Backdoor.Win32.Hupigon.ant

  • Thread starter Thread starter Chenxi
  • Start date Start date
C

Chenxi

Hi all,

I've used kaspersky's online virus check. It found some a virus on my
computer named Backdoor.Win32.Hupigon.ant. I have used norton to check
the same file but was ok. I dont know whom to trust. where can I put
this suspicious file to make sure if it is a virus?

Local Settings\Temp\tmp1.exe
the file has no icon, but its got description Generic Host process for
win32 services, Microsoft corporation.
 
From: "Chenxi" <[email protected]>

| Hi all,
|
| I've used kaspersky's online virus check. It found some a virus on my
| computer named Backdoor.Win32.Hupigon.ant. I have used norton to check
| the same file but was ok. I dont know whom to trust. where can I put
| this suspicious file to make sure if it is a virus?
|
| Local Settings\Temp\tmp1.exe
| the file has no icon, but its got description Generic Host process for
| win32 services, Microsoft corporation.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help


* * * Please report back your results * * *
 
I've got the result. so what does it mean? does it mean symantec norton
is unreliable?

==================
This is a report processed by VirusTotal on 04/01/2006 at 15:26:44
(CET) after scanning the file "tmp1.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 04.01.2006 Heuristic/Trojan.PwdStealer
Avast 4.6.695.0 04.01.2006 no virus found
AVG 386 03.31.2006 no virus found
Avira 6.34.0.54 04.01.2006 Heuristic/Trojan.PwdStealer
BitDefender 7.2 04.01.2006 no virus found
CAT-QuickHeal 8.00 03.31.2006 (Suspicious) - DNAScan
ClamAV devel-20060202 03.30.2006 no virus found
DrWeb 4.33 04.01.2006 no virus found
eTrust-InoculateIT 23.71.117 04.01.2006 no virus found
eTrust-Vet 12.4.2145 03.31.2006 no virus found
Ewido 3.5 04.01.2006 Backdoor.GrayBird.ek
Fortinet 2.71.0.0 04.01.2006 suspicious
F-Prot 3.16c 03.30.2006 no virus found
Ikarus 0.2.59.0 04.01.2006 no virus found
Kaspersky 4.0.2.24 04.01.2006 Backdoor.Win32.Hupigon.ant
McAfee 4731 03.31.2006 New Malware.u
NOD32v2 1.1466 03.31.2006 a variant of Win32/Hupigon
Norman 5.70.10 03.31.2006 no virus found
Panda 9.0.0.4 04.01.2006 no virus found
Sophos 4.04.0 04.01.2006 Troj/Bnksa-Fam
Symantec 8.0 04.01.2006 no virus found
TheHacker 5.9.7.123 04.01.2006 no virus found
UNA 1.83 03.30.2006 no virus found
VBA32 3.10.5 03.31.2006 suspected of Trojan.Delf.37
 
I've got the result. so what does it mean? does it mean symantec norton
is unreliable?

==================
This is a report processed by VirusTotal on 04/01/2006 at 15:26:44
(CET) after scanning the file "tmp1.exe" file.
Antivirus Version Update Result
AntiVir 6.34.0.14 04.01.2006 Heuristic/Trojan.PwdStealer
Avast 4.6.695.0 04.01.2006 no virus found
AVG 386 03.31.2006 no virus found
Avira 6.34.0.54 04.01.2006 Heuristic/Trojan.PwdStealer
BitDefender 7.2 04.01.2006 no virus found
CAT-QuickHeal 8.00 03.31.2006 (Suspicious) - DNAScan
ClamAV devel-20060202 03.30.2006 no virus found
DrWeb 4.33 04.01.2006 no virus found
eTrust-InoculateIT 23.71.117 04.01.2006 no virus found
eTrust-Vet 12.4.2145 03.31.2006 no virus found
Ewido 3.5 04.01.2006 Backdoor.GrayBird.ek
Fortinet 2.71.0.0 04.01.2006 suspicious
F-Prot 3.16c 03.30.2006 no virus found
Ikarus 0.2.59.0 04.01.2006 no virus found
Kaspersky 4.0.2.24 04.01.2006 Backdoor.Win32.Hupigon.ant
McAfee 4731 03.31.2006 New Malware.u
NOD32v2 1.1466 03.31.2006 a variant of Win32/Hupigon
Norman 5.70.10 03.31.2006 no virus found
Panda 9.0.0.4 04.01.2006 no virus found
Sophos 4.04.0 04.01.2006 Troj/Bnksa-Fam
Symantec 8.0 04.01.2006 no virus found
TheHacker 5.9.7.123 04.01.2006 no virus found
UNA 1.83 03.30.2006 no virus found
VBA32 3.10.5 03.31.2006 suspected of Trojan.Delf.37
Click to expand...

It means:

1. Little doubt the file is a Trojan.
2. AntiVir, Avira, CAT-QuickHeal, Fortinet, MxAfee, NOD32, and VBA32
are "guessing" (alerting heuristcally). So is Sophos since it
apparently just identifies it with a family of Trojans rather than
pinpointing a exact variant.

You can criticize all the products that produced a "no virus found"
for not at least alerting heuristically. You might also criticize
those products (in [2.] above) for merely alerting heuristically and
not having a exact variant ID. However, without a analysis of the
file, you can't say for sure that those products that did produce
a exact variant ID are correct. There is such a thing as
misidentification.

Note that there is no uniformity of malware naming among the
various products.

Art
http://home.epix.net/~artnpeg
 
Back
Top