New VirusTrojan: Backdoor.Graybird

Archived from groups: microsoft.public.windowsxp.general (More info?)

Norton AV reports Backdoor.Graybird has been discovered on computer; is not
able to get rid of it
I've spent hours downloading various AV programs with no success. Any one
able to help, please ?
Thanks
Jerry Kutcher
10 answers Last reply
More about virustrojan backdoor graybird
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.p.html

    "Jerry Kutcher" <jkutcher@comcast.net> wrote in message
    news:%234dfjRyuFHA.2312@TK2MSFTNGP14.phx.gbl...
    > Norton AV reports Backdoor.Graybird has been discovered on computer; is
    > not able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?
    > Thanks
    > Jerry Kutcher
    >
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    does it say where it is

    "Jerry Kutcher" wrote:

    > Norton AV reports Backdoor.Graybird has been discovered on computer; is not
    > able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?
    > Thanks
    > Jerry Kutcher
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Jerry Kutcher wrote:
    > Norton AV reports Backdoor.Graybird has been discovered on computer; is not
    > able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?

    http://www.symantec.com/search/

    Enter backdoor.graybird check "Viruses, Trojan horses ..."
    Search

    Find your variant and follow the manual removal instructions for it.
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Jerry Kutcher" <jkutcher@comcast.net>

    | Norton AV reports Backdoor.Graybird has been discovered on computer; is not
    | able to get rid of it
    | I've spent hours downloading various AV programs with no success. Any one
    | able to help, please ?
    | Thanks
    | Jerry Kutcher
    |

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

    if you had gone to microsoft.public.security.virus
    And read the following thread...

    Subject: Strange trojan (?) Backdoor.Graybird
    Posted on: Friday, September 16, 2005 10:24 AM

    You would discern that this *may* very well be a False Positive declaration.

    The way to find out is very simple...

    Submit a sample of a file that is flagged as having the "Backdoor.Graybird" to Virus
    Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against many different AV vendor's scanners.
    That will give you an idea what it is and who recognizes it. In addition, unless told
    otherwise, Virus Total will provide the sample to all participating vendors.

    When you get the report, please post back the exact results.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dave
    Thanks, I'll try that
    Jerry K

    BTW
    After several hours of trying everything in site, including
    "microsoft.public.security.virus", I must have missed that thread


    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

    if you had gone to microsoft.public.security.virus
    And read the following thread...

    Subject: Strange trojan (?) Backdoor.Graybird
    Posted on: Friday, September 16, 2005 10:24 AM

    You would discern that this *may* very well be a False Positive declaration.

    The way to find out is very simple...

    Submit a sample of a file that is flagged as having the "Backdoor.Graybird"
    to Virus
    Total --
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
    Jerry K

    does it say where it is

    "Jerry Kutcher" wrote:

    > Norton AV reports Backdoor.Graybird has been discovered on computer; is
    > not
    > able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Jerry Kutcher" <jkutcher@comcast.net>

    | It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
    | Jerry K

    The name SVCHOST.EXE is the most targeted name there is for viral and non-viral malware. If
    you find it on a Win9x/ME PC, it is infected. If it is found on a NT based OS then it will
    depend on the location of the file. The variations upon the name SVCHOST.EXE is almost
    endless.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    See this recent thread in Security/Home Users newsgroup:

    http://groups.google.com/group/microsoft.public.security.homeusers/browse_frm/thread/0c115d76c49a19b0/885df03d800240fb#885df03d800240fb
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    Jerry Kutcher wrote:
    > Norton AV reports Backdoor.Graybird has been discovered on computer; is
    > not
    > able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?
    > Thanks
    > Jerry Kutcher
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Jerry Kutcher wrote:

    > Norton AV reports Backdoor.Graybird has been discovered on computer; is not
    > able to get rid of it
    > I've spent hours downloading various AV programs with no success. Any one
    > able to help, please ?
    > Thanks
    > Jerry Kutcher
    >
    >
    Jerry,

    Look at the message and thread I posted last night in this newsgroup
    with the subject:

    Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
    "Backdoor.Graybird" at booting - Media Center problem?

    It is a false positive that occurs with Spy Sweeper onboard with their.
    This is false positive is being discussed in several news groups. I
    originally posted in Symantec, XP and XP Media-Center newsgroups because
    the Alert started right after I initialized/used Media Center for the
    first time yesterday.

    If you turn off your Spy ware like Spy Sweeper so it doesn't load at
    booting, there should be no Alert. After getting the latest definitions
    from NAV and Spy Sweep today the Alert does not occur on booting any more.

    Like you, David told me to send in a sample file to NAV on the Symantec
    newsgroup, but as I have said in my original postings, there is no
    sample file. The reported file is a *.tmp that is created during booting
    and then is deleted by Windows after booting.

    Again look at the above tread of mine.

    --- Susan
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Susan
    My thanks to both David and yourself. You guys are awesome, correctly
    defining the problem
    Jerry Kutcher Tewksbury MA

    Jerry,

    Look at the message and thread I posted last night in this newsgroup
    with the subject:

    Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
    "Backdoor.Graybird" at booting - Media Center problem?

    It is a false positive that occurs with Spy Sweeper onboard with their.
    This is false positive is being discussed in several news groups. I
    originally posted in Symantec, XP and XP Media-Center newsgroups because
    the Alert started right after I initialized/used Media Center for the
    first time yesterday.

    If you turn off your Spy ware like Spy Sweeper so it doesn't load at
    booting, there should be no Alert. After getting the latest definitions
    from NAV and Spy Sweep today the Alert does not occur on booting any more.

    Like you, David told me to send in a sample file to NAV on the Symantec
    newsgroup, but as I have said in my original postings, there is no
    sample file. The reported file is a *.tmp that is created during booting
    and then is deleted by Windows after booting.
Ask a new question

Read More

Norton Computers Microsoft Windows XP