Solved! Use NETBACKUP.EXE (Backdoor Hupigon) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

NETBACKUP.EXE – Backdoor Hupigon removal

FileMD5Virus Alias
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Backdoor Hupigon
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Trojan MLW
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Trojan Eldorado
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Trojan Downloader
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Backdoor Nitol
NETBACKUP.EXE 693368823c82411bc96336c9cddfb0d5 Trojan Delf

NETBACKUP.EXE size: 316466 bytes
NETBACKUP.EXE hash: 693368823C82411BC96336C9CDDFB0D5

Created files:

%SysDir%\netbackup.exe
%SysDir%\syst.dll
%Temp%\IXP000.TMP\4.exe

Autostart registry keys:

HKLM\System\CurrentControlSet\Services\netbackup\Type: 10010000
HKLM\System\CurrentControlSet\Services\netbackup\Start: 02000000
HKLM\System\CurrentControlSet\Services\netbackup\DisplayName: Remote Help & Control Service backup
HKLM\System\CurrentControlSet\Services\netbackup\ImagePath: %WinDir%\System32\netbackup.exe
HKLM\System\CurrentControlSet\Services\netctrl\Type: 10010000
HKLM\System\CurrentControlSet\Services\netctrl\Start: 02000000
HKLM\System\CurrentControlSet\Services\netctrl\DisplayName: Remote Help & Control Service
HKLM\System\CurrentControlSet\Services\netctrl\ImagePath: %WinDir%\System32\svchost.exe -k remoteservice
HKLM\System\CurrentControlSet\Services\netctrl\Info: xwimd54<=403*sodx'ogw>=678796:17?0;72,{??8???< HKLM\System\CurrentControlSet\Services\netctrl\Enum\0: Root\LEGACY_netctrl\0000 HKLM\System\CurrentControlSet\Services\netctrl\Parameters\ServiceDll: 43003A005C00570049004E0044004F00570053005C00730079007300740065006D00330032005C0073007900730074002E0064006C006C000000

Detected by UnHackMe:

NETBACKUP.EXE
Default location: %SYSDIR%\NETBACKUP.EXE

Dropper information:
MD5: 037a594815a727f03142860e16cca0f6
File size: 183808 bytes

Leave a Reply