Problem with specific Trojan BackDoor

[Uniquity]

detected: Trojan program Backdoor.Win32.Hupigon.aqy Running module: winlogon.exe\syst6.dll


I am using Kaspersky... It cannot get rid of the above file... Can anyone tell me what to do to get rid of it?

Thanks in advance...

 

[mechBgon]

Interesting. Have you tried running a scan while the system's running in Safe Mode? Also, what was the source of the infection, if you happen to know?

 

[compuwiz1]

Years ago, when I had the problem, it seems, I had to go rename the file, before I could disable it, to remove any associations to it.
Also, seems this cannot be done, when it is read only, so once you find it, I would right click it's properties, and uncheck the read only box.

I'm no expert at this, but seems like something I remember.

Also, try googling for that bug's name. You'll probably come up with instructions on how to remove, or disable.

Edit: This might help

 

[mechBgon]

Also, if you do decide to scan in Safe Mode, first max out all Kaspersky's detection settings. Go to Settings, down to the Scan section, and for each area listed (Critical Areas, Scan My Computer, and Startup Objects), set the slider to High.

After setting each slider to High, also click the Customize button, to the Additional tab, and uncheck the boxes for iSwift and iChecker. This forces Kaspersky to scan every file, every time, so if it didn't find stuff the first time, maybe it will find it later when it's got updated virus definitions.

I also recommend setting the Actions to Do Not Prompt For Action > Delete, so the software can kill stuff just as fast as it sees it, instead of having to wait for a decision from you.

Also make those changes to the real-time protection, which is the stuff listed under Protection > File Anti-Virus.

 

[btcomm1]

Sounds to me like this file is hiding it'self using ADS. If you search for syst6.dll making sure it's searching hidden files can you find it anywhere on the HD? If not download ADS spy from here http://www.spywareinfo.com/~merijn/programs.php and run it and if it finds syst6.dll remove it.