Announcement

Collapse
No announcement yet.

OT: Backdoor.Graybird Trojan horse removal

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OT: Backdoor.Graybird Trojan horse removal

    Has anyone had to deal with the Backdoor.Graybird Trojan horse? Does anyone know of reliable software that can remove it? I do a Google search and find all sorts of sources for this kind of program; but, I don't know it it will work or if it can be trusted.

    I use Norton Anti-Virus on this Windows XP SP3 machine. During a full system scan NAV detected the Backdoor.Graybird Trojan horse.

    NAV is unable to remove the threat and the Symantic Web site recommends manual removal. I followed their instructions but was unable to locate the offending file(s).

    There seemed to be some huge discrepancies between their removal procedure and what I see on my computer. For one thing, when I use regedit, what I find does not have any resemblance to their examples.

    I'll be eternally grateful for your assistance.

    Orrin
    Last edited by Orrin; 12-05-2009, 12:44 PM.
    So many projects. So little time.

  • #2
    That appears to be another Windows-only problem so I've not had to deal with it. I just checked my mail servers anti-virus logs and all viruses found so far are Windows problems.

    http://inetnw.net/cgi-bin/virus/vdisplay.pl

    Most messages with viruses and spam/scams are blocked before they get to the payload scanner as it's more efficient - this chart shows the messages that get past the first layer of defense. The virus scanner is ClamAV running on a Unix server and scans messages in real time as the message is being received. If there's any problem with it at all it is rejected, leaving the responsibility for bouncing the error to the sender with them. About 87% of all connections result in rejected messages.

    The AV scanner I use has morphed over time such that it finds much more than just malware - it also finds Nigerian scams and all the imitators, spam, bank and paypal scams and imitators. In the linked chart there are probably very few true viruses as they're not as common as they once were. This reflects the money-making opportunity of spam ascending while the harmful stuff has remained stable or is even in decline.

    Comment


    • #3
      I run a Unix-based mail server for family; through the use of anti-spam techniques I reject somewhere between twenty and thirty thousand messages a week - somewhere between two and three per minute 24x7.

      When I think of the amount of time wasted by spammers across the globe...

      - Bart
      Bart Smaalders
      http://smaalders.net/barts

      Comment


      • #4
        Another linux user here -- virus ? Oh, yeah, those things we had to worry about when we used to run Windoze.

        Sorry, I can't help Orrin, except to say that back in the day Norton AV was pretty much a virus in itself. Evan will probably chime in on a recommendation for the current best AV software. I don't run AV on linux.

        Comment


        • #5
          For the OP's problem, I presume you've followed procedures such as this:

          http://www.symantec.com/security_res...506-99&tabid=3

          If this isn't working then it's possible the virus has morphed or was misidentified. Either is possible as it's a pretty old virus. If you suspect this is a possibility then you could try using some dowloadable alternative scanners that run in demo/emergency mode to see if it discovers a variant of the virus.

          Comment


          • #6
            Try Malwarebytes' Anti-Malware www.malwarebytes.org or Spybot www.safer-networking.org or both. They are both reliable.
            ----------
            Try to make a living, not a killing. -- Utah Phillips
            Don't believe everything you know. -- Bumper sticker
            Everybody is ignorant, only on different subjects. -- Will Rogers
            There are lots of people who mistake their imagination for their memory. - Josh Billings
            Law of Logical Argument - Anything is possible if you don't know what you are talking about.
            Don't own anything you have to feed or paint. - Hood River Blackie

            Comment


            • #7
              Thank you, all, for your replies. dp, yes I have done as you suggested:
              For the OP's problem, I presume you've followed procedures such as this:

              http://www.symantec.com/security_res...506-99&tabid=3

              If this isn't working then it's possible the virus has morphed or was misidentified. Either is possible as it's a pretty old virus. If you suspect this is a possibility then you could try using some dowloadable alternative scanners that run in demo/emergency mode to see if it discovers a variant of the virus.
              I did as directed and opened the registry editor. In step 4.e. of the referenced instructions I don't see anything in the right pane that resembles the following:

              If you are running Windows NT/2000/XP, navigate to the key:

              HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

              In the right pane, delete the value:

              "run" = "%system%\svch0st.EXE"
              "run" = "%system%\ravmond.exe"

              Exit the registry editor.
              None of the entries are of the "'run' = '%system%\svch0st.EXE'" format. That is why I'm wondering if Symantic is even in the right ballpark.

              I agree, this Trojan horse has probably morphed.

              Here's another thing that Symantic brought up: Their scanning software may be producing a "false positive." Now, ain't that sweet?!!!

              Regards,

              Orrin
              So many projects. So little time.

              Comment


              • #8
                Second vote for Malwarebytes. It has bailed me out before. That, and ditch the Symantic! It's probably the reason you got the virus in the first place. Why pay for something that just bogs your system down? Plenty of very good, free antivirus software out there...

                Comment


                • #9
                  Originally posted by Prototyper
                  Second vote for Malwarebytes. It has bailed me out before. That, and ditch the Symantic! It's probably the reason you got the virus in the first place. Why pay for something that just bogs your system down? Plenty of very good, free antivirus software out there...
                  Care to provide links to the very good, free antivirus software?

                  Thanks

                  TMT

                  Comment


                  • #10
                    Here is a link to the one I use. AntiVirSeems to be highly regarded by the PC geek types. I have been running it on 4 computers, for over three years, with no problems. I do regularly run MalwareBytes, as well as CCleaner to keep things running clean.

                    Comment


                    • #11
                      Avast antivirus is free and sometime he found malicious internet site before i connect.

                      Over 1M user and home edition is free

                      Good luck with your trojan

                      Comment


                      • #12
                        I second Avira Antivir. I've been using it for over six years now. I also run Spybot S&D just because it updates the Host file and lets me clean up the cookies. It does a pretty good job of protecting the Registry too (Tea-timer). For a firewall, I use Agnitum's Outpost. These are all free. And, they run fast together on Windoze XP-Sp3.

                        Sony VAIO, 3.0GHz Dual Core Pentium 4, 2GB ram. (5yrs. old.)

                        Comment


                        • #13
                          Originally posted by tslbogger
                          Avast antivirus is free and sometime he found malicious internet site before i connect.(
                          I just switched to Avast from AVG, I was having problems with crashing browsers, AVG seemed all happy, and I was crashing when AVG popped up their crap to upgrade to 9.0.

                          Avast found about 6 things that AVG conveniently forgot to find, the computer is finally fast again, and no crashes.... and Avast seems to just run kind of slow in the background without bothering anything. AVG took a few hours to do its scan and slowed you to a crawl for the whole time.

                          Comment


                          • #14
                            Thank you, SGW and Prototyper

                            Thank you, SGW and Prototyper for suggesting Malwarebytes. It found 36 instances of malware code and deleted them.

                            I'm about ready to toss NAV into the trash. It costs buck$, but for what? It didn't get rid of my problem! In my book it's worthless.

                            Best regards,

                            Orrin
                            So many projects. So little time.

                            Comment

                            Working...
                            X