New VirusTrojan: Backdoor.Graybird

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Norton AV reports Backdoor.Graybird has been discovered on computer; is not
able to get rid of it
I've spent hours downloading various AV programs with no success. Any one
able to help, please ?
Thanks
Jerry Kutcher

 

[z]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jerry Kutcher wrote:
> Norton AV reports Backdoor.Graybird has been discovered on computer; is not
> able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?

http://www.symantec.com/search/

Enter backdoor.graybird check "Viruses, Trojan horses ..."
Search

Find your variant and follow the manual removal instructions for it.

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.p.html

"Jerry Kutcher" <jkutcher@comcast.net> wrote in message
news:%234dfjRyuFHA.2312@TK2MSFTNGP14.phx.gbl...
> Norton AV reports Backdoor.Graybird has been discovered on computer; is
> not able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?
> Thanks
> Jerry Kutcher
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

does it say where it is

"Jerry Kutcher" wrote:

> Norton AV reports Backdoor.Graybird has been discovered on computer; is not
> able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?
> Thanks
> Jerry Kutcher
>
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "Jerry Kutcher" <jkutcher@comcast.net>

| Norton AV reports Backdoor.Graybird has been discovered on computer; is not
| able to get rid of it
| I've spent hours downloading various AV programs with no success. Any one
| able to help, please ?
| Thanks
| Jerry Kutcher
|

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

if you had gone to microsoft.public.security.virus
And read the following thread...

Subject: Strange trojan (?) Backdoor.Graybird
Posted on: Friday, September 16, 2005 10:24 AM

You would discern that this *may* very well be a False Positive declaration.

The way to find out is very simple...

Submit a sample of a file that is flagged as having the "Backdoor.Graybird" to Virus
Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Dave
Thanks, I'll try that
Jerry K

BTW
After several hours of trying everything in site, including
"microsoft.public.security.virus", I must have missed that thread



There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

if you had gone to microsoft.public.security.virus
And read the following thread...

Subject: Strange trojan (?) Backdoor.Graybird
Posted on: Friday, September 16, 2005 10:24 AM

You would discern that this *may* very well be a False Positive declaration.

The way to find out is very simple...

Submit a sample of a file that is flagged as having the "Backdoor.Graybird"
to Virus
Total --

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
Jerry K

does it say where it is

"Jerry Kutcher" wrote:

> Norton AV reports Backdoor.Graybird has been discovered on computer; is
> not
> able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "Jerry Kutcher" <jkutcher@comcast.net>

| It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
| Jerry K

The name SVCHOST.EXE is the most targeted name there is for viral and non-viral malware. If
you find it on a Win9x/ME PC, it is infected. If it is found on a NT based OS then it will
depend on the location of the file. The variations upon the name SVCHOST.EXE is almost
endless.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

See this recent thread in Security/Home Users newsgroup:

http://groups.google.com/group/microsoft.public.security.homeusers/browse_frm/thread/0c115d76c49a19b0/885df03d800240fb#885df03d800240fb
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

Jerry Kutcher wrote:
> Norton AV reports Backdoor.Graybird has been discovered on computer; is
> not
> able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?
> Thanks
> Jerry Kutcher

 

[Susan]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Jerry Kutcher wrote:

> Norton AV reports Backdoor.Graybird has been discovered on computer; is not
> able to get rid of it
> I've spent hours downloading various AV programs with no success. Any one
> able to help, please ?
> Thanks
> Jerry Kutcher
>
>
Jerry,

Look at the message and thread I posted last night in this newsgroup
with the subject:

Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
"Backdoor.Graybird" at booting - Media Center problem?

It is a false positive that occurs with Spy Sweeper onboard with their.
This is false positive is being discussed in several news groups. I
originally posted in Symantec, XP and XP Media-Center newsgroups because
the Alert started right after I initialized/used Media Center for the
first time yesterday.

If you turn off your Spy ware like Spy Sweeper so it doesn't load at
booting, there should be no Alert. After getting the latest definitions
from NAV and Spy Sweep today the Alert does not occur on booting any more.

Like you, David told me to send in a sample file to NAV on the Symantec
newsgroup, but as I have said in my original postings, there is no
sample file. The reported file is a *.tmp that is created during booting
and then is deleted by Windows after booting.

Again look at the above tread of mine.

--- Susan

 

[Guest]

Archived from groups: microsoft.public.windowsxp.general (More info?)

Susan
My thanks to both David and yourself. You guys are awesome, correctly
defining the problem
Jerry Kutcher Tewksbury MA

Jerry,

Look at the message and thread I posted last night in this newsgroup
with the subject:

Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
"Backdoor.Graybird" at booting - Media Center problem?

It is a false positive that occurs with Spy Sweeper onboard with their.
This is false positive is being discussed in several news groups. I
originally posted in Symantec, XP and XP Media-Center newsgroups because
the Alert started right after I initialized/used Media Center for the
first time yesterday.

If you turn off your Spy ware like Spy Sweeper so it doesn't load at
booting, there should be no Alert. After getting the latest definitions
from NAV and Spy Sweep today the Alert does not occur on booting any more.

Like you, David told me to send in a sample file to NAV on the Symantec
newsgroup, but as I have said in my original postings, there is no
sample file. The reported file is a *.tmp that is created during booting
and then is deleted by Windows after booting.