Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi, when i started my computer today. NAV put up a red highrisk alert box telling me that I had the Backdoor.Graybird (Doc~\Owner~...\mc21.tmp) virus and it could not be fixed. The access to the file was denied but it is still there and every time i start, it shows up. After reading on the symantec site, it says that this virus could end up giving away confidential information. I tried Spybot 1.4 and when I go to update definitions it wont take them, just says !!!bad check sum!. I cant update at all. Can someone please help me quickly?
THANK YOU.
removal instructions here.
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.q.html
for Spybot try the download mirror at SEE-CURE#2[EUROPE]
0 
Hi,
go to trend online scan, you will get a free scan of your system, c drive or any part of your system. It will be removed with their virus scan. You want it removed NOT opened or you will be in for a major headache.
0
Thanks frank and birdlegs,
The big problem is that I am a complete novice. So I clicked on the underlined Spybot word in birdlegs reply and I got to Spyware Doctor. I did their scan and they came up w/ 56 items but no other virus scan seems to see. Several are high risk, trojan downloaders (Pacimedia) and then 3 elevated risks Claria also known as Gator?? I didnt want to buy it to remove b/c noone else seems to find it and I dont know if it is true. The other thing is that I dont know to get to the mirror SEE-CURE#2[EUROPE]. I dont even know what that means. I tried to update again and it still is badcheck sum. I really think I have a problem. Also, I dont know how to get to trend online, is that a URL?? If I click the underlined virus scan in Franks reply, i still end up with spyware doctor.Maybe you can be more specific. I need to get rid of this. I did a full scan yesterday morning in safe mode and everything was fine. Now by this morning, I have all these problems.
HELP!! thanks
0
also, on birdlegs instructions to go to the symantec site for removal instructions, it has me editing the registry and backing up and i totally dont feel comfortable doing this b/c I know nothing about getting it back if something happens. Isnt there some other program which will put everything back to normal? Also, I went to the activity log/threat assessments on my live update NAV and these were part of the instructions
. Restarting the computer in Safe mode or ending the Trojan process
Windows 95/98/Me
Restart the computer in Safe mode. All the Windows 32-bit operating systems, except for Windows NT, can be restarted in Safe mode. For instructions on how to do this, read the document, "How to start the computer in Safe Mode."Windows NT/2000/XP
To end the Trojan process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the processes.
Scroll through the list and look for Svch0st.exe.
If you find the file, click it, and then click End Process.
Exit the Task Manager.well, I have alot of those and when I try to end the process it says i could damage things. also, i have like 5 of them and i am afraid they are needed for something.
0
here are instructions explaining how to manually remove backdoor.graybird
there are many variations of spyware called backdoor.graybird, you can perform a search and check all of them here: spyware search
0
andy, thanks for answering. when i went to those instructions, you could do it yourself or purchase SpySweeper to do it for you. About 10 minutes ago, I ran the trial version of SpySweeper and it found nothing but cookies to remove (which I did) but it seems like a lot of these programs are not finding this. SpyDoctor did but I would need to purchase it and I am not sure if it really works.
Why doesnt NAV know how to repair it if it can find it??? That's pretty lousy antivirus software if it cant do that.
thanks for any help
0
Hi CandyJems,
Go to google, in the address bar, enter trend online scan, it will take you to trend online scan, free scan. It will ask you to enter country of origin, then it will insert a small file to work off and then ask you what you want scanned. It will show all your drives and you check what you want scanned. At the end of the scan, if it finds a virus, it will ask you, do you want it removed.There is no adware, spyware and is a great service, it will ask you a few questions about your knowledge of malware and then offer you a 20% discount on their software. You are not obligated to buy anything and is a free service.
This will get rid of your uninvited guest,
frank
0
Hi frank,
I did what you said and Housecall found nothing. Then I did a quick scan w/ SpyDoctor and it had 15 threats, 4 of which are high, . No other program is picking this up. In addition, when I restarted WinXP, the NAV had the red alert box still with backdoor.graybird..\mc21.tmp. The SpyDoctor isnt saying that one but NAV cant repair it, which I dont understand b/c the symantec site says April 2003 it was in the virus definitions. Can someone please, please help? Is my personal info being taken? And if I buy SpyDoctor online, cant they get my credit card number?
0
Hi Candyjems,
as long as you dont open the file, it can't do you any harm. You may be getting false readings from that software. There is an excellent virus program called AVG, which believe or not is free. They also have a pro version, but the free is just as good without the so-called bells and whistles that we don't need. Again Candy, go to google and input AVG antivirus, it is a german company with a great virus hunter. Since trend did not find anything, I feel you are getting false readings, but to make sure download the program, it is also updated automatically, it seems every week, as the hacker are constantly busy dreaming up trojans, worms and viruses. Add this to your protect system. I am not sure you are familiar with firewalls that protect your computer against hackers invading your system, download either zone alarm, sygate or tiny little firewall, all three are free, one should be part of your protect system. Ive used all three and am using zone alarm at present.
hth
frank
0
Hi Frank, Thanks for putting up w/ this. Are you a computer professional? I did what you said and AVG found nothing after 1/2 hour. I do have zonealarm firewall and i think it is fine. It is just that Spyware Doctor and NAV are the only ones to find this and I dont think NAV is false b/c it has never ever given me a security alert. Any other suggestions? Is Spyware Doctor a decent program? I dont want to buy it online b/c my computer is compromised but I might go out and buy it if people think it is worth it? Your thoughts?
0
Hi Candy, it just may be a false detection.
Others are having the same problem in
the link below.http://www.broadbandreports.com/forum/remark,14377501
0
Hello Candyjems,
I just went to google punched in avg antivirus and got to free download, try it again, it is a very good antivirus program and certainly the price is right. I also want to say, with any antivirus program they are all not 100% perfect, and it would be a good idea to use trend online scan as your backup. A visit there at least one a month to check for malware. I am sure the trend is as up to date as possible as I feel about avg, but it always good to get a second opinion
frank
0
Frank, I just tried NoAdware and it finds registry changes too, just like Spyware Doctor but all the others, housecall, avg, spybot, adaware se, etc. find nothing. Should I buyone of those and use it? Is spyware doctor a legitimate company? I went to BestBuy and they dont even carry it and I dont want to enter credit card info on the computer with this going on. Any input??
0
Hi Candyjems,
If you did a sweep with the virus programs and spyware programs you listed, you would be wasting you money on spyware doctor. Any program or updates you load will change your registry. Candy you may want to add adaware another free program that will seek out adware you pick up on the net. I believe you are set with the software you need to protect your computer. Don't waste your money on spyware doctor, adaware is known by everyone, it is a fast program and does a great job flushing out spy and adware. You don't need anything else. If I pick up a file or program that contains malware I delete it, AVG tells me after I download something, it is infected. Watch your email, if you get something suspicious or you don't recognize the sender, delete it. Watch out for "free offer", or "bill is coming to visit", things that would make you curious to find out what it is, it could be a gift from a hacker. Email is the favorite delivery mode for malware, if you don't know the sender, be weary. With programs unlike email, go to my computer, highlight the program you downloaded, right click, point to nav or avg, click, and you can scan the file to see if it is infected. I do this for anything I download from the net. I couple of seconds of scan can save you from a world of misery
take care,
frank
0
Candyjems,
I am in exactly the same boat you are, same events, started at the same time.
Did you ever get NAV to stop giving you those two alarming red alert pop-ups on start-up? Did you ever find a program that would find the trojan, delete it, and set things back the way they were before it got there?
I would HOPE that Norton Anti-Virus would get around to addressing this. But since I had to disable Norton Internet Security after they put a bug into it (they admitted this) and it started updating Parental Controls (which I wasn't even running) for looooong periods of time, and then I spent an even looooooooonger time talking with a lady in India who had me wreck my NIS, so it had to be uninstalled, and then re-installed and they could never tell me what modification (I recall that we input about 4 alpha characters, that seemed random and made me think of a hair salon... like hrcp - I should have recorded it elsewhere) we had made to it before to enable it to allow emoticons on certain sites, I don't have much confidence in Norton or Symantec these days.
Please let me know if you got your Backdoor.Graybird problem solved and how. Thanks.
0
NotNormal you seem to have got it right,as the link suggests: http://www.pctools.com/spyware-doctor/support/faq/1093/
My SAV was picking backdoor.Graybird up after every reboot. Turned out to be a false positive , something to do with Spyware Doctor I believe. Hope this helps!
0
Hi,
Yes, the red alert boxes have stopped. I ran everything and then some and I emailed PC Tools and they responded to me and I think this is all false readings. No other scan, AVG, Housecall, Spyware Doctor, etc. found Backdoor.Graybird except NAV. And then I had NAV do a full system scan and NAV didnt even find it again. So I think the alerts are a mistake. They just stopped. Here is an excerpt of what the PC Tools customer service person wrote back to me:In regards to the Backdoor.GrayBird issue:
______________________________________We're sorry for the problems you are currently experiencing.
It has come to our attention that given certain system configurations, particular version(s) of Norton AntiVirus may incorrectly classify some Spyware Doctor files as a 'Backdoor.Graybird' infection.
Please rest assured that Spyware Doctor is NOT malicious and does NOT contain a virus. This appears to be a false detection resulting from a recent Norton AntiVirus Update.
So, I am just keeping up to date w/ a few spyware programs (although I need to disable the AVG email scanning b/c it messes stuff up, otherwise the other parts are on). I have zone alarm and NAV and Spyware doctor running in the background. So far so good. I hope this helps you out. I was a bit freaked out, but it doesnt seem to be a big deal now.
Good Luck.
0
Yep, I've been here too. My NAV came up with the same red box as everyone else, the same file named and it wouldn't go away after every boot up. I tried to search the solution via the NAV site and nothing that they suggested as the dodgy files showed up anywhere when doing a search apart from the quarantined folder of NAV.
I disabled my Bband cable (pulled the cable from the modem) before boot-up and the red box never appeared. If I booted with the Bband cable connected, up came the red box, figure that one out!
I ran AntiVir (search google) and that picked it up and apparently removed it, but on doing a search I founs another GB temp file in the inbox of my outlook express programme. Promptly, that got binned. Unfortunately, that now doesn't allow me to retreive any emails via that programme, so I have to go to my ISP site to get them, lol.
The file hasn't reappeared since the inbox was removed including booting up with the modem connected!
Only problem I face now is a box saying "Windows installer - preparing to install" on boot up, lol, can't win. Think a full system restore is in order.
Dave.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
