Results 1 to 5 of 5

Thread: Backdoor.Hupigon.cql

  1. #1
    solarsurfer Guest

    Default Backdoor.Hupigon.cql

    Hello
    This is confusing. I downloaded a small program called Analog Clock 2.2 from Cnet's download.com & my AVG AntiSpyware 7.5.0.50 is saying it contains Backdoor.Hupigon.cql. Avast 4.7 Home Edition calls it Win32:Trojan-gen. However, neither AVG Free 7.5.446 nor
    ZoneAlarm Security Suite 7.0.337.000 (Kaspersky 6.0)
    are finding it at all. If it IS a trojan, then why is AVG's AntiSpyware product finding it but their AntiVirus program is not? Additionally, I have run MS Malicious Software Removal Tool V1.28, Windows Defender 1.1.1593.0, ZA AntiSpyware 7.0, Spybot S&D 1.4, AdAware SE 1.06r1 & XoftSpy all with negative results. There are user reviews on the Analog Clock download page reporting the Backdoor.Hupigon.cql finding along with less specific spyware allegations but there are also other reviews claiming it's clean. I like the look of Analog Clock (although it's somewhat buggy & lacking in functionality) & would like to keep it if it doesn't actually contain any malware (it's in quarantine presently). My major issues, however, are:
    1. If it does actually contain a trojan, I would really like to report it to Cnet so they can remove it from their site.
    2. If it does actually contain a trojan, I would like to alert AVG and ZA/Kaspersky that their
    virus scanners are not detecting it.
    3. If it doesn't actually contain a trojan, I would like to report the false positives to Avast & AVG AntiSpyware.
    Does anyone have experience in reporting this kind of stuff? Because I have no clue who to write to.
    Thanks
    PS - ZAISS is the eval version and it's presently my full-time security choice. I only run the other programs for on-demand scanning and their startup entries are disabled.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Backdoor.Hupigon.cql

    Hi!the installer looks clean...<DIV id=estado>Complete scanning result of "analogclock_2_setup.exe", received in VirusTotal at 04.11.2007, 10:02:31 (CET).

    <DIV id=formulario><DIV id=tablaResultados style="DISPLAY: block"><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><THEAD><TR><TD>Antivirus</TD><TD>Version</TD><TD align=middle>Update</TD><TD>Result</TD></TR></THEAD><TBODY><TR><TD>AhnLab-V3</TD><TD>2007.4.10.0</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>AntiVir</TD><TD>7.3.1.50</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Authentium</TD><TD>4.93.8</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Avast</TD><TD>4.7.936.0</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>AVG</TD><TD>7.5.0.447</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>BitDefender</TD><TD>7.2</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>CAT-QuickHeal</TD><TD>9.00</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>ClamAV</TD><TD>devel-20070312</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>DrWeb</TD><TD>4.33</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>eSafe</TD><TD>7.0.15.0</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>eTrust-Vet</TD><TD>30.7.3560</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Ewido</TD><TD>4.0</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>FileAdvisor</TD><TD>1</TD><TD align=middle>04.11.2007 <TD class=negativo>No threat detected</TD></TR><TR><TD>Fortinet</TD><TD>2.85.0.0</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>F-Prot</TD><TD>4.3.1.45</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>F-Secure</TD><TD>6.70.13030.0</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Ikarus</TD><TD>T3.1.1.5</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Kaspersky</TD><TD>4.0.2.24</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>McAfee</TD><TD>5005</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Microsoft</TD><TD>1.2405</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>NOD32v2</TD><TD>2178</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Norman</TD><TD>5.80.02</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Panda</TD><TD>9.0.0.4</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Prevx1</TD><TD>V2</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Sophos</TD><TD>4.16.0</TD><TD align=middle>04.06.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Sunbelt</TD><TD>2.2.907.0</TD><TD align=middle>04.07.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Symantec</TD><TD>10</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>TheHacker</TD><TD>6.1.6.088</TD><TD align=middle>04.09.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>VBA32</TD><TD>3.11.3</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>VirusBuster</TD><TD>4.3.7:9</TD><TD align=middle>04.10.2007 <TD class=negativo>no virus found</TD></TR><TR><TD>Webwasher-Gateway</TD><TD>6.0.1</TD><TD align=middle>04.11.2007 <TD class=negativo>no virus found</TD></TR></TBODY></TABLE>

    <DIV id=tablaInfo style="DISPLAY: block"><TABLE cellSpacing=0 cellPadding=0 width="100%" border=0><THEAD><TR><TD>Aditional Information</TD></TR></THEAD><TBODY><TR><TD>File size: 1158777 bytes</TD></TR><TR><TD>MD5: eb8c21899a926025cbfde3f64c1d5e18</TD></TR><TR><TD>SHA1: 2c677493d54781907f47109063d45d4b5d70fcc4</TD></TR><TR><TD>packers: BINARYRES, ZLIB</TD></TR><TR><TD>

    Bit9 info: http://fileadvisor.bit9.com/services...fde3f64c1d5e18

    ---------------------------

    Is the trojan detected when installing? Which file does trigger the Backdoor? Upload it to www.virustotal.com and check what other AVs are finding...

    You can report new viruses to these emails:

    Kaspersky:newvirus[AT]kaspersky.com / AVG: virus[AT]grisoft.cz

    Cheers,Fax




    </TD></TR></TBODY></TABLE>

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    solarsurfer Guest

    Default Re: Backdoor.Hupigon.cql

    Wow!

    Thanks Fax

    Excellent reply and awsome links.

    Actually, you have to install the program for it to show up. The file is AnalogClock.exe.

    I don't know how to format this to make it look good like you did, but these are the results.:

    Complete scanning result of &quot;AnalogClock.exe&quot;, received in VirusTotal at 04.11.2007, 23:38:30 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.4.12.0 04.11.2007 no virus found
    AntiVir 7.3.1.50 04.11.2007 no virus found
    Authentium 4.93.8 04.11.2007 no virus found
    Avast 4.7.936.0 04.11.2007 Win32:Trojan-gen. {Other}
    AVG 7.5.0.447 04.11.2007 no virus found
    **bleep** 7.2 04.11.2007 no virus found
    CAT-QuickHeal 9.00 04.11.2007 (Suspicious) - DNAScan
    ClamAV devel-20070312 04.11.2007 no virus found
    DrWeb 4.33 04.11.2007 no virus found
    eSafe 7.0.15.0 04.11.2007 no virus found
    eTrust-Vet 30.7.3560 04.11.2007 no virus found
    Ewido 4.0 04.10.2007 Backdoor.Hupigon.cql
    FileAdvisor 1 04.11.2007 no virus found
    Fortinet 2.85.0.0 04.11.2007 W32/Generic!tr
    F-Prot 4.3.1.45 04.11.2007 no virus found
    F-Secure 6.70.13030.0 04.11.2007 no virus found
    Ikarus T3.1.1.5 04.11.2007 no virus found
    Kaspersky 4.0.2.24 04.11.2007 no virus found
    McAfee 5006 04.11.2007 no virus found
    Microsoft 1.2405 04.11.2007 no virus found
    NOD32v2 2182 04.11.2007 no virus found
    Norman 5.80.02 04.11.2007 no virus found
    Panda 9.0.0.4 04.11.2007 no virus found
    Prevx1 V2 04.11.2007 no virus found
    Sophos 4.16.0 04.11.2007 no virus found
    Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
    Symantec 10 04.11.2007 no virus found
    TheHacker 6.1.6.088 04.09.2007 no virus found
    VBA32 3.11.3 04.10.2007 no virus found
    VirusBuster 4.3.7:9 04.11.2007 no virus found
    Webwasher-Gateway 6.0.1 04.11.2007 Win32.Malware.gen (suspicious)


    Additionally, I finally found the Cnet forums (getting dopey in my old age), where I posted &amp; got a reply that the &quot;team&quot; is investigating.

    Thanks again

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Backdoor.Hupigon.cql

    You're welcome...Interesting, only few detects it and with generic signature... sounds like a false positive by the few AV engine...Well, to be sure... just zip "AnalogClock.exe", and password protect the zip, send it to newvirus@kaspersky.com, subject: possible trojan. Explain in the email that AVAST, Ewido, etc.. detects this fileas a trojan/backdoor and see what KAV experts says (include password of the zip in the e-mail). You could also include the link to the installer....Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    solarsurfer Guest

    Default Re: Backdoor.Hupigon.cql

    Well I didn't want to bug Kaspersky with it (pun unintended), but AVG/Ewido confirmed it was a false positive and say they will correct on next database update. I also emailed Avast and Fortinet.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •