Question:
How to get rid of backdoor.graybird virus?
Dawn
2012-10-25 20:39:44 UTC
I use Symantec End Point Protection (latest version with updates).

I get errors every now and then about this virus called backdoor.graybird. Symantec says I have to restart my computer to delete it. I comply, and it just keeps coming back. Also, it keeps changing its exact name, the numbers keep changing and the file is always named something like "dwh2854" or "dwhf1082". I have gone to the folder where the virus is located and deleted everything in it. At some random point, the files I have deleted come back to life after deletion (usually a day or so later). The files which get detected are always located in my "temp" folder.

Can someone please help me get rid of this thing once and for all?

Background info:
Windows 7 64bit
Symantec End Point Protection 12 (with all latest updates)
I have done a full system scan, both regular settings and super high heuristic scans with no luck.
Had the issue for a few weeks now.

Best/most thorough answer will get rated as "best answer" by me. (Ask additional details if necessary). Thank you!
Three answers:
anonymous
2012-10-26 08:43:31 UTC
Try this:



Firstly, boot your computer to the Safe Mode menu screen. You do this by repeatedly pressing F8 as soon as you boot up. Once there, use the arrow keys to highlight Safe Mode with Networking. Continue to boot from there, by pressing Enter. You will now see some drivers being loaded. There will be a pause at some point. This usually lasts for no more than 30 seconds.



Now open your browser and download TDSSKiller.exe from Kaspersky Lab. It's tiny, and takes just a minute to run. It hunts down and kills a specific family of rootkits.



http://support.kaspersky.com/faq/?qid=208280684



Regardless of the results…



Download this package.



When you click on the download button, wait for a few seconds and the download box will appear, without you having to enter your name or email address.



Save it to your desktop, unzip it...click on start.exe...then click on Emergency Kit Scanner. Wait for it to open (this may take a couple of minutes), then get updates and run a Deep Scan (the scan may take a while):



http://www.emsisoft.com/en/software/eek/



You should now delete TDSSKiller.exe, as updated versions are often made available.



Hope this helps.
Shonta
2016-08-29 09:18:01 UTC
2
anonymous
2016-12-24 14:54:05 UTC
Do a equipment fix a million to 2 days earlier you spotted the subject. turn off equipment fix acquire, set up and replace Avg unfastened. Disable all startup keys, click initiate and sort msconfig, a sparkling window will seem. click on the startup tab and uncheck each and all of the bins and restart your pc. enter risk-free mode by way of pressing key --f8-- and test with Avg unfastened, quarantine all it is discovered and restart your pc. Login in many situations and test lower back. If no longer something is discovered, delete all equipment fix factors, create a sparkling element and turn equipment fix lower back on. Re-enable your startup keys in msconfig, by way of following the stairs above. in case you require greater suitable suggestions, you could touch me from the hyperlink it is provided. solid success!


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...