PDA

View Full Version : Backdoor.Hupigon



TheInfamous
2010-05-07, 18:16
Hi, I recently found out that a file that I downloaded has a file infected with a Backdoor.Hupigon.. After I read about this infection I became pretty worried..
But, the file that is infected is located in a ISO file that is located in a .rar file..
I have never opened that file but I have once opened the .rar file but never the ISO file.. I managed to move the .rar file to quarantine using BitDefender..

So basically I have never ever opened that file.

And my question is if the infection has harmed my computer, or if I should have any worries.


In advanced thanks, TheInfamous.

Forgot the DDS log :red:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Notandi at 15:09:35,85 on f”s. 07.05.2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.354.1033.18.2047.863 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\gearsec.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Notandi\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Notandi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Notandi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Notandi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Notandi\Desktop\dds.com
C:\Windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\notandi\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\notandi\appdata\roaming\microsoft\windows\start menu\programs\startup\row32.dll
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F3DAC6CE-71F0-439A-ACEE-E446A5374853} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-9-1 72784]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-9-1 79952]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-4-1 85128]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-12 153448]
S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-17 45312]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-11-3 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-05-06 14:44:59 0 d-----w- c:\program files\iPod
2010-05-06 14:44:58 0 d-----w- c:\program files\iTunes
2010-05-06 13:40:03 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 16:29:10 0 d-----w- c:\users\notandi\appdata\roaming\MixMeister Technology
2010-05-02 16:26:49 0 d-----w- c:\program files\MixMeister Fusion
2010-04-29 15:21:02 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-27 17:09:51 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 17:09:47 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-27 17:09:46 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 17:06:21 0 d-----w- c:\program files\Counter-Strike 1.6
2010-04-19 08:04:30 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-16 20:26:30 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-15 23:19:35 34064 ----a-w- c:\windows\system32\lhacm.acm
2010-04-15 23:19:27 0 d-----w- c:\program files\Teamspeak2_RC2
2010-04-14 08:00:10 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:00:10 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:00:09 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:00:08 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:00:08 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:00:08 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:54:41 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:54:34 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-08 13:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 13:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

==================== Find3M ====================

2010-05-07 14:09:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-04 09:49:28 72784 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-04-24 18:44:14 127032 ----a-w- c:\windows\fonts\graffiti_effect_eraser.ttf
2010-04-18 17:27:56 60536 ----a-w- c:\windows\fonts\Swis721_BlkOul_BT_Black.ttf
2010-04-17 03:14:17 138544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-17 03:14:08 215160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-04 19:24:16 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-04-03 18:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 18:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 18:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 18:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-02-24 10:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-17 15:52:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-11 07:10:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-06 22:54:24 35908 ----a-w- c:\windows\fonts\bgothm.ttf
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 03:17:40 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-04 00:34:08 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:12:00,25 ===============

TheInfamous
2010-05-11, 01:14
Just looking for a simple yes or no answer :)

TheInfamous
2010-05-12, 18:03
Can no one help me ?

TheInfamous
2010-05-13, 21:44
Can a backdoor virus, harm my computer if I haven't opened it ?

TheInfamous
2010-05-17, 19:48
Heeeeeeeelp

tashi
2010-05-22, 18:45
Hello TheInfamous,

Bump and Topic May Be Closed (http://forums.spybot.info/showpost.php?p=219168&postcount=6)

The log appears to be clean.

Best regards