Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Backdoor.Win32.Small.gmi & Hupigon

Started by Johannes1961 , Jan 26 2009 04:52 PM

Please log in to reply

3 replies to this topic

#1 Johannes1961

Members
37 posts
OFFLINE

Gender:Male
Location:UK
Local time:08:25 AM

Posted 26 January 2009 - 04:52 PM

Hi, PC is running XPHome, AVG 8 Av & Firewall. I run Lavasoft's Ad-Aware manually on the weekend to supplement the (almost) daily running of AVG.

On the weekend - & much to my surprise Ad-Aware notified me of a hupigon infection of Superantispyware.exe! Now I recall SAS requesting that I authorise an update last week. It does this from time to time and I thought nothing of this and so clicked 'yes'; I believe it was a new version including language updates. If SAS.exe really was infected at source, then does this mean that the download site has been hacked & infected. Or is it a false positive?

Anyhow, I did some quick research on the web and decided that as no other symptoms were present I should let Ad-Aware 'clean' SAS.exe and then I uninstalled SAS via the control panel. As I use it very rarely.

I then ran Kasperski Online Scanner this evening. It found Backdoor.Win32.Small.gmi in a trial download of Guitar Pro V5 demo software. This is not detected by MBAM or AVG. Could this be another false positive?

Your guidance much appreciated.

Regards, David

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Guest_The weatherman_*

Guests
OFFLINE

Posted 26 January 2009 - 05:36 PM

Hello there David.

Please try a couple of these free online scanners to see if anything has slipped by your protection:
(Be advised that some of these scanners will pickup things in "quarantine" from other anti-virus programs - so review the results carefully)

http://www.pandasecurity.com/homeusers/solutions/activescan/
http://us.mcafee.com/root/mfs/default.asp
http://housecall.trendmicro.com
http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://onlinescan.avast.com/
http://ca.com/us/securityadvisor/virusinfo/scan.aspx
http://www.eset.com/onlinescan/

http://www.kaspersky.com/virusscanner Scan Only - no removal

If you find that you're infected (or the scan doesn't complete or closes unexpectedly), post in the Am I Infected forum located here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

regards,
The weatherman

Back to top

#3 garmanma

Computer Masochist

Members
27,809 posts
OFFLINE

Gender:Male
Location:Cleveland, Ohio

Posted 26 January 2009 - 05:53 PM

If you run the suggested scans and come up with something, I would post in the Am I Infected forum?.
I'm more leery of AdAware than SAS

Mark

why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter