Hi Everyone.

I am having a problem with my Spybot program which is not removing to threats that I believe are trojans. One is called Hupigon (2 of them) and the other is Hupignon. When I try to remove them after a scan, Spybot comes up saying, "Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory). This could be fixed after a restart. May Spybot-S&D run on your next system startup?" Now I have restarted my computer, it was not fixed. Also on startup, Spybot never ran. This is beggining to get me frighten that these threats could ruin my computer. They are located in a spot that is very important as well. They are located at: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32, HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32, and HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WmiApSrv. I know they probably can't be removed because they are an important system that is running now. Also I had heard from a person that these files are associated with the DVD-rom drive.

Please can anyone help. That would be greatly appreciated. I don't know what to do at all and I don't want my computer to get ruin.

Thanks.

Hello.

If oreans32 is located as an O23 Entry in a HJT log, it could be a Rootkit so we should take a look at the system to access the situation. :)

Please follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers.

There are two things that you can try to get rid of the things that Spybot-S&D is having difficulty removing:
Try to run it the next time you reboot.
Go into Spybot > Mode > Advanced mode > Settings > Settings > look for "System start" (located half way down the page).
Check the option: "Run program once at next system startup". Note: If you any programs running that monitor registry changes make sure that you allow the change to:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Reboot the system.
Run it in Safe mode.
Reboot your system in Safe mode and run Spybot-S&D.
If Spybot-S&D still fails to remove the problems you can request assistance in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum. Follow the instructions here:
"BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
After completing those steps, start a new thread (topic) in the following forum (making sure to include the HijackThis and online scan logs produced from the instructions above):
Malware Removal
http://forums.spybot.info/forumdisplay.php?f=22