Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Hugipon


  • Please log in to reply
6 replies to this topic

#1 gregw2

gregw2

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 June 2009 - 04:32 AM

Myself and several other people in other forums have encountered a new virus called Trojan.hugipon. This is not Trojan.hupigon as has been confused by other persons. This virus is detected by SuperAntiSpyware and usually has 15-57 registry entries.
The SAS software detects it and tries to remove it but does not succeed. I have used Malwarebytes and it tries to remove it but it is also not successful. I have used SDFix, Avira, and AVG as well and nothing can get rid of this Trojan.
SAS claims that it might be a false positive but I think not. Since I have discovered the Trojan I am having more and more difficulty opening various websites, and my computer is acting unnatural, not usual, in speed and performance. When I try to open up links they only open about 10% of the time, and Webpages do not fully open about 75% of the time. I have backed up all of my important data and if I have to reformat to get rid of this I will but I hate the thought of that because it takes days to recover all of my links and bookmarks. I have a lot of software on my computer that I use daily for website development and I would have to reinstall all of this and it could set me back for two weeks. So, I really would like to get rid of this some other way.
Each day that I try to find a way to get rid of this is another day lost in productivity. I would like to solve this so that I can post the results and remedy on other forums for others to read.
Any help will be much appreciated and I will share it with everyone.
Thank you


SDFix:log

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3.5 Beta 4\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 6 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Fri 22 Jun 2007 25,088 A.SH. --- "C:\Documents and Settings\Greg\Desktop\PLRfolder\1000 Article Signup Bonus\Life As A Woman\~WRL3283.tmp"
Fri 22 Jun 2007 25,088 A.SH. --- "C:\Documents and Settings\Greg\Desktop\Nitro Blogger\NitroBlogger1000SignupBonus\NitroBlogger1000SignupBonus\1000 Article Signup Bonus\Life As A Woman\~WRL3283.tmp"
Thu 28 Feb 2008 32,768 A.SH. --- "C:\Documents and Settings\Greg\Desktop\PLRfolder\10740PLRarticles\10740PLRarticles\NapaValleyWineries\Napa Valley Wineries\Word Files\~WRL2072.tmp"

Finished!

BC AdBot (Login to Remove)

 


m

#2 gregw2

gregw2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 June 2009 - 07:19 PM

I ran Malwarebytes and SAS again. I still had the virus and the problems with my computer were getting worse. Not one of the forums that I could find had anything to say definitive about hugipon, only hupigon which is different.
I finally posted the question on Yahoo Answers and that is were I finally found something that seems to work.
I was directed to http://www.combofixdownload.com/ and
http://www.bleepingcomputer.com/combofi ... mbofix#use.
I followed the instructions and they worked.
I have since ran SAS twice and the Trojan.hugipon is no longer appearing.
I won't celebrate yet, but I feel very relieved.

I rebooted my computer and after that it worked much better. I checked my registry files and the HKLM virus entries were gone and did not appear again. So, the FIX did work. I can now open new windows with my browser with ease like I used to be able to, before the Trojan.hugipon appeared.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:14 PM

Posted 08 June 2009 - 10:07 AM

Glad to hear the issue has been resolved. However, please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

You were fortunate in this instance that no unforeseen consequences occurred.A re there any more reports/signs of infection?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 newbpcuser

newbpcuser

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 June 2009 - 09:19 AM

I recently downloaded and installed the SuperAntiSpyware software and was shocked to find 50 registry items with Trojan.Hugipon.
Even though i have yet to experience as dire problems as gregw2, I have no urge to have them begin, and I don't feel i have the knowledge and capability to use the ComboFix software on my own.
Hopefully as new information and data comes to light there will be an easier solution for this problem.

Please post if you feel I can provide more information that will help get the problem solved.

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:14 PM

Posted 10 June 2009 - 12:16 PM

I am guessing this is a false positive.

Can you post the SAS log showing the infection?

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:14 PM

Posted 10 June 2009 - 01:37 PM

They've been dealing with this over on the SAS forums. Doesn't seem to be anything real definitive either way coming out of it yet. Seems the responder is saying it could be a F/P but it could be an infection also.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 gregw2

gregw2
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 15 June 2009 - 11:03 AM

I guess I was lucky that Combofix worked for me without any help. I want to point out that SAS was not the only program that detected this virus. Malwarebytes detected two instances of it. This is why I made the decision to use the combofix, along with the fact that my computer was getting very sluggish.
I have had no more problems since Hugipon was removed. I can open new windows and my computer seems to running quite well.
For me this was not a False Positive and I made sure before I removed it that it was the only virus on my computer. I ran checks for two days with AVG, Avira, SAS, Spyware Terminator, Adaware-Lavasoft, and Malwarebytes. Hugipon was the only virus that showed up.
Since the removal of Hugipon I am operating normally again. I do not know how long it was on my computer. It was not detected until right after my SAS update and then only with Malwarebytes two days later.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users