Win32/Hupigon.NJJ
Created: 2009-09-10,
17:02:36
Last updated on: 2009-09-10,
17:02:36
| Platform: | Win32 | Type: | trojan | Size: | 576512 | ||
| Date: | 2009-01-27 | ||||||
Compressor: ASProtect
Endangered operating system(s): Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 all...
Non-endangered operating system(s): Windows 3.xx, DOS, Linux, Unix, Solaris all...
Naming
The different antivirus applications use different names for the individual viruses and worms. Sometimes an antivirus application identifies the same individual malware using different names for different copies or different viruses and worms are identified with the same name. The informative list below contains the names for the malware given by the most popular antivirus applications. The names can vary using the different versions of the same antivirus application.| antivirus | naming |
| AVG |
BackDoor.Hupigon4.AATV |
| BitDefender |
Backdoor.Hupigon.AAFC |
| Fortinet |
PossibleThreat |
| F-Secure |
Backdoor.Win32.Hupigon.ezli |
| Ikarus |
Backdoor.Win32.Hupigon |
| McAfee |
BackDoor-AWQ!hv.c(Trojan) |
| NOD32 (ESET) |
Win32/Hupigon.NJJ |
| Microsoft |
Win32/Hupigon.gen!B |
| Rising Antivirus |
Backdoor.Win32.Gpigeon.gel |
| Sophos |
Mal/Inet-Fam |
| Trend Micro |
BKDR_Generic.DMS |
| VirusBuster |
Backdoor.Hupigon.CIUS |
Installation
The main purpose of viruses and worms spreading on the Internet and local networks is to infect another computer. After this infection malware can modify the system and after a reboot process the malware code can be launched. For this purpose malware usually creates files in the operating system's area and modify the registry. According to this modification of the registry the operating system will execute the malware code as well. Besides, it is possible that they create files in other area (directory) of the file system. It is also possible that viruses and worms create AUTORUN.INF files in the root directories of the drives. In this case - according to the default settings of Windows - it automatically executes the malware once the user opens the root directory of the particular drive.The Win32/Hupigon.NJJ trojan in the Windows System32 folder (default: C:\Windows\System32) creates the system32.com.exe files.
Win32/Hupigon.NJJ trojan creates the following entries in the registry or modifies it (if it exists already):
Viruses and worms can create services in the system to activate after the boot process. Service parameters are stored in the registry as well. The services can be viewed in Control Panel/Administrative Tools/Services of Windows XP. It is possible that malware stop services too.
Win32/Hupigon.NJJ trojan creates the service using the system32 name.
The path of the created service is C:\Windows\System32\system32.com.exe .
Backdoor
Viruses and worms more and more frequently open backdoors on the attacked computer. Thus the attacker can take full control over the machine. In this case the attacker can do whatever s/he wants on the computer: run or stop programs and applications, upload or download files, steal passwords and access codes.Win32/Hupigon.NJJ trojan opens a backdoor on TCP port number 8080 .
It connects to the zjjdtc.3322.org web page.