Solved Backdoor.hupigon Removal by Reinstalling the System

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

madany

Thread Starter
Joined
Feb 19, 2016
Messages
10
I just found out(by a random system scan I conducted) that my personal desktop has been infected by a spyware called backdoor.hupigon. (from a certain game client that I tried to download 2 weeks ago. I don't even remember any download started) My BitDefender Total Security did not offer me any deletion option, only the quarantine. I did read that it's basically every average user's worst nightmare. I also looked at other posts with same issue but they seemed far more complex than I can activately spend time on. (I have job and a university ed.) I'm just interested in the least time consuming solution since I'm not very informed on the subject of computer security. So, here is my question: Will the thing go away if I just delete everything to zero and reinstall Windows and everything? I also don't intend to take any backups.

Small extra question, because why not: Do you think what bitdefender total security does would be enough to protect my data from hijackers?
 

capnkrunch

Malware Specialist
Joined
Nov 28, 2015
Messages
510
Hello madany and welcome to the Tech Support Guy forums :)

madany said:
Will the thing go away if I just delete everything to zero and reinstall Windows and everything?
The simple answer is yes but Backdoor: Win32/Hupigon is a very dangerous kind of infection called a remote access infection. There are some additional considerations when recovering from this kind of infection so please take the time to read through the rest of this post.

Remote access infections allow the attacker to make changes to your computer as if he or she were sitting right in front of it. You are smart to decide to reformat and reinstall, that would have been my recommendation as it is the only way this system can be trusted again.

If you need help reformating your system and reinstalling Windows, you may find this tutorial useful.

There are some additional steps that I would recommend taking after this kind of infection to help protect yourself:
  • Disconnect the infected computer from the internet and from any other networked devices.
  • Run a full scan of other devices on the same network. Do this with the installed antivirus as well as an antimalware program such as Malwarebytes Anti-Malware.
  • If this computer was used for online banking or shopping, contact your bank immediately and let them know that your information may have been compromised.
  • From a clean computer change all your passwords. This includes your internet login, email, PayPal, Amazon, Facebook, and any other online activities that require a username and password.
    Do NOT change your passwords from the infected computer before it is reformatted, the attacker will be able to get all the new passwords.

I usually ask people to read these links before proceeding but since you have already made the smart decision to repave don't consider this "required reading". I will leave the links anyways in case you are interested and for anyone else who happens across this topic.
Remote Access Infections ... (why you should repave)
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

A couple other things before we get to your extra question.

madany said:
My BitDefender Total Security did not offer me any deletion option, only the quarantine.
This is often what security programs will do. Quarantined files are moved and encrypted so that they cannot run, effectively neutering them. It is safer than simply deleting files though because in the case of false positives you are still able to restore the file.

madany said:
I also don't intend to take any backups.
Strictly speaking this is the safest way to proceed. However there are certain files that are generally safe to backup. I would absolutely not backup files with the follow extensions:
.exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab

Data files such as text, pictures, audio, and video are usually safe to backup. Files like Word or Excel documents or PDF's may contain macros that can conceivably be used to run malicious code. For more information see Can I re-install my personal files once I've reformatted ?.

madany said:
Small extra question, because why not: Do you think what bitdefender total security does would be enough to protect my data from hijackers?
This is a bit of a tricky question to answer. What you want is called "layered security". Bitdefender is an antivirus which is onep important layer but you should also be using an antimalware program and a firewall. In addition, user behavior is far more important than any software. Keeping your OS and programs up to date, safe browsing habits, avoiding P2P and cracked software are among the most important ones.

Usually I will provide more information about protecting yourself after a user's computer is cleaned so if you'd like please post back once you have finished with repaving your system and I can give you some additional tips. In the meantime you may be interested in this post by one of our moderators: How to Protect Yourself and Tighten Security.
 

madany

Thread Starter
Joined
Feb 19, 2016
Messages
10
Well cutting the pc's internet connection was the first thing that I did. (I actually took of the usb wifi receiver thing.) This may be funny question. But I have 2 other computers and our phones using the same wifi connection, are they considered networked?

And from what I can gather, reformating is the only thing that I'm going to need to do with that computer, right? Aside from renewing my passwords via a clean computer, I mean.

Edit: Are my usb devices like webcam or wifi receiver are safe to use after my pc's reformat? I also connected my smartphone to the pc via usb. I didn't move anything to my phone but I moved some pdfs from my phone. Is there any way my phone is infected?
 
Last edited:

capnkrunch

Malware Specialist
Joined
Nov 28, 2015
Messages
510
Hello madany :)

madany said:
But I have 2 other computers and our phones using the same wifi connection, are they considered networked?
Yes. Your phones should be OK. Cross platform malware is very rare and phones have better defense built into the OS than Windows computers. If you are concerned there are a number of free antiviruses that you can install and scan with but I don't really think that is necessary.

For your other two computers I would run a full scan (as opposed to a quick scan which is generally the default) with whatever antivirus is installed as well as with Malwarebytes Anti-Malware (MBAM) (link in my previous post). The malware you had has been known to spread through networks so it is definitely important to check out your other computers.

I would consider the two scans I mentioned adequate for checking your other systems, however if you'd like we can do a more thorough check of them. This will take more time of course and I don't think it's really necessary unless one of your other machines is experiencing symptoms. Please let me know what you'd like to do, I'm happy to help either way.

If you need help running MBAM or a full system scan with your antivirus please let me know and I can provide more detailed instructions.

madany said:
And from what I can gather, reformating is the only thing that I'm going to need to do with that computer, right?
Yes. For serious infections repaving is not only the only safe option but it is also the quickest and easiest.

If you have any additional questions please do not hesitate to ask and if you can let me know how things turn out.
 

madany

Thread Starter
Joined
Feb 19, 2016
Messages
10
To be precise, my infected pc didn't have any symptoms at all. I regularly do system scans and the malware just got detected by the last one.

As you would know better than me, a malware may not be cross-platform but it can leave some unwanted offsprings to spread on various devices. So even if my phone is not in danger, is there a possibility that connecting it to my future repaved computer would cause the problem to reoccur?

EDIT: I'm doing the two system scans on other computers now, I'll update you when they're finished. Thank you, in advance, for all your support and positive mood! Thanks to you, I won't be bothered with stressful thoughts while teaching in front of a professor. :)

EDIT 2: A friend of mine(which I contacted in haste before posting here) advised me to "dd" the whole system with linux. Don't know if it's necessary; he claims that the virus may revive with just format.

EDIT 3: I scanned the two computers (which are using the same wifi connection with my own, corrupted pc) via bitdefender and malwarebytes. Bitdefender found some non-threatening "(object not found)" objects in C/System Volume Information in both of the computers. Said objects have names like {38902.... etc. which is quite identical to objects left out by deleted viruses that I've previously noticed a long time ago. I don't know if they're harmful or not. So, to the point related with my backdoor problem, both my 2 uninfected computers show no sign of backdoor.hupigon, yet there is this "object not found" weirdness going on and I don't know if they are related.
 
Last edited:

madany

Thread Starter
Joined
Feb 19, 2016
Messages
10
This thread is updated. I don't intend to flood, I'm just placing this post here to make sure it's seen by helpers, so that I don't look like I left the thread I started. I'll delete it when I get a response.
 

capnkrunch

Malware Specialist
Joined
Nov 28, 2015
Messages
510
Hello madany :)

madany said:
I don't intend to flood, I'm just placing this post here to make sure it's seen by helpers, so that I don't look like I left the thread I started.
Don't worry about flooding the forum or double posting. It's actually easier for me if you make new posts for new information rather than editing old posts. Even if it ends up being 3+ posts in a row you won't get in trouble.

madany said:
Thank you, in advance, for all your support and positive mood!
You're welcome :)

madany said:
A friend of mine(which I contacted in haste before posting here) advised me to "dd" the whole system with linux. Don't know if it's necessary; he claims that the virus may revive with just format.
I would not recommend this. Many manufacturers have recovery or factory restore partitions and you run the risk of deleting those which would greatly reduce your recovery and maintainance options in the future. The joke about dd is that it stands for "destroy disk".

If something is sophisticated enough to survive a standard reformat, chances are it's deep enough to survive dd as well. Anyways, I do not know of any "commercial grade" malware with that capability. That is really NSA level sophistication.

madany said:
So even if my phone is not in danger, is there a possibility that connecting it to my future repaved computer would cause the problem to reoccur?
I'm not quite sure which direction you mean. Your repaved computer will be clean so there is no worries of it harming your phone. It is theoretically possible that it infected your phone with a USB worm that could reinfect your clean system.

However, I have not seen anything about this particular malware being able to spread through USB. If you are still concerned we can use the Panda USB Vaccine to protect your computer and USB devices.

Panda USB Vaccine
  • Please visit the Panda USB Vaccine site and click the Download button.
  • Fill out the requested information. Use a real email address as they email you a link with the download.
    • I recommend checking No I don’t want to receive information. and then checking both boxes under it.
  • Click Send.
  • You will get an email from Panda, it may take a while to arrive. In the email click Download USB Vaccine exe (zip).
  • In the site it takes you to click Panda USB Vaccine to start the download.
  • Unzip USBVaccineSetup50a.zip to your Desktop.
  • Double-click usbvaccine.exe and follow the prompts. You may uncheck the box to run Panda USB Vaccine automatically at startup.
  • Ensure Launch Panda USB Vaccine is checked and click Finish.
  • The program will open and automatically vaccinate your computer.
  • Install Panda USB Vaccine on all your computers. You can use the same copy for all you machines.
  • Attach each USB you are concerned about, select it from the dropdown menu and click Vaccinate.
    If it does not recognize one of the devices do not worry as even if it is affected it will be unable to launch the malware on your vaccinated computers.

madany said:
So, to the point related with my backdoor problem, both my 2 uninfected computers show no sign of backdoor.hupigon, yet there is this "object not found" weirdness going on and I don't know if they are related.
The System Volume Information directory holds files from System Restore Points. Anything detected there doesn't pose a threat unless you restore to an infected Restore Point. Also, the "object not found" leads me to believe that Bitdefender is simply picking up orphans, something referencing a file that no longer exists.

I wouldn't worry about these detections but it might be worth purging the System Restore Points just to be safe. This will create a new System Restore Point and then delete all the old ones. Do this on both systems.

Purge System Restore
  • Please download DelFix by Xplode and save it to your Desktop.
  • Right click on delfix_*version*.exe and select Run as administrator.
  • Check the following boxes and then click Run:
    • Remove disinfection tools
    • Purge system restore
  • If DelFix or any logs it creates remain you may delete them.

Of course the offer still stands if you'd like to do a full check of either or both systems. Just let me know.
 

madany

Thread Starter
Joined
Feb 19, 2016
Messages
10
I completed the repave. I used diskpart function from cmd to "clean all" my hdd, which is my system partition, and "clean" my ssd. (I'm not sure if system restore can survive my glorious zeros) First thing I did setup was malwarebytes and my old buddy, BitDefender Total Security. I did not connect the pc to Internet yet; since I was not sure if my usb wireles receiver is infected or not. But I guess Panda USB Vaccine can scan it, right?

Thanks, again for your all help! It's great to know that a community like this exists.
 

capnkrunch

Malware Specialist
Joined
Nov 28, 2015
Messages
510
Hello madany :)

madany said:
Thanks, again for your all help!
You're very welcome.

madany said:
I completed the repave. I used diskpart function from cmd to "clean all" my hdd, which is my system partition, and "clean" my ssd.
Glad to hear that you completed it successfully.

madany said:
(I'm not sure if system restore can survive my glorious zeros)
System Restore will have been zeroed along with the rest of the system partition. The reason I had mentioned using DelFix to purge System Restore points was for your other machines where Bitdefender found detections in the System Volume Information directory.

madany said:
I did not connect the pc to Internet yet; since I was not sure if my usb wireles receiver is infected or not. But I guess Panda USB Vaccine can scan it, right?
You should not have to worry about your USB WiFi adapter since it is not a storage device. I would guess that Panda USB Vaccine might not even see it. That said, if you use Panda to vaccinate your computer (which it does automatically on install) you don't really have to worry about autorun USB worms anyways.

OK, since it sounds like everything is resolved and since your computer is once again trustworthy after a repave this is my standard All Clean post with tips on how keep your now clean system that way. You can consider it a more thorough answer to your question about the adequacy of Bitdefender in your first post.

Security Programs
  • Antivirus - It is important to have one and only one installed, enabled and updated. Bitdefender has this category covered for you. Keep it up to date and schedule a scan for every 1-3 days.
  • Antimalware - Malwarebytes Anti-Malware is a great antimalware tool and I recommend you install it on all your computers. Keep it up to date and run a scan every week or so. The paid version also offers realtime protection.
  • Firewall - The Windows Firewall is enabled by default and does everything you need in a firewall. However, Bitdefender Total Security includes a firewall that may have additional features. Whether you want to take advantage of Bitdefender's firewall is up to you but you need one or the other active.

Update, update, update
Keep your Antivirus and other software up to date. Consider using a program to assist you.
Secunia Personal Software Inspector - Copyright © Secunia.
FileHippo.com Update Checker - Copyright © FileHippo.com

Keep your operating system fully patched with Windows Update.
Windows Vista - Install Windows updates
Windows 7 - Install Windows updates in Windows 7
Windows 8.1 - Windows Update: Frequently Asked Questions
Windows 10 - Windows Update: Frequently Asked Questions

Practice safe browsing habits
Like I said before, no software or group of software is foolproof. Security starts with the user and browsing the internet is where users are most vulnerable. There is a lot of advice that can be given for safe browsing but most of it boils down to common sense. Here are some of the more important things you can do:
  • Avoid shady sites: gambling, pornography, piracy/warez sites. Also avoid using P2P software.
  • Don't click on popups or ads in general. Warnings that say you have a virus or ads that say you've won a prize are always tricks to get you to install unwanted software or give away personal information.
  • Don't download anything you didn't go looking for. If site says you need to update Flash or install a codec DON'T. Almost without fail it will be malware instead.
  • Use strong passwords and use a different password for every site. Consider using a password manager to assist you. KeePass is a good free one. LastPass is what I use, it has a free version as well as a paid one with additional features.
You may want to try using an addon such as Web of Trust (WOT) or McAfee SiteAdvisor. These are not foolproof but can be a good place to start when deciding whether or not a site is safe to visit.

Additional reading
To help minimize the chances of becoming re-infected, please read:
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly

Note: these guides may look long but aren't actually that bad. If you can make 30 minutes or so I strongly recommend you read these as well as the one that I linked to in my first post. They cover much more than I do here (and my colleagues who wrote them are much more knowledgeable and experienced than I am). I promise it will be worth it.

It might be a good idea to bookmark these guides for future reference as well.

If there's anything else I can help you with please don't hesitate to ask any additional questions. If not I would appreciate it if you could click the Mark Complete button in the top left of this thread to mark this topic finished.

Stay safe! ;)
capnkrunch
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top