Notepad virus

Hey, my comodo is saying that my notepad has a virus

exact files:

C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\dllcache\notepad.exe
C:\WINDOWS\system32\notepad.exe

it says backdoor win32 hupigon.

I am running windows xp proffesional SP2 in Polish, the size of C:\WINDOWS\notepad.exe is 70 Kb and 72 Kb on the disk, when I compared it to my brother’s (same OS) his was 3Kb smaller

should I clean these files ? Or should I just add them to my trusted files ? I would prefer it if there was just a way to get rid of the viruses in them instead of actually deleting notepad from my comp…Also I submited C:\WINDOWS\notepad.exe to virustotal and:

Antivirus results
AhnLab-V3 - 2011.06.18.00 - 2011.06.17 - Backdoor/Win32.Hupigon
AntiVir - 7.11.10.12 - 2011.06.17 - BDS/Hupigon.gbms
Antiy-AVL - 2.0.3.7 - 2011.06.17 - Trojan/win32.agent
Avast - 4.8.1351.0 - 2011.06.17 - Win32:Trojan-gen
Avast5 - 5.0.677.0 - 2011.06.17 - -
AVG - 10.0.0.1190 - 2011.06.17 - -
BitDefender - 7.2 - 2011.06.17 - -
CAT-QuickHeal - 11.00 - 2011.06.17 - -
ClamAV - 0.97.0.0 - 2011.06.17 - -
Commtouch - 5.3.2.6 - 2011.06.17 - W32/BackdoorX.BNOK
Comodo - 9103 - 2011.06.17 - Backdoor.Win32.Hupigon.gbms
DrWeb - 5.0.2.03300 - 2011.06.17 - -
Emsisoft - 5.1.0.8 - 2011.06.17 - Backdoor.Win32.Hupigon!IK
eSafe - 7.0.17.0 - 2011.06.15 - Win32.Backdoor.Hupig
eTrust-Vet - 36.1.8393 - 2011.06.17 - -
F-Prot - 4.6.2.117 - 2011.06.17 - W32/BackdoorX.BNOK
Fortinet - 4.2.257.0 - 2011.06.17 - -
GData - 22 - 2011.06.17 - Win32:Trojan-gen
Ikarus - T3.1.1.104.0 - 2011.06.17 - Backdoor.Win32.Hupigon
Jiangmin - 13.0.900 - 2011.06.17 - -
K7AntiVirus - 9.106.4822 - 2011.06.17 - Backdoor
Kaspersky - 9.0.0.837 - 2011.06.17 - Backdoor.Win32.Hupigon.gbms
McAfee - 5.400.0.1158 - 2011.06.17 - BackDoor-AWQ.b
McAfee-GW-Edition - 2010.1D - 2011.06.17 - BackDoor-AWQ.b
Microsoft - 1.6903 - 2011.06.13 - Backdoor:Win32/Pasur!rts
NOD32 - 6218 - 2011.06.17 - -
Norman - 6.07.10 - 2011.06.17 - W32/Hupigon.FJWT
nProtect - 2011-06-17.01 - 2011.06.17 - Backdoor/W32.Hupigon.71680.K
Panda - 10.0.3.5 - 2011.06.17 - Bck/Hupigon.AZG
PCTools - 7.0.3.5 - 2011.06.17 - Backdoor.Trojan
Prevx - 3.0 - 2011.06.17 - -
Rising - 23.62.03.03 - 2011.06.17 - -
Sophos - 4.66.0 - 2011.06.17 - Mal/Generic-L
SUPERAntiSpyware - 4.40.0.1006 - 2011.06.17 - -
Symantec - 20111.1.0.186 - 2011.06.17 - Backdoor.Trojan
TheHacker - 6.7.0.1.230 - 2011.06.14 - Backdoor/Hupigon.horq
TrendMicro - 9.200.0.1012 - 2011.06.17 - TROJ_GEN.0X0412S
TrendMicro-HouseCall - 9.200.0.1012 - 2011.06.17 - TROJ_GEN.0X0412S
VBA32 - 3.12.16.2 - 2011.06.17 - Backdoor.Win32.Hupigon.gbms
VIPRE - 9611 - 2011.06.17 - Backdoor.Win32.Hupigon
ViRobot - 2011.6.17.4519 - 2011.06.17 - -
VirusBuster - 14.0.84.1 - 2011.06.17 - Backdoor.Hupigon!93IYF0l4KRE
File info:
MD5: b21abfdc72818e49bcbe8c40eee55171
SHA1: 78a0686cbe2535fb1e030f0a53d02c4bf11229de
SHA256: d15d9f6a9e8c8dd20527c6256dfb50164cab27cec1c0d4dab5669ff9b2efb184
File size: 71680 bytes
Scan date: 2011-06-17 20:32:49 (UTC)

go to start > Run

type in sfc /scannow

Also try replacing the notepad.exe with one from the CD;

X5O!P%[atbp]AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Its an Eicar TEST virus it just checks if your Anti virus runs okay. :slight_smile:

mod edit: string fixed ([atbp]) by mod. kail

What is the relevance for this one year old topic?

A post said “notepad”… profile/signature spam waiting to happen? :slight_smile:

Topic locked. ;D