Superantispyware - hupigon

Discussion in 'other anti-malware software' started by pettyracing, Apr 11, 2007.

Thread Status:
Not open for further replies.
  1. pettyracing

    pettyracing Registered Member

    Joined:
    May 22, 2005
    Posts:
    37
    Anyone know if Nick updated the database for the hupigon trojan. I sent him a sample a few weeks ago. Sent it to Eset (Nod32) and the next day they issued an update. Searched through the database for sas but did not see it, unless it is listed another name.
     
  2. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Where did you send the sample, and what was it called? We receive thousands of samples each day....
     
  3. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    A quick check would be to custom scan the submitted malware file with SAS but fwiw SAS sometimes has different names(probaly based on string nameo_O ) of a bot or at least that is what i have seen often....Nick ?
     
  4. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    Every vendor names their threats differently, based upon what others call it, or based upon what is in the file, servers it connects to, etc. so it is likley we have a different name - if I know which specific sample it was, I can find out if we detect it and what the name is.
     
  5. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    I still chuckle when i see Rootkit Poof-poof:D

    Still Haxdoor var(ntio256.sys)to me:thumb:
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Pls see ur PM box. Thanks
     
  7. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    No PM's yet, which site did you send to me on? You can also send it to nicks AT superantispyware.com
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Sorry Nick if I was not clear. I was saying it to pettyracing. I don,t have the copy of this malware.
     
  9. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    Nick,

    I usually advise people to install SAS but yesterday someone had
    the dreadful IEEXPLORER.EXE on their machine and so I checked
    the SAS database first but could not see it.

    Then I read the above and wondered if SAS would still manage to get rid of this thing via a different name.

    Regards.
     
  10. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    The file may not be listed directly by name, we have many "smart" definitions that get thousands of variants of infections without direct "named definitions" for the threat.

    If we don't detect it, let me know and I will have you run a diagnostic on the system and we can certainly update our database to remove it :)

    Thank you for recommending our software, I really appreciate the support!
     
  11. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    Thanks a lot Nick.

    Cheers.
     
  12. pettyracing

    pettyracing Registered Member

    Joined:
    May 22, 2005
    Posts:
    37
    Nick:

    I deleted the e-mails to eset(nod32) and sas about a day or two after I sent them. I deleted the file in question the day that kaspersky identified it as a hupigon trojan.

    I can only recall that I referenced the fact that Kaspersky identified the product as noted above. and attached the file to an e-mail per instructions I found at your site.

    If you look at the eset website under updates, you'll find numerous references to hupigon over the last few weeks. Again, maybe you call it something different. I know when I scanned the file before deleting it with sas and nod32 following scanning it with kaspersky's kis6, neither program flagged it. When I did a search on the web for hupigon, it did show up as a trojan.

    In the future I will try to save the files.

    Update:

    I found some notes I made at the time of the problem:

    Kaspersky KIS6 identified the infection as:
    backdoor.win32.hupigon.dka
    It was in the file outxp2 = outlook backup.exe
    I found this when googling for a program to try to backup my outlook files. I don't know what site I d/l it from.
    Hope this helps.

    Ok. I found the file at this link ~Link removed. No links to real or potentially real malware. - Ron~

    I downloaded it just now and KIS found the noted trojan above in osxpui.dll
     
    Last edited by a moderator: Apr 15, 2007
  13. pettyracing

    pettyracing Registered Member

    Joined:
    May 22, 2005
    Posts:
    37
    Sorry. Did not realize that.
     
Thread Status:
Not open for further replies.