Author Topic: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup  (Read 3522 times)

0 Members and 1 Guest are viewing this topic.

Offline junkman

  • Newbie
  • *
  • Posts: 3
WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« on: November 22, 2011, 06:30:07 AM »
Hi,
I’ve seen a couple other posts along this line, but didn’t see a clear answer.
I scan my computer for viruses with Avast and receive 0 infections.  I then create an image of my hard drive on an external USB drive with Paragon Drive Backup 9 Personal.  When Avast anti-virus scans the drive image files I just created it detects a threat of WIN32-Hupigen-ONX[tri] in the created images.  This has happened multiple times with multiple Avast virus definition files.

Three Questions:
1.  How do I check to ensure these image files are still intact?  (Avast “removes” the infection from the backup.)
2.  Is this a false positive because of the way Paragon processes things or am I really detecting a virus?
3.  Is the paid version of Avast or Avast Internet Security any better in this situation?
thanks

Thanks,

Paragon Drive Backup 9.0 Personal

Windows XP Home SP3
CPU-Intel Pentium 4 Dual 3.0 Ghz
2G RAM
External USB Drive -Western Digital 640G

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2667
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #1 on: November 22, 2011, 11:45:59 AM »
1_ Don't let Avast take any automatic action. If Avast asks you what to do with that "infection" and you can't skip it, then you would need to add a temporary exclusion / exception.

2_ You need to provide more info. What exactly is being reported as infected? What infection / malware is detected? Is this being changed from the original (compare it with checksum)? Can you scan in the original system the exact same items that are "detected" in the backup? Have you checked / scanned the backup software itself?

3_ The antivirus definitions are the same across versions, so I don't think there is any difference in this case.
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #2 on: November 22, 2011, 12:29:26 PM »
Quote
2.  Is this a false positive because of the way Paragon processes things or am I really detecting a virus?
do you have the file in avast chest?

if so you can upload it to a online multiscanner to see if it is only avast trhat detect it....or many others also

here is how to
Quote
Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

Now you go to one of these online scanners and brows to that folder/file and test it
when done post the link to the scan result here



upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan   http://www.metascan-online.com/



Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84785
  • No support PMs thanks
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #3 on: November 22, 2011, 02:39:06 PM »
I rather doubt the detection on a backup image would be able to be uploaded to VT or any of the other multi-engine scanners as a hard disk image even when compressed is going to be massive.

I guess that the detection is only on the actual backup image file and not a file within it, is that correct (as you don't give the full details of the detection, file name and full path) ?

When I see WIN32:Hupigen detections on drive imaging software, I think FP as these massive, highly compressed files, seem to confound avast, you only need to search for WIN32:Hupigen in the forums to see they are invariably on backup image files and or pagefile.sys.

####
I scan my system before doing my weekly image backup and exclude my backup images form being scanned (they are inert until you elect to open them or restore them), example g:\Backups\DriveImages\*.v21 this is the file type for my DriveImage backup files, replace the *.v21 with the * and your image file type.

That can be entered in the avastUI, Settings, Exclusions, if you accept the limited risk this may present, given that we don't actually know what file it is detecting, but as said if on a file inside the image backup then that is inert until you open/restore it. At that point if there was a truly infected file inside it would be detected by avast's file system shield as you restore the image (if restored whilst windows is running) or on a subsequent on-demand scan.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36993
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #4 on: November 22, 2011, 02:45:48 PM »
Quote
I rather doubt the detection on a backup image would be able to be uploaded to VT or any of the other multi-engine scanners as a hard disk image even when compressed is going to be massive.
you say massive, would it then be moved to chest! or should there also be an avast error message....avast can not...... ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84785
  • No support PMs thanks
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #5 on: November 22, 2011, 02:55:46 PM »
No, as I believe it would also exceed the maximum size to send which is 16MB I believe. There would normally be a message that it couldn't be moved, and possibly something not so helpful like

However, much of this and my other reply is speculation as we don't have the full facts of the detection, file name and full path.

So it would depend on A) if avast is actually able to unpack these massive image backup files, B) if so, can it extract infected files (action not supported error) without corrupting the main image file and (C exactly what it is that is to be moved to the chest, a file within the image backup or the whole image backup file.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70048
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #6 on: November 22, 2011, 03:05:11 PM »
No, as I believe it would also exceed the maximum size to send which is 16MB I believe.

Well, that's the standard setting. You could set it higher, if needed.
Anyway, I wouldn't do that with a (usually very large) backup image. ;)
Win 8.1 [x64] - Avast PremSec 21.3.2459.BUC [UI.612] - EEK - Firefox ESR 78.10 [NS/uBO/PB] - TB 78.10
Avast-Tools: Secure Browser 90.0 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84785
  • No support PMs thanks
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #7 on: November 22, 2011, 03:27:19 PM »
Yes you could, but for the greatest majority that is left on the default settings and why any such move would fail in the first instance. But as I said all of this is speculation until we get some feedback from the OP.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: WIN32-Hupigen-ONX[tri] with Paragon Drive Backup
« Reply #8 on: November 22, 2011, 10:39:36 PM »
I posted a while back on this issue.

I use Paragon 9 and Avast 6.0.1289 found the same trojan in my Paragon archives. I went so far as to delete all my old archives and then create a new one. Avast said it also contained that trojan. My XP installation is clean as a whistle.

Strange part of all this was it found the trojan in my XP archives but not my WIN 7 archives. I run a dual boot XP SP3 and WIN 7 x64 SP1 configuration.

My personal opinion is Avast has a problem with Paragon XP archives. I would view the Avast detection as a false positive.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8