@ dkmarshall - hope this issue is sorted in the near future
By what you say, you are particular in making sure backup image is good. And yet the detection, almost certainly FP, pops up again..
the reading which accompanies - Win32:Hupigon-ONX [Trj] - is a misnomer in yr case, and most likely refers to malware variant common to backup services. and thats pretty much it, from what I gather, nothing spectacular, but a real nuisance I bet.
if its any consolation, at least you not beset with the real hupigon, which can be real nasty
this from McAfee on the worm character, one of hupigon variant, and this one associated with backup services
- but is not the same event that is the detection on yr computer
http://vil.nai.com/vil/content/v_142042.htmCharacteristics -
This worm that attempts to spread via removable drives.
Upon execution, the Worm copies itself into the following locations:
%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\msbackup.exe
%ProgramFiles%\_msbackup.exe
%SystemDrive%\msbackup.exe
And drops the following file:
%SystemDrive%\AutoRun.inf
The file "AutoRun.inf" is pointing to the malware binary executable. When the removable or networked drive is accessed from a machine supporting the Autorun feature, the malware is launched automatically.
The malware then launches an Internet Explorer process and injects malicious code into to it. Next, the malware may register itself as a service named "Backup_Info"
The following registry keys have been added to the system.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Backup_Info
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Backup_Info\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Backup_Info
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Backup_Info\Security
When executed the malware binary creates the following service:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Backup_Info\]
ImagePath = " %ProgramFiles%\Common Files\Microsoft Shared\MSINFO\msbackup.exe"
DisplayName = "Backup_Info"
ObjectName = "LocalSystem"
Description = "Backup System Info"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Backup_Info\]
ImagePath ="%ProgramFiles%\Common Files\Microsoft Shared\MSINFO\msbackup.exe"
DisplayName = "Backup_Info"
ObjectName ="LocalSystem"
Description = "Backup System Info"
[Where %SystemDrive% = the drives were Windows is installed(C: will be the default in most of the computers), %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files]
And here follows the standard hupigon with its trademark self delete / hijack startup / carry packers
http://www.bitdefender.com/VIRUS-1000330-en--Backdoor.Hupigon.htmlAgain, in this case not the same event as you have on yr computer.
In yr case avast scan is trying to categorize the reading of a query that has arisen in the run of the scan.