Recurring Backdoor In Temps

Hi guys,


I keep getting the following report in bitdefender event log:


tmp00000004 is infected with Backdoor.Hupigon 72812. It's detected about every hour around the same time. I have run a complete system scan with bitdefender, malwarebytes, housecall, eset online scanner, and emisoft. All the scans are showing the system clean of any malware, so I am quite perplexed. I am reasonably confident that my system is secure, but I would appreciate any help in figuring this out. Please tell me what logs you need me to post/upload

Comments

  • Nesivos
    Nesivos
    edited June 2015
    Hi guys,


    I keep getting the following report in bitdefender event log:


    tmp00000004 is infected with Backdoor.Hupigon 72812. It's detected about every hour around the same time. I have run a complete system scan with bitdefender, malwarebytes, housecall, eset online scanner, and emisoft. All the scans are showing the system clean of any malware, so I am quite perplexed. I am reasonably confident that my system is secure, but I would appreciate any help in figuring this out. Please tell me what logs you need me to post/upload


    Backdoor.Hupgon is a remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. I would suggest disaabling all remote services in Windows Local Services except Remote Procedure Call (RPC) unless you know you absolutely need one of the other remote services. You can do this by opening the Control Panel typing Local Services and clicking on "view local sevices". I have them all disabled on all my computers except for the one and have had no problems with any of my computers or running any apps as a result. If you find in the future you absolutely need them you can always reactivate them in Windows Local Services. Most consumers never have a need for them except for the one which is necessary for Windows to run properly.


    1. Does the event log say anthing further like "your computer is now safe"


    2. Have you checked quarantine to see if anything is in there?


    3. When you see the message are you doing on-line gaming or any streaming? If so it could be reinfecting your computer periodically.


  • Backdoor.Hupgon is a remote administration utility which bypasses normal security mechanisms to secretly control a program, computer or network. I would suggest disaabling all remote services in Windows Local Services except Remote Procedure Call (RPC) unless you know you absolutely need one of the other remote services. You can do this by opening the Control Panel typing Local Services and clicking on "view local sevices". I have them all disabled on all my computers except for the one and have had no problems with any of my computers or running any apps as a result. If you find in the future you absolutely need them you can always reactivate them in Windows Local Services. Most consumers never have a need for them except for the one which is necessary for Windows to run properly.


    1. Does the event log say anthing further like "your computer is now safe"


    2. Have you checked quarantine to see if anything is in there?


    3. When you see the message are you doing on-line gaming or any streaming? If so it could be reinfecting your computer periodically.


    Thanks for your reply. The event log does say "The virus has been successfully blocked and your PC is now safe." However it keeps occurring roughly once an hour. Is it possible to find out what program or service creates temp files? Bitdefender is deleting the file, but if I could trace it back somehow it might shed some light. There is nothing in quarantine, and the "infection" occurs roughly once an hour whether I am asleep or using the computer.

  • How about if you do a search on tmp00000004 on your PC, does the Windows search find it though?1.gif

  • Georgia
    Georgia ✭✭✭

    Hi,


    If the situation still occurs please use our Bdsyslog tool to generate a deeper scan log. It will gather more information and our malware researchers can investigate further. The tool can be downloaded from here:


    http://www.bitdefender.com/support/how-to-...g-tool-628.html


    For accurate results, we recommend running this tool when the effects of the infection are visible -e.g. as soon as Bitdefender blocks it.


    It would also help to have a sample of the detected file. Please pack it in a password-protected archive (password: infected).


    Send us both the BDSYS log and the sample in an email at bitsy@bitdefender.com


    Thank you!