A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer, or network.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution, this Hupigon variant creates the following files:
Only the file called "b.exe" is executed, which is detected as Backdoor:W32/Hupigon.OGA.It modifies and executes the driver %systemdir%\drivers\beep.sys with its own kernel rootkit component.The modified beep.sys file is detected as Rootkit:W32/Agent.UI.
After the execution of Rootkit:W32/Agent.UI, Hupigon.OGA then restores the original data of the beep.sys file.It then drops a copy itself to the following directory:
It executes sodata.exe as a driver.The following Registry key are then created:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows data Type = dword:00000110 Start = dword:00000002 ErrorControl = dword:00000000 ImagePath = "%programdir%\ime\sodata.exe" DisplayName = "Windows data" ObjectName = "LocalSystem" Description = "
File System Changes
Creates these files: