Windows Defender - found something

[BTRY B 529th FA BN]

Ok. I'm a little surprised at this. Windows Defender found a 'Backdoor'. Something called Win32/Hupigon.YA Haven't even researched it yet. Not sure if it's a false positive but it found it in a program called MaxxMEM2_preview.exe, and CPU-Tweaker.exe

Just thought I'd post this. I've had the apps on my pc for a while and just yesterday there was an issue. Odd. Ok.

 

[corkyg]

Looks like a true positive for a backdoor Trojan.

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32/Hupigon

I would get rid of it.

 

[BTRY B 529th FA BN]

What makes me curious is what made it noticeable now?

I recently have been rebooting and checking my secondary timings via CPU Tweaker 2.0. Defender found something in both apps. I know I've ran CPU Tweaker on my main rig before and even after a recent scan nothing is being found.. hmm.. must be a tricky little ah heck

 

[balloonshark]

Upload it to virustotal so it can be scanned by multiple scanners. https://www.virustotal.com/

Just keep in mind that it common to get false positive hits. I normally ignore hits from scanners I have not heard of.

 

[MongGrel]

Looks like a true positive for a backdoor Trojan.

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32%2fHupigon

I would get rid of it.

This.

Personally I just run Defender for AV and Firewall these days, with Win 10 14352 these days.

I scan with a few other things occasionally.

 

[BTRY B 529th FA BN]

I thought Windows automatically sent samples of the infection, so I deleted it before I was suppose to manually send it

Went through my backukp files and deleted them, also

 

[John Connor]

Never, and I mean NEVER trust an M$ product for protection. What I would do now is scan with Herdprotect and possibly use Freefixxer, but make sure you research each dll, exe, etc. Don't delete anything you know nothing about.

I would run Herdprotect over night. It WILL take forever and requires two runs. If you have your DNS set to OpenDNS, you will need to either temp change back to your ISP's or use a VPN while Herdprotect scans your puter.

Use Sandboxie!

 

[BTRY B 529th FA BN]

Now how do I uninstall the app???

 

[John Connor]

Windows Defender? Just turn it off and use Bitdefender Free and Sandboxie.

 

[BTRY B 529th FA BN]

Windows Defender? Just turn it off and use Bitdefender Free and Sandboxie.

So when you uninstalled Herdprotect, how did you do it?

 

[John Connor]

I have never uninstalled Herdprotect.

Why can't you uninstall it? You should be able to use add/remove programs. Worst case use Revo Uninstaller.

What OS are we talking about here?

You got it from here, right? http://www.herdprotect.com/downloads.aspx

There's a portable version.

 

[BTRY B 529th FA BN]

Have you ever installed it???

No, the app never shown up in Add/Remove programs.

Windows 10

Yes

Yeah I used the portable version but it still had an installer and installed some files. It wasn't a stand alone single .exe

The app is safe, right???

 

[John Connor]

The App is safe. I have it installed. Let me download the portable version in VMware and see what happens.

 

[John Connor]

Okay, installed the portable version in VMware running Win 7. The default location that it will extract to is C:\Program Files\Reason\herdProtect

All you have to do is delete that folder. Also, when you first run the .exe you see this:

Did you even let it scan your computer? It was only an hour when you asked how to uninstall.

 

[BTRY B 529th FA BN]

Yeah it scanned.. took less than 10 minutes

 

[John Connor]

Weird. My laptop only has a 120 GB SSD and it takes forever to scan. And then I have to scan twice. Probably due to some game haxxs I have on here.

 

[BTRY B 529th FA BN]

Could be the core & thread count