Internet threat level: 1
Home→Descriptions→Backdoor.Win32.Hupigon.bns
Backdoor.Win32.Hupigon.bns
| Detected | Nov 16 2006 06:18 GMT |
| Released | Aug 03 2007 12:07 GMT |
| Published | Nov 16 2006 06:18 GMT |
Payload
Removal instructions
Technical Details
This backdoor will give a remote malicious user full access to the victim machine. The program is a Windows DLL file. The file size may vary significantly.
Installation
This backdoor will be installed on the victim machine by another malicious program.
When installing, the backdoor extracts a DLL file from its executable file and saves it to the Windows root directory under the following name:
This file will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Hupigon.bxb.
Payload
The backdoor can:
- provide full access to files on the user’s hard disk
- provide full access to shared local network resources
- provide full access to the system registry
- download files via the Internet and launch them on the victim machine
- provide a remote Terminal window
- get information about the system
- provide full access to the user’s desktop, allowing a remote malicious user to take control
Removal instructions
- Use Task Manager to terminate the backdoor process
- Delete the original backdoor file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following file:
%WinDir%\G_Server2006Key.DLL
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Backdoors are designed to give malicious users remote control over an infected computer. In terms of functionality, Backdoors are similar to many administration systems designed and distributed by software developers.
These types of malicious programs make it possible to do anything the author wants on the infected computer: send and receive files, launch files or delete them, display messages, delete data, reboot the computer, etc.
The programs in this category are often used in order to unite a group of victim computers and form a botnet or zombie network. This gives malicious users centralized control over an army of infected computers which can then be used for criminal purposes.
There is also a group of Backdoors which are capable of spreading via networks and infecting other computers as Net-Worms do. The difference is that such Backdoors do not spread automatically (as Net-Worms do), but only upon a special “command” from the malicious user that controls them.
Backdoor.
- Backdoor.
Win32. Haxdoor. bns (Kaspersky Lab) - Trojan:
BackDoor-AWQ. b!egb (McAfee) - Mal/Basine-C (Sophos)
- Heuristics.
Broken. Executable (ClamAV) - Backdoor:
Win32/Hupigon. dam#4 (MS(OneCare)) - CRC (Nod32)
- the (Nod32)
- checksum, (Nod32)
- incorrect (Nod32)
- be (Nod32)
- file (Nod32)
- may (Nod32)
- FILE_BROKEN (VirusBuster)
- RAR archive is corrupted (AVAST)
- Win32:
Hupigon-LKR [Trj] (AVAST) - Backdoor.
Win32. Hupigon (Ikarus) - Malformed container violation (NAV)
- NseCheckFile2() returned 0x00010018 (Norman)
- FILE_BROKEN (VirusBusterBeta)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.