softwares. Just as it shoud after you install everything again from the start (I recovered Windows from clean image-file and then I been installing programs I need most). The idea was to create clean backup from drive-c in case of problems. But the Avast keeps telling that the some of the newly created image-files (*pqi, 1giga each) is infected…
Just realised, I forgot to mention one thing. Avast mention those infections only when I open Explorer and select that image-file folder for scanning. Avast won´t mention anything about hupigon while I use computer (surfing, editing, stuff like that).
Dynamic file scanning is what avast does when you use your system and avast is running. If you open a file or run a program (process) avast looks at that file or process to ensure it is not infected
If infected, avast will block/stop that file or process
Your files in your infected folders are inert and not active until you open them; i.e. you run Explorer to view or avast Explorer scan—only then does avast look at these files and not before
Detections made by avast on your infected files cannot happen until you tell avast to look at them, which is what happens every time you do that
So, if I try to start infected exe-file Avast stops me. But what about these backup-files… the program that opens them (Drive Image 2002) is not infected (as far as I know) and when I double click the backup-file open, Avast don´t do nothing. Should it let me open that file if its infected?
…sorry if I talk nonsense. My computer skill are what the are and understanding (technical) english could be better. I think I know how these virussoftwares basicly works. Then again, I don´t think I understand them at all.
