User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » backdoor.graybird virus Page [1]  
JSnail
All American
4844 Posts
user info
edit post

dangit...Symantic just found this...says it deleted it, but after running the antivirus program in safe mode, it found the virus AGAIN after it rebooted. I did a search online...supposedly it lets some bad guy gain access into my computer...any thoughts on how to get rid of it? I found a website that suggested I D/L SpySweeper...but SS didn't find the virus. Help!

1/2/2006 6:26:14 PM

brianj320
All American
9166 Posts
user info
edit post

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html

1/2/2006 6:29:41 PM

JSnail
All American
4844 Posts
user info
edit post

NOrton didn't FIND anything when I ran the system scan...but it gives me a window when the computer is finished booting up.

Also, I can't update the virus definitions b/c something, somewhere is corrupted (not sure how THAT happened either).

1/2/2006 7:33:17 PM

brianj320
All American
9166 Posts
user info
edit post

try following this stuff:

Quote :
"4. Reversing the changes made to the registry

CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start, and then click Run. (The Run dialog box appears.)
2. Type regedit

Then click OK. (The Registry Editor opens.)

3. Navigate to each of these the keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

NOTE: All the keys do not exist on all the systems.

4. For each one, in the right pane, delete any of the following values:

"svchost" = "%System%\Svch0st.exe"
"winlogon" = "%System%\Winlogon.exe"
"system" = "%System%\Explorer.exe"
"ravmond" = "%System%\Explorer.exe"

5. If you are running Windows NT/2000/XP, navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

6. In the right pane, delete the value:

"run" = "%system%\svch0st.EXE"
"run" = "%system%\ravmond.exe"

7. Exit the registry editor.

4. Reversing the changes made to the Win.ini file
If you are running Windows 95/98/Me, follow these steps:

1. The function you perform depends on your operating system:
* Windows 95/98: Go to step b.
* Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you need to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. Symantec recommends deleting this file before continuing with the steps in this section. To do this:
1. Start Windows Explorer.
2. Browse to and select the C:\Windows\Recent folder.
3. In the right pane, select the Win.ini file and delete it. The Win.ini file will be regenerated when you save your changes to it in step f.

2. Click Start, and then click Run.
3. Type the following:

edit c:\windows\win.ini

and then click OK. (The MS-DOS Editor opens.)

NOTE: If Windows is installed in a different location, make the appropriate path substitution.

4. In the [windows] section of the file, look for a line similar to:

run = C:\WINDOWS\SYSTEM\SVCH0ST.EXE

5. If this line exists, delete the entire line.

6. Click File, and then click Save.

7. Click File, and then click Exit."


[Edited on January 2, 2006 at 8:07 PM. Reason : .]

1/2/2006 8:07:16 PM

JSnail
All American
4844 Posts
user info
edit post

well...I just did all that but didn't find any of the values...any other ideas?

1/2/2006 9:17:21 PM

brianj320
All American
9166 Posts
user info
edit post

clear internet cookies, temp internet files, history, etc. then try rebooting again to see if it still pops up

[Edited on January 2, 2006 at 9:22 PM. Reason : .]

1/2/2006 9:20:43 PM

JSnail
All American
4844 Posts
user info
edit post

ok...I'll try that

ps every time I reboot I continue to get the antivirus notification...it says "clean failed, quarantine failed, delete successful, access denied" and it says the file infected was in my temp folder...not sure if that helps at all.

1/2/2006 9:29:32 PM

JSnail
All American
4844 Posts
user info
edit post

oh dear, that didn't work either

1/2/2006 9:33:33 PM

LiusClues
New Recruit
13824 Posts
user info
edit post

reformat imminent.

1/2/2006 9:37:33 PM

JSnail
All American
4844 Posts
user info
edit post

^unfortunately this is my first PC (I grew up with Apple/Mac) and I've never reformatted before...also, all my computer cds have been in storage since I moved so I dont even think I could reformat if I wanted to

1/2/2006 9:43:47 PM

LiusClues
New Recruit
13824 Posts
user info
edit post

if you need a CD i can give you one.

1/2/2006 9:45:54 PM

JSnail
All American
4844 Posts
user info
edit post

I'd appreciate it...but I don't live in Raleigh anymore

1/2/2006 9:46:44 PM

LiusClues
New Recruit
13824 Posts
user info
edit post

i figured.

you may as well just embrace the virus like a new puppy.

1/2/2006 9:48:54 PM

JSnail
All American
4844 Posts
user info
edit post

haha

I've already got the new puppy covered

1/2/2006 9:49:53 PM

brianj320
All American
9166 Posts
user info
edit post

i cant believe that a reformat is the only solution. do u have XP with system restore turned on? cause if u do, try turnin off the restore and then rerun the anti-virus stuff. in addition rerun, spybot, ad-aware, etc.

[Edited on January 2, 2006 at 9:54 PM. Reason : .]

1/2/2006 9:52:40 PM

JSnail
All American
4844 Posts
user info
edit post

oh gosh...I have no idea if system restore is on or not...

1/2/2006 9:53:49 PM

quagmire02
All American
44225 Posts
user info
edit post

between symantec corp, spybot, ad-aware, and zonealarm, i don't think i've ever gottena virus before...let's hope this isn't one i get

1/2/2006 10:20:02 PM

JSnail
All American
4844 Posts
user info
edit post

well...I don't have zonealarm, and my symantic antivirus whatever is having issues (though I did figure out how to manually update the virus definitions). Anyhoo...I found a link to a thread where bunch of people that appeared to be in the UK that had the same problem I have. BUT, from what I gathered it sounded like the virus alert was some fluke through microsoft's newest system update...only problem I see here is that I downloaded the microsoft updates for my system AFTER the virus alert...

I'm at work right now so I don't have the link...but at any rate, I'm not sure I've got the same problem that was reported in that thread anyway...

1/3/2006 8:53:18 AM

JSnail
All American
4844 Posts
user info
edit post

bttt

1/3/2006 3:52:56 PM

typhicane
All American
2400 Posts
user info
edit post

take your shirt off?

1/3/2006 4:00:17 PM

brianj320
All American
9166 Posts
user info
edit post

ok after reading this whole thing: http://www.experts-exchange.com/Security/Win_Security/Q_21564654.html

it could just be a fluke that u r gettin those popups but that nuthin is actually on ur system. the guy who had the problem uninstalled every spyware program, firewalls, norton programs (including anti-virus) and then reinstalled everything. he said after the reinstallation he no longer got that popup on startup and that his system was completely clean from spyware and viruses. it's worth a shot to do all that but no guarantees; i mean it worked for him, could work for u.

if u do do this, download ur anti-virus prog, firewall (if u have 1), and anti-malware progs to a disk. then disconnect from the net, reinstall everything. then update everything and rerun all progs.

1/3/2006 4:07:07 PM

JSnail
All American
4844 Posts
user info
edit post

^^hah for some reason I don't think that'll work

^hey, its worth a shot...I'll see what I can accomplish when I get home

1/3/2006 4:27:19 PM

Noen
All American
31346 Posts
user info
edit post

also pop MS Antispyware on your system, even though it probably wont clean this up, its far and away the best anti spyware program out there. and free

1/3/2006 4:34:50 PM

JSnail
All American
4844 Posts
user info
edit post

will do

1/3/2006 5:03:04 PM

 Message Boards » Tech Talk » backdoor.graybird virus Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.