Author Topic: [Resolved] Win32:Hupigon-ONX  (Read 9433 times)

0 Members and 1 Guest are viewing this topic.

b-ray

  • Guest
[Resolved] Win32:Hupigon-ONX
« on: November 22, 2010, 04:57:09 PM »
Windows XP SP3
Acronis
320G internal drive 1T external drive
Using Acronis I do backups to the external drive (G:)
If I do a system scan from the Avast control panel everything shows clean.
If I right click on C drive and do a scan everything shows clean.
If I right click on G drive or my backup folder or any of my system backups it says the system backups have a virus called Win32:Hupigon-ONX

If I run malwarebytes it finds nothing.
If I run microsoft malicious software removal tool it finds nothing.
If I run Dr. Web it finds nothing.

The backup of My Documents shows clean it is only the system backups that show they have a virus.

My son recently purchased a used laptop and ask if I could do a clean install on it.
I did a system backup of the laptop to my external hard drive.
Did a clean install on the laptop.
Did another system backup of the laptop to my external hard drive.
Both of those system backups made of the laptop show clean.

Using OTR as explained here http://forum.avast.com/index.php?topic=53253.0 I did a quick scan with the commands listed pasted in the custom scan box.

Here is the OTR.txt file:

OTL logfile created on: 11/22/2010 8:53:27 AM - Run 3
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Brian Raymond\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 290.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 198.75 Gb Free Space | 66.68% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 344.18 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
 
Computer Name: DADELL | User Name: Brian Raymond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/11/21 14:22:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Raymond\Desktop\OTL.exe
PRC - [2010/10/17 16:42:40 | 000,404,200 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/10/17 16:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/28 15:17:02 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/05/26 12:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 12:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/03/27 15:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 15:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/03/27 15:06:16 | 005,107,232 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/29 23:47:06 | 000,069,632 | ---- | M] () -- C:\Program Files\PestPatrol\CookiePatrol.exe
PRC - [2003/04/19 07:53:08 | 000,148,480 | ---- | M] () -- C:\Program Files\PestPatrol\PPMemCheck.exe
PRC - [2003/03/26 19:41:10 | 000,053,248 | ---- | M] () -- C:\Program Files\PestPatrol\PPControl.exe
PRC - [2001/11/18 14:00:16 | 000,196,608 | ---- | M] (The Webshots Corporation) -- C:\Program Files\Webshots\WebshotsTray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/11/21 14:22:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Raymond\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/26 00:08:00 | 001,507,328 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/12/26 00:08:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/17 16:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/05/28 15:17:02 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/05/26 12:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/03/27 15:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/01/15 12:20:00 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
« Last Edit: December 03, 2010, 03:47:04 AM by b-ray »

b-ray

  • Guest
Re: Win32:Hupigon-ONX
« Reply #1 on: November 22, 2010, 05:00:46 PM »
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
DRV - File not found [File_System | Unknown | Running] --  -- (DwProt)
DRV - [2010/10/24 22:30:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/10/24 22:30:18 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/10/24 22:30:15 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/10/17 16:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/09/16 06:09:44 | 000,027,432 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2010/09/14 07:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/09/07 08:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 08:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 08:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 08:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 08:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 08:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/28 15:17:07 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/05/28 15:16:55 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/05/28 15:16:54 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/05/28 15:16:34 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/02/09 20:08:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/26 00:08:00 | 006,301,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/25 08:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/04/13 20:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-73586283-113007714-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-113007714-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.rodeobiblecamp.net/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: icffirebug@robertnyman.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/26 13:58:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/26 15:19:17 | 000,000,000 | ---D | M]
 
[2009/08/15 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Extensions
[2009/08/15 20:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Extensions\MediaCoder
[2009/08/15 19:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/10/26 15:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions
[2010/10/26 14:00:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/26 15:32:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/06/27 09:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\firebug@software.joehewitt.com
[2010/02/01 01:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\firecookie@janodvarko.cz
[2009/12/04 14:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\icffirebug@robertnyman.com
[2010/02/06 16:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Mozilla\Firefox\Profiles\frnubjo6.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2010/10/26 15:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 14:36:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/19 18:00:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 14:14:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

b-ray

  • Guest
Re: Win32:Hupigon-ONX
« Reply #2 on: November 22, 2010, 05:01:31 PM »
O1 HOSTS File: ([2009/09/22 02:39:56 | 000,000,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1   MAILBOX.FILTER.PROGRAM   # Added by Mailbox Filter
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CookiePatrol] C:\Program Files\PestPatrol\CookiePatrol.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe ()
O4 - HKLM..\Run: [PPMemCheck] C:\Program Files\PestPatrol\PPMemCheck.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-73586283-113007714-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-73586283-113007714-839522115-1003..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-73586283-113007714-839522115-1003..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\Brian Raymond\Start Menu\Programs\Startup\Seagate Product Registration.lnk = C:\Documents and Settings\Brian Raymond\Application Data\Leadertech\PowerRegister\Seagate Product Registration.exe (Leader Technologies/Seagate)
O4 - Startup: C:\Documents and Settings\Brian Raymond\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe (The Webshots Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-113007714-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231964772171 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\WebshotsForBrian Raymond.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WebshotsForBrian Raymond.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 14:42:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/14 22:53:50 | 000,000,027 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/21 14:22:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brian Raymond\Desktop\OTL.exe
[2010/11/01 12:33:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Brian Raymond\Recent
[2010/10/31 20:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Raymond\Application Data\Leadertech
[2010/10/26 15:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/10/26 15:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/10/26 14:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/10/24 23:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Raymond\Application Data\Malwarebytes
[2010/10/24 23:32:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/24 23:32:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/24 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/24 23:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/23 21:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brian Raymond\Desktop\New Folder
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

b-ray

  • Guest
Re: Win32:Hupigon-ONX
« Reply #3 on: November 22, 2010, 05:01:57 PM »
========== Files - Modified Within 30 Days ==========
 
[2010/11/22 08:47:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-113007714-839522115-1003UA.job
[2010/11/22 00:00:58 | 002,073,654 | ---- | M] () -- C:\WINDOWS\WebshotsForBrian Raymond.bmp
[2010/11/21 15:47:06 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-113007714-839522115-1003Core.job
[2010/11/21 14:22:26 | 000,003,562 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/11/21 14:22:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brian Raymond\Desktop\OTL.exe
[2010/11/20 17:38:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/20 17:37:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/20 17:36:16 | 000,001,202 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2010/11/20 17:36:00 | 000,492,944 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/20 17:36:00 | 000,083,466 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/20 17:34:52 | 000,206,824 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/20 17:28:05 | 000,011,598 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\My Documents\Database1.kdbx
[2010/11/20 16:06:44 | 017,068,032 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\My Documents\My Money.mny
[2010/11/16 17:53:59 | 000,122,468 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\Desktop\(your-6bvpxyztoq).html
[2010/11/15 14:18:57 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/13 11:37:05 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\Start Menu\Programs\Startup\Webshots.lnk
[2010/11/13 11:37:05 | 000,000,091 | ---- | M] () -- C:\WINDOWS\webshots.ini
[2010/10/24 10:56:45 | 000,002,685 | ---- | M] () -- C:\Documents and Settings\Brian Raymond\My Documents\ax_files.xml
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/11/16 17:53:58 | 000,122,468 | ---- | C] () -- C:\Documents and Settings\Brian Raymond\Desktop\(your-6bvpxyztoq).html
[2010/11/08 13:48:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brian Raymond\SDMPath.txt
[2010/10/31 20:04:28 | 000,001,202 | ---- | C] () -- C:\Documents and Settings\Brian Raymond\Start Menu\Programs\Startup\Seagate Product Registration.lnk
[2010/10/04 20:43:45 | 000,228,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/17 10:21:44 | 000,000,347 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/04/13 15:59:54 | 000,000,048 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2010/04/10 12:44:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/04/10 12:35:25 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/04/10 12:35:24 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/02/08 12:49:37 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/09/25 13:38:43 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/01 14:01:07 | 000,099,328 | ---- | C] () -- C:\WINDOWS\System32\See32.dll
[2009/04/18 23:42:36 | 000,003,562 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/01/17 11:01:25 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Brian Raymond\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/14 09:21:28 | 000,000,091 | ---- | C] () -- C:\WINDOWS\webshots.ini
[2009/01/13 08:26:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/26 00:08:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/26 00:08:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/26 00:08:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/26 00:08:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2005/06/11 11:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
 
========== LOP Check ==========
 
[2010/11/01 01:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/10 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/10 12:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/02/08 12:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2009/01/24 15:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/31 20:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Acronis
[2010/09/09 11:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Actual Search & Replace
[2010/06/16 16:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Advanced Find and Replace 5
[2010/02/22 03:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Alien Skin
[2009/08/15 20:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Broad Intelligence
[2009/01/19 02:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\ColorCop
[2009/08/09 22:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\DC++
[2010/11/22 00:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Dropbox
[2010/11/07 12:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\FileZilla
[2010/11/22 08:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\KeePass
[2010/10/31 20:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Leadertech
[2009/06/18 11:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\MPEG Streamclip
[2009/09/19 16:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Notepad++
[2010/09/11 14:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\OpenOffice.org
[2010/04/10 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\pdf995
[2009/02/16 12:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\Shareaza
[2010/09/09 11:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\uTorrent
[2010/10/17 23:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brian Raymond\Application Data\W Photo Studio Viewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %systemroot%\*. /mp /s >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Brian Raymond\My Documents\Shareaza Downloads:Shareaza.GUID

< End of report >

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Hupigon-ONX
« Reply #4 on: November 22, 2010, 08:43:18 PM »
Quote
My son recently purchased a used laptop and ask if I could do a clean install on it.
I did a system backup of the laptop to my external hard drive.
The backups may be the result of an infection on the original system.  The log shows clean as far as I can see.  Do you need the backups ?  Could you do a fresh image of the system and see if the virus is detected on that 

b-ray

  • Guest
Re: Win32:Hupigon-ONX
« Reply #5 on: November 22, 2010, 10:22:58 PM »
It shows the same results on every system backup I have done from Feb to date.  I just did a backup less than a week ago with the same results.  It only shows there is a virus when I right click and then choose scan.

I had decided it was a FP when I first noticed after doing a lot of research and scans but when I did two system backups of the laptop and they both show clean it got me to wondering as to why they show clean and my system backups show a virus.

I will do another system backup and post my results.

Thanks for your help

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Hupigon-ONX
« Reply #6 on: November 22, 2010, 10:25:02 PM »
Are they a full image backup or just specific files ?

b-ray

  • Guest
Re: Win32:Hupigon-ONX
« Reply #7 on: November 23, 2010, 12:10:31 AM »
It is only the full image backups.
I just did another full backup.
Right clicked on the file and clicked on scan.
Same results

Picture of results attached.

SafeSurf

  • Guest
Re: Win32:Hupigon-ONX
« Reply #8 on: November 23, 2010, 10:52:15 AM »
@ b-ray,

When you post your logs, please do them as an attachment (Additional Options > Attach > Browse > Post).  This will not waste as much space in the thread and this is the preferred method for posting long logs.  Thank you.

I will leave you in the good hands of Essexboy.  ;)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Hupigon-ONX
« Reply #9 on: November 23, 2010, 09:55:00 PM »
To me that looks like it may be a false positive on the enitre backup image.  It is reading somthing that is probably similar in content

I normally use Dr Web for a second opinion in these cases, but as you have used it then that would tend to reinforce my FP opinion

We could try AVP on the backup set only - it will take a few hours though dependant on size

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.   
  • Reboot your computer into SafeMode. 
You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
 Use your up arrow key to highlight SafeMode then hit enter
.[/b]

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


    • System Memory
    • Startup Objects
    • Disk Boot Sectors.
    • My Computer.
    • Also any other drives (Removable that you may have) [/color]
    After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
    Then choose OK again then you are back to the main screen.
     
    • Then click on Scan at the to right hand Corner.
    • It will automatically Neutralize any objects found.
    • If some objects are left un-neutralized then click the button that says Neutralize all
    • If it says it cannot be Neutralized then chooose The delete option when prompted.
    • After that is done click on the reports button at the bottom and save it to file name it Kas.
    • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
       
      Note: This tool will self uninstall when you close it so please save the log before closing it.
    [/b]


    b-ray

    • Guest
    Re: Win32:Hupigon-ONX
    « Reply #10 on: November 24, 2010, 01:12:08 AM »
    @ SafeSurf,

    I would have rather made it an attachment but had read in another thread to do it this way and not attach them unless ask to do so.  I will attach them in the future.

    @ esexboy,

    AVP is running now.  Looks like it may not be done until sometime in the early morning hours.  I will post the results after work tomorrow.

    Thanks again for all your help

     

    SafeSurf

    • Guest
    Re: Win32:Hupigon-ONX
    « Reply #11 on: November 24, 2010, 10:33:49 AM »
    @ b-ray,

    No problem.  It is easier for all of us as an attachment.  ;)

    Essexboy will continue with his work with you.

    tonygpf

    • Guest
    Re: Win32:Hupigon-ONX
    « Reply #12 on: November 25, 2010, 05:30:33 PM »
    I've been getting the same results on my Ghost images ..yet if I mount the image and scan it (as if it were a drive), no infection is detected (or reported). I'm thinking that this is a false positive and Avast need to update their definition files to account for it.

    Tony

    Nesivos

    • Guest
    Re: Win32:Hupigon-ONX
    « Reply #13 on: November 25, 2010, 06:06:01 PM »
    Hupigon I understand to be a backdoor virus.

    b-ray

    • Guest
    Re: Win32:Hupigon-ONX
    « Reply #14 on: December 02, 2010, 12:17:04 AM »
    Sorry to take so long to get back with you.
    I ran  the removal tool but wasn't paying attention and didn't set it to deep scan and it prompted me at each thing it found.  As soon as it was done I set it correctly and did a second scan and it found and deleted a couple other things the first scan didn't find.
    I then un-installed the program that was causing the problem.
    I then removed the registry entries that were made by the program.
    I then removed and recreated my restore point (it had several entries that were found and deleted by the removal tool.) and I went one step farther and removed and recreated my pagefile.  I then did a defrag and ran another system backup and everything checks clean when I right click on the backup file and do a scan using avast.

    I can attach the results of the scan if you would like me to but everything seems to be working correctly.

    Thanks for all your help.