Hi -- I see that this one has been found in a number of apps. My Ad Aware PRO AE has turned this up several times and quarantined it(this after removing it once after which I had to reinstall the program it found it in). It occurs in a program called Movie Magic Screenwriter, inside an exe. called netpub. I suspect this is a false positive, since I've never seen it do anything malicious...and it's found it three times. Can you check this please? This is my screenwriting program and it won't function without netpub...and I need to be able to use it!

I've attached the scan report as well as a zip of netpub.exe (I tried to password it, but couldn't - sorry). If you need anything else, please let me know.

Thanks!

Hello scriptwitch

Thank you for reporting this. We will re-investigate the file and if it is found to be a false positive it will be removed from detection.

Regards
LS Anders

I too have suddenly started to pick up win32 backdoor hupigon with adaware. I scanned once, applied the recommend solution and the next day scanned again and it is back. How do you tell which file it is attached to? I also wonder if it is a false positive, but given the description that it allows someone to take over your computer, I want to get to the bottom of this. Thanks.

Under Ad-Watch Processes, you should see it listed in the Latest Detected list - below that, click on "Export Detailed Log." It will open a text message which shows the directory path and file.

Hi scriptwitch,

This file does not exhibit any malicious behaviour - it will be removed from detection as of upate 0148.0052. Thanks for uploading the file and the scan log - it was a big help.

Regards,

Andy
Lavasoft Malware Labs

I have had this found twice in two days - I quarantined and deleted the file, as I dont require it. I've sent this newly quarantined "infected" file via Threatwork. I've left it it quarantine and my virus scanner didn't pick it up having scanned it.

A0877629.exe as an AAWQF file.