Backdoor Graybird.k And Irc.bot

[loginandtonic]

Spyware Doctor says i have these trojans, obviously wants me to part with money to remove them, is there a free program that can eg superantispyware?

and what do these trojans do?

advice appreciated if anyone knows

thx in adv.

quick edit, my research seems to suggest they are known as SP00LSV.exe and MRMMNGR.exe

[Three Pint Princess 2]

http://www.safer-networking.org/en/mirrors/index.html

Spybot - Search & Destroy is a good free program.

Try this forum as well http://www.spywareinfoforum.com/index.php?showforum=18

http://www.spywareinfoforum.com/index.php?showtopic=23382

[loginandtonic]

http://www.safer-networking.org/en/mirrors/index.html

Spybot - Search & Destroy is a good free program.

Try this forum as well http://www.spywareinfoforum.com/index.php?showforum=18

http://www.spywareinfoforum.com/index.php?showtopic=23382

thx tpp2 much appreciated, however i dont think spybot s&d etc & other free ones found it, its only been pc tools spyware doctor come up with this, i hate putting my hand in my pocket for software when a free one can do the same because i know there are loads of talented programmers out there contributing to open source and free progs, so i hate feeding a corporation - pc tools are a biz and want my dosh to remove it - or i could go to trialpay.com and buy something there and get the pc tools prog free apparently but still it means parting with the greenbacks when probably out there is a free fix

[Little Professor]

thx tpp2 much appreciated, however i dont think spybot s&d etc & other free ones found it

Which suggests that Spyware Doctor is making sh1t up just to get you to pay them. Seriously, if Spybot, Malwarebytes and Windows Defender don't find anything, you're clean.

Antivirus/antimalware is one area where the maxim "you get what you pay for" doesn't hold up. The paid-for products tend to be a lot more bloated and spammy than the free alternatives which aren't trying to sell you anything.

[loginandtonic]

Which suggests that Spyware Doctor is making sh1t up just to get you to pay them. Seriously, if Spybot, Malwarebytes and Windows Defender don't find anything, you're clean.

Antivirus/antimalware is one area where the maxim "you get what you pay for" doesn't hold up. The paid-for products tend to be a lot more bloated and spammy than the free alternatives which aren't trying to sell you anything.

never heard of malwarebytes before, thx for the tip, just downloaded spybot s&d again (i used to use it some years back) and will see what it comes up with, scan will take some time...

thx 4 the heads up

[loginandtonic]

nope it appears spybot did NOT find it, but spybot's own website doesn't have graybird come up if you do a search. i therefore cant say i have confidence in spybot. i also think threatfire slows my computer markedly

i am going to try to see if i can find some inexpensive software that does actually work, i may have to hand over the money to pc tools, graybird is a very dangerous trojan and i am not tech minded to do a manual removal

[loginandtonic]

am going to try this manual removal method using Autoruns http://en.kioskea.net/forum/affich-24004-h...ckdoor-graybird

certainly not splashing fifty quid at pc tools corp unless i absolutely have to, a computer mag may have a 30 or 60 day licence for it soon anyway, as they sometimes do such offers when you buy the mag and get the 'free' disc with it

if anyone knows of freeware that definitely removes graybird pls post, i dont have any proof at the moment that superantispyware or spybot do... they might but i dont see any evidence yet

[pepsi]

Have you tried other free scanners? e.g. Kaspersky on-line scan.

Also the PrevX scanner is designed to be run in addition to other background AVs and is very good on some threats (I use it as the main additional scan in addition to Avast which I run as the main AV).

Malwarebytes has a very good reputation.

[loginandtonic]

Have you tried other free scanners? e.g. Kaspersky on-line scan.

Also the PrevX scanner is designed to be run in addition to other background AVs and is very good on some threats (I use it as the main additional scan in addition to Avast which I run as the main AV).

Malwarebytes has a very good reputation.

i've got avast updated and on, i still seem to have graybird according to pc tools, i also have irc.bot and a few others of less concern

i will try kaspersky, thx

my superantispyware wont even start any more, anyway heres their page on graybird http://www.superantispyware.com/malwarefil...P00LSV.EXE.html

[loginandtonic]

pc tools spyware doctor claims the graybird is in the registry in one of the subsections as "XProtector" and "Orlans.sys" among others. Xprotector is sometimes just a shareware anti reverse engineering tool, apparently, but spyware doc has said it is graybird.

spyware doc is on ebay at twenty quid, if i am forced to buy it i'll go there.

meantime, i'm going to try to run a full scan of superantispyware and see if it finds it.

the autoruns did not find that file, and i dont seem to have sp00lsv.exe on there etc either. spoolsv.exe yes, sp00lsv no.

problem is my laptop now shuts down on its own, overheating prob i assume. so i may not be able to get it to do a big scan any more.

[interestrateripoff]

http://support.kaspersky.com/viruses/avptool?level=2

I would suggest using this Kaspersky has one of the best detection ratings.

Download this tool, boot your PC into safe mode and then scan the drive using this tool.

How to boot into safe mode

However it's even better to do the scan with the OS not booted.

http://www.ubcd4win.com/

If you have a copy of WinXP I would suggest building this CD and boot your laptop with it, this is a mini OS which will allow you to scan your hard drive without booting up the installed operating system.

Gladiator Security Forum

If you need professional help removing the virus I would suggest running HijackThis and posting a log here for an expert to view it. You will then get all the instructions you need to remove what's on your system.

[interestrateripoff]

problem is my laptop now shuts down on its own, overheating prob i assume. so i may not be able to get it to do a big scan any more.

Could be overheating or could be infected related.

AntiVir Rescue CD

You could also try this

[interestrateripoff]

http://www.sophos.com/security/analyses/vi...jhupigones.html

http://www.spywareremove.com/removeBackdoorGrayBird.html

[loginandtonic]

http://www.sophos.com/security/analyses/vi...jhupigones.html

http://www.spywareremove.com/removeBackdoorGrayBird.html

thx for the advice and links

i did an overnight scan with superantispyware, it didnt find anything other than the usual tracking cookies.

i do have the xprotector entries in the registry but i have no idea if spyware doc is correct or not about whether they are bona fide or not.

i will probably do the kaspersky scan. thx.

[Guest Skinty]

Why don't you look manually for the files and registry keys specific to this infection to see for yourself whether you have it or not?

Remember, sometimes you can get false positives from anti- spyware and virus scanners.

[loginandtonic]

Why don't you look manually for the files and registry keys specific to this infection to see for yourself whether you have it or not?

Remember, sometimes you can get false positives from anti- spyware and virus scanners.

i have, i found xprotector but not the others, thx for the tip tho - i think these trojans can hide in the roots or whatever, so really its a grey area or should that be gray area,

google started kit supposedly does some version of spyware doc free, or the trialpay full version but a delay in getting the confirmation through is annoying - no confirmation = no licence code