taskmgr and regedit do not work after hupigon infection

[Majo]

Hello,

MRT scan found and cleaned Backdoor:Win32/Hupigon.gen!B infection, but
taskmgr, regedit and various other exe files are not working afterwards. If
the file is renamed to .bat, works fine. So it's some sort of hook or damaged
registry entry. Amended few, but can't get it going.

Any help, mostly appreciated.

Thanks,

Majo

 

[Engel]

Hello Majo,

I would suggest staying on the side of caution... That you scan your
computer with additional antispyware programs.

There's a good chance there are more bugs that need to be removed.

Clean up the system (clearing out all the Temp/Tmp folders, and included all
offline content, clearing the browser TIF, Delete Cookies , do a Disk
CleanUp.

Click the Start button . In the Search box, type Disk Cleanup, and then, in
the list of results, click Disk Cleanup.



Try SUPERAntiSpyware and Malwarebytes Antimalware

(Much beter if you run in Safe Mode (F-8)

There is a free version (on demand scanning only), the paid for version
includes active monitoring, similar to Windows defender:
<http://www.superantispyware.com>
SUPERAntiSpyware Instructions
<http://securitynewsfromthenet.blogspot.com/2007/04/superantispyware-home-edition-free.html>


Also is free the Malwarebytes Antimalware
<http://www.malwarebytes.org/mbam.php>
Malwarebytes Anti-Malware Instructions
<http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html>


For a second opinion, Scan your computer now online
<http://onecare.live.com/site/en-us/tryscanner.htm>


Please let us know what fixes the problem or if the problem remains


Good luck


Ǝиçεl
-=-

 

[Majo]

Engel,

Thanks for your reply. I have already scanned further for infections and
there are none. But the problem is still there. I have found even free
removal tools for the infection, but as it has been cleared, they do not try
to fix registry.

Majo

 

[Stu]

Further to Engel`s good advice. Would it not be possible to do a system
restore to the point you feel your system was clean or trouble free? Then
take things forward slowly from there. It does have its its down side but may
get your system working properly. Don`t forget to remove your Restore Points
once you manage to get a stable OS.

Stu

 

[Stu]

My dear Engel.

Watch your Inbox/Junk email folder - very carefully! There`s somethng there
which will hopefully bring a smile to your face.

Stu

 

[Majo]

Hi Stu,

If it was XP or Vista I probably do so, but this is a live server Win2000.
Surely there must be somebody who knows all registries which control EXE
startup. Everything else is working fine and I can start the programs if I
rename them to .bat.

Regards,

Majo

 

[Engel]

Done

Don't quit your day job
end

My dear Engel.

Watch your Inbox/Junk email folder - very carefully! There`s somethng there
which will hopefully bring a smile to your face.

Stu

 

[Bill Sanderson]

Take a look at this article:

http://www.viruslist.com/en/viruses/encyclopedia?virusid=44430

This shows the entries that this virus makes as it infects a system. What
you need is to revert these entries to the normal ones.

Do you have an uninfected Windows 2000 system to compare these entries with?

I'm reasonably sure that some of the larger vendors will have an executable
to revert these entries, but I haven't spotted it yet--this kind of change
was made by many viruses a year or more back.

 

[Bill Sanderson]

More possibly useful links:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HUPIGON.BJS&VSect=Sn

this one claims to have an automatic removal, and has manual removal
instructions.

 

[Stu]

Right.

Stu

Done

Don't quit your day job
end

 

[Kayman]

On Thu, 11 Dec 2008 07:03:21 -0800, Engel wrote:

Try SUPERAntiSpyware and Malwarebytes Antimalware

(Much beter if you run in Safe Mode (F-8)

"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
co-author of MBAM; He also adds that performing 'full scan' has no
significant advantage to performing 'quick scan'.

 

[Stu]

LOL!! Very good!! Hey! I don`t have a day job. I`m retired.

Stu

 

[Engel]

Hi Kayman,

Thank you for the note. I'm going to remember that.
-=-

 

[Bill Sanderson]

The part about "performing 'full scan' has no
significant advantage to performing 'quick scan'" is worth noting as well,
for Defender users. These days, the quick scan of many products--I'd
include Norton's end point protection products as well--is designed to catch
any in-place infection.

The full scan might find some stuff--perhaps old email messages with
infections attachments, or remnants in some dusty old attic, but it really
doesn't add significantly to your safety--and is more likely to result in
your spending time trying to figure out how to clean up something that
really isn't a problem in the first place.

--