A remote administration utility which bypasses normal security mechanisms to secretly control a program, computer, or network.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Upon execution, this Hupigon variant creates the following files:
Only the file called "b.exe" is executed, which is detected as Backdoor:W32/Hupigon.OGA.It modifies and executes the driver %systemdir%\drivers\beep.sys with its own kernel rootkit component.The modified beep.sys file is detected as Rootkit:W32/Agent.UI.
After the execution of Rootkit:W32/Agent.UI, Hupigon.OGA then restores the original data of the beep.sys file.It then drops a copy itself to the following directory:
It executes sodata.exe as a driver.The following Registry key are then created:
Creates these files:
Date Created: -
Date Last Modified: -