Virus- Backdoor.Graybird

I do not know whether any of you fellas know about this virus, I cannot remove it with my System Restore which I tried first for 2 weeks back from the time I must have got it on my computer. My virus program all up to date is Norton Internet Security and every time I open (start up) my computer it tells me it found and deleted the virus (Backdoor.Graybird) for me, I click OK and the next time I start up it tells me again and again, every time I now boot up it is again telling me it deleted this virus. So it must be hiding somewhere on my system and some how reinfects my computer every time it is booted up, I have done a full Scan twice both in the Safe mode and ordinary mode at the highest ability of the scanning program but cannot find the place where it is hiding and then I carry on the boot (after Safe mode) it again finds it and warns me and tells me it it deleted! Anyone have any ideas what I should do, it is very tricky this, I leave it with you gentlemen (and of cause Ladies) to perhaps give me any ideas. With many thanks Roy.

 

PeteC Thanks so much for helping me, I do not knw how to backup the registry and how to turn off for the time the System Restore perhaps you would be so kind to help me with these points, I know I should know but have forgotten through memory lost (g).I found the page OK and have copied it and will try and see to it over the next few days and maybe my son will come and help me out too. Many thanks and appreciation Roy.
Later-
PS Have been into the registry and checked and I feel that nothing yet has been changed so perhaps the 'thing' is caught every day before it can do any damage, at least I am hoping so. I found and backed up the registry and things before I went in there just to be on the safe side. Should I still try and delete all my System Restores I have got saved, if so how should I go about it if you can let me know I will see to it. Thanks again will be back on Wednesday to check any answers. Thanks again Roy.

 

Virus-Backdoor.Graybird

I too have had the virus on my computer. Am also running Norton AV which "detected and removed" Backdoor.Graybird from my computer yesterday. The virus has not shown up since, with other Norton scans. PeteC, thanks for the helpful info ... turning off the System Restore and the registry backup info. Although Norton has not detected the virus since removal, am wondering how likely is it that my computer has been infected and what might possibly show up or happen to indicate that files have been infected? I have had a few unusual things happen, programs hanging up, etc. but nothing serious thus far (I don't believe). Any thoughts would be appreciated. Thanks again ...

 

PeteC. I went and read all you told me and ended up deleting the file SVCHOST.EXE which I found in window task monitor and the Norton on nexr boot did not find the virus and I was pleased. I also had deleted all my System Restore points as advised and this morning while on the net checked again and found 4 more of the same name so deleted them and it then said it had to reboot which it did so I had to connect again so now I am hoping it will now be fully deleted. Thanks so much for your help Roy.
Later added-
Forgot- I had ofcause spent some time checking out the registry and could not see anything added so was pleased maybe caught before any damage done, pleased thanks again Roy.
Later-
! Hour later. Just for fun I again checked out Win Task Manager and found agin the last 4 things I had deleted and it then re bootted , the ones which had come back were-
SVCHOST Local Service, Network service, Service,Network Service and again System. very hard for me to understand this

 

Virus Backdoor.graybird. Need More Help Please-

Need more help please -

 

This was supposedly fixed by the Norton Update of 9/17. Check to see that you have all the latest updates.

 

Hello Roy,

The instances that you list are legitimate XP processes:
Microsoft reference on SVCHOST.EXE http://support.microsoft.com/?kbid=314056

An example of a trojan with the same or similiar name: http://www.neuber.com/taskmanager/process/svchost.exe.html

Regards - Charles

 

Thanks so much for your help PeteC and ofcause Charlesvar, have been off but just got in and I had realized what you say about the Trojan having an 0 number instead of the letter o, how silly I feel. I saw my son and he told me that the other few files were needed for XP system and of cause when I deleted them I was put off the net as it had to boot to put them back on, at the time I thought they MUST have been needed and were not the same as before. Anyway I have no trouble now and I do want to thank you great helpers for all the help you have given me, all my programs like Adaware, SpywareBlaster and Norton are all up to date checked every time I go on the net first thing to play safe. This is my first Trojan/virus ever and got me pretty worked up. All the best to you All Roy.

 

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html

Note the manual recovery steps you must follow after norton antivirus has removed this trojan.