Jump to content
dbar

Trojan.Hugipon?

Recommended Posts

Hi, I did a quick scan after doing an update and the scan found something called Trojan.Hugipon. Is this a false positive? I did an online search and searched SuperAntiSpyware's virus database, but there was no info. I have quarantined the files but here is the log. Thank you for your advice.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/03/2009 at 10:41 AM

Application Version : 4.26.1004

Core Rules Database Version : 3921

Trace Rules Database Version: 1865

Scan type : Quick Scan

Total Scan Time : 00:22:59

Memory items scanned : 706

Memory threats detected : 0

Registry items scanned : 515

Registry threats detected : 56

File items scanned : 12877

File threats detected : 6

Adware.Tracking Cookie

C:\Documents and Settings\dbarron\Cookies\dbarron@interclick[1].txt

C:\Documents and Settings\dbarron\Cookies\dbarron@ad.yieldmanager[2].txt

C:\Documents and Settings\dbarron\Cookies\dbarron@atdmt[2].txt

C:\Documents and Settings\dbarron\Cookies\dbarron@questionmarket[2].txt

C:\Documents and Settings\dbarron\Cookies\dbarron@microsoftwindows.112.2o7[1].txt

C:\Documents and Settings\dbarron\Cookies\dbarron@fastclick[1].txt

Trojan.Hugipon

HKLM\System\CONTROLSET001\SERVICES\6TO4

HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#0

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#Count

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CONTROLSET002\SERVICES\6TO4

HKLM\System\CONTROLSET002\SERVICES\6TO4#Type

HKLM\System\CONTROLSET002\SERVICES\6TO4#Start

HKLM\System\CONTROLSET002\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET002\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET002\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET002\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET002\SERVICES\6TO4\Config

HKLM\System\CONTROLSET002\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET002\SERVICES\6TO4\Security

HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance

Share this post


Link to post
Share on other sites

The Programs I have tried so far seem to be working fine. On my system I run ESET NOD32 (main virus program and up to date) and manual scans with malewarebytes and SAS. I have not used SAS for a while and decided to update and do a manual scan. ESET and malewarebytes have never shown this Trojan and all of a sudden SAS shows it? Plus there is no information on this particular Trojan, what it does, and how you get it. The only thing I have done different in the last couple of days is use the update service "filehippo.com". Which is how I updated to the new version of SAS. I have read many reviews that this is safe? I also know that 6to4 is a system that allows IPV6 to be transmitted to IPv4. Same thing with Teredo. I think this service was added a while back with a microsoft update. I was told this was a valid service back then. So this is why I am thinking it was a false positive.

Added: The only thing that I have noticed different is that "Teredo" no longer shows up as service under my local area connection.

Share this post


Link to post
Share on other sites

I have the same problem SAS shows the Trojan. Hugipon on my computer after the latest update.I am not running a 6to4 relay or other network product .

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/03/2009 at 10:22 PM

Application Version : 4.26.1004

Core Rules Database Version : 3922

Trace Rules Database Version: 1866

Scan type : Quick Scan

Total Scan Time : 00:22:15

Memory items scanned : 714

Memory threats detected : 0

Registry items scanned : 742

Registry threats detected : 14

File items scanned : 8438

File threats detected : 0

Trojan.Hugipon

HKLM\System\CONTROLSET001\SERVICES\6TO4

HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

Share this post


Link to post
Share on other sites
Are you running an 6to4 relay or other network product that you suspect created these registry entries? If we can test the whole product, we can look into creating exclusions.

As far as I know I am not using a 6to4 relay or other network product that would use it. I believe the registry entries were created during a past windows security update. That is when I noticed the Teredo service for the first time.

Share this post


Link to post
Share on other sites

Hello all,

since yesterday, i have the same problem, too. 32 bit version

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/04/2009 at 07:29 PM

Application Version : 4.26.1004

Core Rules Database Version : 3923

Trace Rules Database Version: 1867

Scan type : Custom Scan

Total Scan Time : 00:14:12

Memory items scanned : 0

Memory threats detected : 0

Registry items scanned : 8218

Registry threats detected : 60

File items scanned : 0

File threats detected : 0

Trojan.Hugipon

HKLM\System\CONTROLSET001\SERVICES\6TO4

HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#0

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#Count

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo#Type

HKLM\System\CONTROLSET003\SERVICES\6TO4

HKLM\System\CONTROLSET003\SERVICES\6TO4#Type

HKLM\System\CONTROLSET003\SERVICES\6TO4#Start

HKLM\System\CONTROLSET003\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET003\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET003\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET003\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET003\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET003\SERVICES\6TO4\Config

HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum

HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#0

HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#Count

HKLM\System\CONTROLSET003\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CONTROLSET003\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET003\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET003\SERVICES\6TO4\Security

HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET003\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type

Michael

Share this post


Link to post
Share on other sites

I have been battling with this all day. I deleted the notepad++ program that I recently installed because in another forum it showed to have a connection with this program. I no longer have 52 entries when I scan. I now have 15. I tried using Unhackme from http://www.greatis.com/unhackme/download.htm but it did not work. I used it about 8 times.

I have not noticed any changes in my system.

Every time I delete the files they return when I reboot.

I ran regedit and was only able to delete 2 extensions there. I was unable to delete any of the other files. So, I still have 15 in my system registry showing up when ever I run SuperAntiSpyware. The registry extensions are exactly the same as the others posted here.

Anyone have nay information on this yet?

Share this post


Link to post
Share on other sites

Hello all,

i am also confused here about this issue which possibly came up with the latest update of SAS.

I checked my whole system with NIS2009, Ad-Aware, Malwarebytes, Spybot, A-Squared and Windows tool, but nothing was found from each programm. Also, i haven't installed any program in the last couple of weeks, therefore i do not know, why this issue has arisen. Also my system (XP SP3)is working very fine!

Thanks

Michael

Share this post


Link to post
Share on other sites

I just experienced the same issue with 56 registry items infected by the trojan.hugipon. (Waiting on scan to finish to post log -- for some reason, even the quick scan takes close to 1 hour on my setup).

I must admit that I was just testing new Firewalls for the last few days so I'm not a good representative to decide if any apps uses these items. I did uninstall them, reverted back to ZA until I can figure out why when I uninstall ZA, it slows down my boot time by 45 seconds (tested on multiple reboot). Reinstalling it returned my boot times to normal. But this is beside the point. Sorry :?

My last quick scan was 1 or 2 weeks ago, and except for the firewalls mentioned (Outpost Pro and Free, ZoneAlarm), I haven't changed anything except purchase a few games on Steam, install a new CPU/Chassis/GPU/Power Supply lol.. turns out I changed a lot of things, but mostly hardware :)

My question is how do I determine which (or if any) apps uses these registry entries? Is there a tool out there that could help me out?

If you need testing to be done, please feel free to let me know... I'm retired and have plenty of time to test and report on findings.

... still waiting ...

... still waiting on scan to finish ...

hmm, I'll edit the post once it finished. :wink:

Regards,

M

P.S. while waiting on the scan (got about 500gig to scan), I checked the service related to this issue called IPv6 Helper Service Properties (local computer).

When I checked the dependencies for components that are depending on it, there's nothing there -- does that mean that *no* applications/services use this?

If so, I just might stop it until we can determine if it's a false positive or not.

P.P.S. Here's the Scan log pertaining to this issue. Seems pretty much what the others have.

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 06/05/2009 at 03:16 PM

Application Version : 4.26.1004

Core Rules Database Version : 3926

Trace Rules Database Version: 1870

Scan type : Quick Scan

Total Scan Time : 01:01:12

Memory items scanned : 472

Memory threats detected : 0

Registry items scanned : 456

Registry threats detected : 56

File items scanned : 59038

File threats detected : 12

Trojan.Hugipon

HKLM\System\CONTROLSET001\SERVICES\6TO4

HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#0

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#Count

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CONTROLSET005\SERVICES\6TO4

HKLM\System\CONTROLSET005\SERVICES\6TO4#Type

HKLM\System\CONTROLSET005\SERVICES\6TO4#Start

HKLM\System\CONTROLSET005\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET005\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET005\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET005\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET005\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET005\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET005\SERVICES\6TO4\Config

HKLM\System\CONTROLSET005\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET005\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET005\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET005\SERVICES\6TO4\Security

HKLM\System\CONTROLSET005\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET005\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance

the file threats were tracking cookies.

Share this post


Link to post
Share on other sites

I did download a movie with utorrents and a free rar unpacker a few days earlier but I did not notice any changes. I have not unpacked the movie file though. I have noticed that today I can no longer update my AVG antivirus program. I can run it but I can not update it. I keep getting a message: Invalid binary file. I am have some difficulties with my email programs opening now and also with my opening new website from links. So, something is definitely going on with this.

Apparently none of the other antivirus programs are picking this virus up yet.

I keep checking Google for other input but no one seems to have a solution yet.

Share this post


Link to post
Share on other sites

I also have (72) instances of trojan.hugipon showing up in the registry key

HKLM\System\CONTROLSET001\SERVICES\6TO4 entries.

I recently changed the Firefox config parameter "network.dns.disableIPv6" to "true".

Could this be the cause of these probable false positives suddenly showing up?

Share this post


Link to post
Share on other sites

i get the same thing, and here is the log

looks like it's the same as everyone else.

Trojan.Hugipon

HKLM\System\CONTROLSET001\SERVICES\6TO4

HKLM\System\CONTROLSET001\SERVICES\6TO4#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4#Start

HKLM\System\CONTROLSET001\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET001\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET001\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET001\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET001\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET001\SERVICES\6TO4\Config

HKLM\System\CONTROLSET001\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET001\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET001\SERVICES\6TO4\Security

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET001\SERVICES\6TO4\Teredo#Type

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#0

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#Count

HKLM\System\CONTROLSET001\SERVICES\6TO4\Enum#NextInstance

HKLM\System\CONTROLSET002\SERVICES\6TO4

HKLM\System\CONTROLSET002\SERVICES\6TO4#Type

HKLM\System\CONTROLSET002\SERVICES\6TO4#Start

HKLM\System\CONTROLSET002\SERVICES\6TO4#ErrorControl

HKLM\System\CONTROLSET002\SERVICES\6TO4#ImagePath

HKLM\System\CONTROLSET002\SERVICES\6TO4#DisplayName

HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnService

HKLM\System\CONTROLSET002\SERVICES\6TO4#DependOnGroup

HKLM\System\CONTROLSET002\SERVICES\6TO4#ObjectName

HKLM\System\CONTROLSET002\SERVICES\6TO4\Config

HKLM\System\CONTROLSET002\SERVICES\6TO4\Interfaces

HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters

HKLM\System\CONTROLSET002\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CONTROLSET002\SERVICES\6TO4\Security

HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo

HKLM\System\CONTROLSET002\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#Start

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ErrorControl

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ImagePath

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DisplayName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnService

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#DependOnGroup

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4#ObjectName

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Config

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Interfaces

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Security

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Teredo#Type

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#0

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#Count

HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Enum#NextInstance

i've also did some research on 6TO4, and according to the information i found it shouldn't even be in the list:

6to4 (sometimes written 6 to 4) is a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 internet) without the need to configure explicit tunnels.

so i believe there is no danger to these warnings at all

Share this post


Link to post
Share on other sites

I updated Malwarebytes and ran it today and it found the virus in the 6to4 files in two locations. It deleted them but when I ran SuperAntiSpyware again the 15 entries showed up again, so it did not delete them. I am still having trouble opening new tab links in my browsers, both, Firefox and IE. So, these are not false positives. There is definitely something new and unwanted attached to my computer files, registry.

I am going to run Malwarebytes again after I reboot and see what happens.

Share this post


Link to post
Share on other sites

I ran Malwarebytes and SAS again. I still had the virus and the problems with my computer were getting slowly worse. Not one of the forums that I could find had anything to say definitive about hugipon, only hupigon which is different.

I finally posted the question on Yahoo Answers and that is were I finally found something that seems to work.

I was directed to http://www.combofixdownload.com/ and

http://www.bleepingcomputer.com/combofi ... mbofix#use.

I followed the instructions and they worked.

I have since ran SAS twice and the Trojan.hugipon is no longer appearing.

I won't celebrate yet, but I feel very relieved.

Share this post


Link to post
Share on other sites

I, like several others found the Hugipon lurking in the registry. Mine was found in 50 places there along with 2 files on my hard drive and 1 other place ( I can't remember if that one was a tracking cookie or what but it was not in memory. I ran Kaspersky, S&D, and Adaware all previous to the SAS scan and they didn't find anything. I guess I need to run the SAS more often since it not only found what the others missed, but it was able to eliminate all traces of it. I was a little concerned when I read in other posts that it returned so I have been scanning every day for several days and it seems to be gone. I will now set up the program to automatically scan, etc... should have done that before since a while back I had purchased the 'full' version of the PRO edition but disabled any automatic scans, updates, etc.

I realize what this post sounds like but I am not associated in any way with SUPERAntiSpyware or it's associates. I rarely make a post to any forums but I guess if it will help someone I think this one is worth the time.

My computer had been very sluggish for awhile and I was puzzled as to why since all the other virus/antispyware was not finding anything. I googled for trojan.hugipon and found this thread. Then I remembered I had purchased the product because it helped me with a different problem previously. I ran the scan and couldn't believe the results. It also discovered another trojan (something like FSG ??) that it removed. I don't know if the purchased program made the difference as compared to the free version but I am happy it removed the bad stuff.

My computer is back to normal now. Thanks

Share this post


Link to post
Share on other sites
I updated Malwarebytes and ran it today and it found the virus in the 6to4 files in two locations. It deleted them but when I ran SuperAntiSpyware again the 15 entries showed up again, so it did not delete them. I am still having trouble opening new tab links in my browsers, both, Firefox and IE. So, these are not false positives. There is definitely something new and unwanted attached to my computer files, registry.

I am going to run Malwarebytes again after I reboot and see what happens.

Hi,

i also check my system with Malwarebytes and nothing was found! The only program which has found Hugipon is SAS.

Is someone from SAS able to give us a sufficient feedback, please?

Many thanks

Michael

PS: my system is working very fine, no problems having occured. I have also no problems with new tab links in IE8, FF & Opera. During the weekend i did several full system scans with NIS2009, Spybot, Adaware, A-squared, yahoo anti-spy, nothing was found, only by SAS

Share this post


Link to post
Share on other sites

Well,

After seeing that there's no definitive answer on this issue, I decided to let SAS do its magic and after the reboot, it was gone completely.

So in my case, SAS was able to remove it without any issues (except the required reboot). The IP6 Helper service vanishes as a result of this quarantine but since I can still use the internet as usual (haven't tested everything yet but so far so good), I'll keep it quarantined until we know for sure if it's a FP or not.

If it's not a false positive, then kudos to SAS for being the first to detect it :) (to my knowledge). Sure glad I bought this one!

Otherwise, no harm done since it's quarantined and has no adverse effect.

Regards,

~M

Share this post


Link to post
Share on other sites
Are you running an 6to4 relay or other network product that you suspect created these registry entries? If we can test the whole product, we can look into creating exclusions.

I have three computers, two of which got hit with trojan.hugipon when running SAS updated/current. The latter two both have Nokia PC Suite and Nokia Software Updater installed whereas the first one (not "infected" with trojan.hugipon) does not. I believe (but I'm not sure) that one or both of Nokia's software packages use 6to4 services .. and thus may have created the registry entries in question. Perhaps a long shot, but could this be used by SAS to do some checking?

As no other spy/malware prog I use flag trojan.hugipon I assume it's a f/p but I would sleep better if you could reconfirm. TIA...

Share this post


Link to post
Share on other sites
Is someone from SAS able to give us a sufficient feedback, please?

I'll be happy to. What's your question?

You know, I don't like to be rude but MichaW explained the whole problem as prior posters have and then you ask "What's your question?"

I got to ask if you've even been reading any of the posts in this thread?

I'm having the same problem also and would like some kind of answer.

I've scanned my computer with Avira, MBAM and Online Armor. All come up clean.

Also run DefenseWall and that did not show anything either.

After knowing of this problem for over a week now, when can we expect some feedback as to what may be causing this problem??

Share this post


Link to post
Share on other sites
Because of the nature of 6to4 relays, there's no one answer that's going to be right for everybody. It's not likely that every legitimate software that's setting up a 6to4 relay is going to make that completely clear....

Did you, in the meantime, have a chance to check if the one or both of the two Nokia programs I referred to could have set up 6to4 relays? After all, you asked for concrete input ..."If we can test the whole product, we can look into creating exclusions". Any comments on this? Thanks.

Share this post


Link to post
Share on other sites
I'm having the same problem also and would like some kind of answer.

Because of the nature of 6to4 relays, there's no one answer that's going to be right for everybody. It's not likely that every legitimate software that's setting up a 6to4 relay is going to make that completely clear, so there's no way to know for sure what legitimate program might be creating the registry entries. That's why we changed it to a "notify" detection.

There have been a variety of behaviors described in this thread, so I'm not sure which problem you're having. If you suspect you have malware on your system that's setting up the 6to4 relay, update SUPERAntiSpyware's definitions and run a complete scan a couple of times to make sure SUPERAntiSpyware removes any known malware. If you still suspect you have a problem, open a support ticket.

A support ticket for what?

Why are all these posters reporting the same thing?

Why is it all searches can't identify this trojan? No one knows what it is.

By the way, I also did a deep scan with A-squared in addition to the scans listed in an earlier post. The only thing it showed was a low risk cookie.

This has to be a SAS problem due to the fact that it started showing up at the same time on other users scans.

If support doesn't know about this problem by now, there is definitely something wrong here. :x

Share this post


Link to post
Share on other sites
Did you, in the meantime, have a chance to check if the one or both of the two Nokia programs I referred to could have set up 6to4 relays?

Please open a support ticket, and provide a link where we can download those programs for testing.

Just did. In case of interest, here is the download link again: http://europe.nokia.com/get-support-and ... or-your-pc

In my case, phone model is Nokia E51.

Update 06/18/2009: the tweaking done by SAS (with or without my above input, I don't know) seems to work, as, after updating the definitions, I get no hits by trojan.hugipon anymore. Good show, thanks. Case closed, at least for now...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×