false positive??

Discussion in 'ewido anti-spyware forum' started by Mannen, May 10, 2007.

Thread Status:
Not open for further replies.
  1. Mannen

    Mannen Registered Member

    Joined:
    May 10, 2007
    Posts:
    1
    Location:
    Sweden
    Was helping a friend and one of the things Avg Antispyware found was

    C:\HJC\HiJackThis_v2.exe -> Backdoor.Hupigon : Cleaned with backup (quarantined).

    I'm almost sure that it is a f/p
     
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please check if you really use the latest signature Updates because we checked the latest Version of Hijackthis with our latest signatures and Hijackthis will not be detected.
     
  3. calcu007

    calcu007 Registered Member

    Joined:
    Oct 10, 2006
    Posts:
    18
    Maybe you have a older version of Hijack or a real trojan.
     
  4. dumboldn

    dumboldn Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    4
    Location:
    Essex, England
    On 10th May (same date as the first post here!) I downloaded the latest AV updates to AntiVirusKit2006, always kept fully up to date. Immediately after they installed the AVG AntiSpyware reported Backdoor.Hupigon was present and quarantined the 3 files concerned, AVK.exe and two AVK UpdatePGM files. This made the AVK unusable. After reinstalling it 3 times from the original AVK download on my C drive and two backups, as soon as I updated the signatures the same thing happened. I contacted AVK to ask if anyone else had experienced this and did they think that something in the downloads was so close to the trojan that it triggered a false positive. They replied that wasn't possible and to contact AVG.
    I have run many full scans with several anti-malware programs and TrojanHunter (which lists many variations of Hupigon) but they always show nothing there. Until I can be sure one way or the other, I am using AVG Free.
    The AVG Free is very good, but I just like the AVK and have got used to it over many months.

    Can anyone please offer me some guidance on this?

    Paul.
     
  5. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
  6. dumboldn

    dumboldn Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    4
    Location:
    Essex, England
    Thank you Karl for replying so quickly.

    The 3 files are in quarantine, but I don't know how to send them to you. I have left and right clicked on them but nothing happens.

    If the only way to be able to send them is to restore them, I am very reluctant to do that in case it is a real trojan and disappears into my system under some other name or whatever. If that is the only way, could you please tell me exactly what to do to send them to you as safely as possible. The files on the C drive seem to have gone when I uninstalled the AVK at the time, but the ones remaining are from my F and G backups. I don't know if those would contain what you need.

    Paul.
     
  7. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please use the Windows Explorer to open the AVG Anti-Spyware installation folder, default path is: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

    There you see a folder named Quarantine, now use a tool like Winrar (www.rarlabs.com) or 7-zip (www.7-zip.org) to compress the whole quarantine folder.

    NOTE: If there are too many files stored in the quarantine folder, then start the AVG Anti-Spyware, select the Quarantine module and remove finally all files except the detected AVK files.

    Now send us the compressed quarantine folder: http://www.ewido.net/en/support/?AID=34
     
  8. dumboldn

    dumboldn Registered Member

    Joined:
    Jun 2, 2007
    Posts:
    4
    Location:
    Essex, England
    Thank you Karl and all your colleagues at Ewido for replying so quickly and sorting out my problem.

    Note to all the moaning minnies on this forum about Ewido/AVG support being useless:

    You will see from the posts above how quickly they responded, plus when I sent the files to them as requested, I had a reply 4 HOURS later which reassured me that it was a false positive after all.

    Ewido rules OK......................
     
Thread Status:
Not open for further replies.