Win32:Hupigon-ONX [Trj]

[WangMandingo]

And it's absolutely fine for you guys to believe whatever it is that helps you sleep at night. As far as my case, it is indeed an infection. All I need to know is whether or not Avast! 4.8 can be forced to scan the pagefile.sys and hyberfil.sys in a boot time scan. Or does this functionality not exist in 4.8 and we should move our people to 5.0. We can't allow this thing to spread any further. If we don't make an effort to stop it, computer illiterate individuals will never have the understanding to even begin to defend themselves.

[JackOuzzi]

Avast have lost thier way .... I have been a user for years and years, I have this infuriating Win32:Hupigon-ONX problem with WHS 4.8 (which in my opinion will NEVER be updated) Avast 5 is slow and cumbersum ... Support make no sense in any replies (if you get a reply) they send .... I will wait to expire and move elswhere. SADLY 

[WangMandingo]

OK. I may have found a way to get Avast 4.8 to scan the pagefile.sys. Instead of opening avasts main interface you have to open the ON-Access scanner dialog. Select more details the select Standard shield from the list on the left. Once selected click the customize button in the right hand portion of the dialog. When the settings window pops up select the advanced tab. In the bottom portion of the advanced tab should be a list of excluded files. Remove the PageFile reference from the list. I still dont know if this will catch anything but it is a way of removing the exception.

[keglined]

Found this forum via Google, and have been using avast for a couple years.

I just deleted my second backup in two months' time, due to this SAME EXACT ISSUE.  All of these questions/concerns could have come from me.

For instance, neither Malwarebtyes nor Microsoft Security Essentials indicates this multi-Gigabyte backup file is/has a Trojan.  Only when I run a full scan does avast tell me there's a problem, and only with my backups. 

Once done here I shall promptly create another backup - god forbid my hard drive crash and I'm left with nothing due to an avast glitch.

No further convincing required here.  I'm done with avast.

..!..

[RepublicanWolf]

Originally Avast was automatically deleting my backups - how horrible if something had happened to my original PC's and I had no backups. Anyways, I've changed the setting to only report, and every single week Avast lets me know there is Hupigon trojan in my data files, but at least it doesn't delete it anymore.

My subscription ends in July so I'll keep it until then. It's not doing any harm anymore - just reminding me what a crappy product Avast is 

[mkis]

It is a bug for sure. Where backups are being run, differential I assume, or other, it doesn't matter the bug seems evident with various backup products. I dont actually do that (backup schedule), but others on the forum do. I think wait to see that is possible for avast to correct with their update, or if the error needs to be sorted out elsewhere, or their is incompatibility, unoperability, and so  on...

My opinion is avast is reading (maybe raw data) an discepancy/inconsistency and and calling Hupigon because has to do with backup.
Is a near miss. Probably shows a bug. The OP Baz had a battle with it. And not insurmountable.

[willowmaster]

I'm having this problem too with all my VMwares and Virtual PC's. I can't say for sure I don't have this Win32:Hupigon-ONX virus. But maybe it has to do with 32 bits and 64 bits systems. Who has this problem and runs a 64 bits operating system?
I'm running Windows 7 64 bit on a 64 bit machine.

[bobs2]

Hello,

I've read this and another threads about this trojan. Please, give me some explanations since I am not proficient with virtual machines and similar.

Today's scan of my computer (using Avast 4.8 ) showed that 3 out of 10 VMware VMDK files of one virtual machine are infected with Win32:Hupigon-ONX [Trj].
Both, VM and desktop run under XP.

I skipped to delete them because I have important data inside VM. Did I understand well, this means that my VM machine, not desktop computer, is infected? If so, is it safe to work on desktop computer without running VM?

What should I do? Is it safe to run VM and copy files I need to my desktop computer? Files are not executable.
Would running of VM transfer trojan to desktop computer?
I don't know much about the way VMs work.
When I run it internet connection is usually on, because of communication with desktop computer. On my virtual machine I don't browse the internet and it's bit strange to get infected.

I need urgent help! It would take a lot of time to remove this VM and install new one. Unfortunately, I didn't back up it first time I made it. Other thing is that I can't restore current state without some data I have on VM at the moment.


Thanks for replies in advance!

[mkis]

@bobs2

seems almost certain that you another with false positive (FP) reading.

avast calls Hupigon in attempt to categorize the reading of a query concerning backup image (in yr case, VM image)
but I don't know what actual query is or whether issue relates to a single, definable error situation
most times it seems that there is the call that avast makes (hupigon), and no further details.

So it is good practice to ensure that you do actual have FP. And that you do not have a real detection of hupigon.
with the real hupigon, the infection is in some way sent to a host (in yr case, to the VM).
this from f-secure -

Propagation
Hupigon doesn't have any automatic mechanisms to spread itself. It must be sent by its author via e-mail, through a website, or even via Instant Messengers (IM) such as Yahoo, MSN, ICQ, and Skype.

http://www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml

[willowmaster]

After defraging my harddrive I don't have any infections anymore.

[Himself]

 

Hello All,
I also found this thread via Google, and have a problem with detection of this 'problem'. Unfortunately I am no closer to understanding this topic than when I began reading about it last week. Is there a recommended 'official' way of responding o the Avast prompt for action? I tried moving it to the chest, but got an error that says my disc is full. This problem came up after a series of events that began before july 4th. I will post everything that I have found and done since that date, as it may provide some insights for more knowlegable users than I, and then maybe we can figure it out - that is, if this is not yet well understood. I know that I certainly do not understand what is happening, and I desperately need my main system back!

stand by for details;

and thank you in advance for any help you may be able to provide.

Jim

[DavidR]

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

What avast version are you using 4.8 or 5.0 ?

The disk is full message is a bit of a red herring, it is that the size of the chest (which is limited) is either not big enough (unlikely) or more likely the file detected exceeds the maximum size of file to send. Both of these values can be modified in the avast settings, Chest. Though first answer the question as I suspect this is a large file like hyberfil.sys which is mentioned in this topic.

[Jabbo]

I have a dual boot setup with XP 32 on C & Win 7 64 on H
I have the latest Avast Free on both (5.0.594)
Win 7 was a clean build (TechNet download), fully MS patched, with Avast & Comodo Firewall applied ASAP in build process.
If XP loaded & doing a full scan, Avast reports that H:\hiberfil.sys has Threat:Win32:Hupigon-ONX [Trj]
hiberfil.sys is 2.99GB so e-mailing to Avast not practical.
This is not reported if Win 7 loaded & using Avast nor if using SuperAntiSpyware or MalwareBytes from XP

From reading the feedback here, Googling & my own analysis, I am 99% sure that this is a False Positive from Avast.

The commonality seems that scanning a 64 bit partition/VM/backup from another partition/CD Boot throws up the error. Likely due to it not being recognised\excluded when scanning other than the active partition.

I recommend Avast replicate this setup to test & sort this FP.

Apart from this, I am very happy with Avast & have no problems recommending it to others.

[Baz8755]

Did another scan today Win32:Hupigon-ONX is showing up again in my recent Norton Ghost image file.

Surely it's time to sort this out?

[SafeSurf]

I have now successfully got all my ghost images to scan clean.

To solve the problem I uninstalled adaware (lavasoft). I then completely filled the disk with data, scandisked and defragged, deleted the extra data and scandisked and defragged again. I then took ghost images.

This has worked on all 3 machines that showed infections of ghost images.

As I have said before, none of the machines have ever reported the infection and have always scanned clean and the oldest image that had with the infection dated back to December 2009.

So I am still not sure what Avast was finding or where it came from.

This is an old thread.  Please open up a new thread under the Virus and Worms section of this forum and you can cut and paste this url thread http://forum.avast.com/index.php?action=post;quote=491870;topic=57768.30;num_replies=73;sesc=eda6a3e30b62e578ca52f09a026b0cf5 into your new post as a reference.  Thank you.