New VirusTrojan: Backdoor.Graybird

[Jerry Kutcher]

Norton AV reports Backdoor.Graybird has been discovered on computer; is not
able to get rid of it
I've spent hours downloading various AV programs with no success. Any one
able to help, please ?
Thanks
Jerry Kutcher

 

[Guest]

does it say where it is

 

[Jone Doe]

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.p.html

 

[David H. Lipman]

From: "Jerry Kutcher" <[email protected]>

| Norton AV reports Backdoor.Graybird has been discovered on computer; is not
| able to get rid of it
| I've spent hours downloading various AV programs with no success. Any one
| able to help, please ?
| Thanks
| Jerry Kutcher
|

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

if you had gone to microsoft.public.security.virus
And read the following thread...

Subject: Strange trojan (?) Backdoor.Graybird
Posted on: Friday, September 16, 2005 10:24 AM

You would discern that this *may* very well be a False Positive declaration.

The way to find out is very simple...

Submit a sample of a file that is flagged as having the "Backdoor.Graybird" to Virus
Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

 

[Jerry Kutcher]

Dave
Thanks, I'll try that
Jerry K

BTW
After several hours of trying everything in site, including
"microsoft.public.security.virus", I must have missed that thread



There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

if you had gone to microsoft.public.security.virus
And read the following thread...

Subject: Strange trojan (?) Backdoor.Graybird
Posted on: Friday, September 16, 2005 10:24 AM

You would discern that this *may* very well be a False Positive declaration.

The way to find out is very simple...

Submit a sample of a file that is flagged as having the "Backdoor.Graybird"
to Virus
Total --

 

[Jerry Kutcher]

It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
Jerry K

does it say where it is

 

[David H. Lipman]

From: "Jerry Kutcher" <[email protected]>

| It hides itself as "svch0st.exe" as opposed to legitimate svchost.exe
| Jerry K

The name SVCHOST.EXE is the most targeted name there is for viral and non-viral malware. If
you find it on a Win9x/ME PC, it is infected. If it is found on a NT based OS then it will
depend on the location of the file. The variations upon the name SVCHOST.EXE is almost
endless.

 

[Z]

Norton AV reports Backdoor.Graybird has been discovered on computer; is not
able to get rid of it
I've spent hours downloading various AV programs with no success. Any one
able to help, please ?

http://www.symantec.com/search/

Enter backdoor.graybird check "Viruses, Trojan horses ..."
Search

Find your variant and follow the manual removal instructions for it.

 

[PA Bear]

See this recent thread in Security/Home Users newsgroup:

http://groups.google.com/group/micr...d76c49a19b0/885df03d800240fb#885df03d800240fb

 

[Susan]

Norton AV reports Backdoor.Graybird has been discovered on computer; is not
able to get rid of it
I've spent hours downloading various AV programs with no success. Any one
able to help, please ?
Thanks
Jerry Kutcher

Jerry,

Look at the message and thread I posted last night in this newsgroup
with the subject:

Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
"Backdoor.Graybird" at booting - Media Center problem?

It is a false positive that occurs with Spy Sweeper onboard with their.
This is false positive is being discussed in several news groups. I
originally posted in Symantec, XP and XP Media-Center newsgroups because
the Alert started right after I initialized/used Media Center for the
first time yesterday.

If you turn off your Spy ware like Spy Sweeper so it doesn't load at
booting, there should be no Alert. After getting the latest definitions
from NAV and Spy Sweep today the Alert does not occur on booting any more.

Like you, David told me to send in a sample file to NAV on the Symantec
newsgroup, but as I have said in my original postings, there is no
sample file. The reported file is a *.tmp that is created during booting
and then is deleted by Windows after booting.

Again look at the above tread of mine.

--- Susan

 

[Jerry Kutcher]

Susan
My thanks to both David and yourself. You guys are awesome, correctly
defining the problem
Jerry Kutcher Tewksbury MA

Jerry,

Look at the message and thread I posted last night in this newsgroup
with the subject:

Can't find, delete, or quarantine a *.tmp reported by Auto-Protect as a
"Backdoor.Graybird" at booting - Media Center problem?

It is a false positive that occurs with Spy Sweeper onboard with their.
This is false positive is being discussed in several news groups. I
originally posted in Symantec, XP and XP Media-Center newsgroups because
the Alert started right after I initialized/used Media Center for the
first time yesterday.

If you turn off your Spy ware like Spy Sweeper so it doesn't load at
booting, there should be no Alert. After getting the latest definitions
from NAV and Spy Sweep today the Alert does not occur on booting any more.

Like you, David told me to send in a sample file to NAV on the Symantec
newsgroup, but as I have said in my original postings, there is no
sample file. The reported file is a *.tmp that is created during booting
and then is deleted by Windows after booting.