Search the archive:
 YaBB - Yet another Bulletin Board
 
   
 
  Simviation ForumComputer Hardware & Software Forum Computer Games & Software › **Virus Help**
(Moderators: Mitch., Fly2e, ozzy72, beaky, Clipper, JBaymore, Bob70, BigTruck)
Previous Topic | Next Topic
Page Index Toggle Pages: 1
Send Topic Print
**Virus Help** (Read 272 times)
Sep 16th, 2005 at 3:43pm

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
Well playing on an Online multiplayer game i recieved a Virus, yes 100& free!

The virus is called backdoor.graybird.

Norton AV 2005 said it dicovered it and automatically deleted it.

Does this mean my system is now 100% safe from this.

Can i take any more steps?

I Turned the Anti-virus off whilst playing Embarrassed Embarrassed, i know i did stupid and dont menion it again, My own stupid fault Embarrassed Cry

Anyway as much info as possible would be very helpful and thanks for yout advice!

Many thanks

James
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #1 - Sep 16th, 2005 at 4:41pm

GeForce   Offline
Colonel
It keeps going and going!!
Wooohoooooo!!
London, United Kingdom

Gender: male
 Posts: 2616
 *****
 
If Norton found it and said it deleted it, you can probably believe it. And because it got rid of it, you can be failr sure it will do it again if you happen to recieve that virus again.

Nevertheless read this page: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.p.html

Cheers,

Jon
 
...&&LiveScripts.NET - Over 300 free Scripts and Extensive Scripting Tutorials&&AMD Athlon 64 3700+ @ 2.8Ghz | Asus A8N-SLi Premium | BFG Tech GeForce 7900GT 256mb @ 475/1360Mhz | 1Gb GeIL Ultra-X NF4 Edition | 160Gb WD SATA-3 HDD | Hiper Type-R 580W
Back to top 
IP Logged
 
Reply #2 - Sep 16th, 2005 at 6:06pm

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
Thanks Jon for the info, Much appreciated.

Norton now says its "found the virus and has automatically removed" Everytime i LOG ON so the virus must and has to still be there.

Any other ideas? My system has quite a bit of junk lying about aswell, but i hope i can get this fixed,

Only other option involves Doing a re-format which is OK because i can get rid of the junk and the virus and start from fresh.'

Cheers

James
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #3 - Sep 17th, 2005 at 1:01am

Katahu   Offline
Colonel

Gender: male
 Posts: 6920
 *****
 
Do a full system scan every week and run live update every once in a while to stay up to date.
 
Back to top 
IP Logged
 
Reply #4 - Sep 17th, 2005 at 8:04am

GeForce   Offline
Colonel
It keeps going and going!!
Wooohoooooo!!
London, United Kingdom

Gender: male
 Posts: 2616
 *****
 
Quote:
Do a full system scan every week and run live update every once in a while to stay up to date.


Good advice. If it's doing it everytime you log on it might have "half-removed" the virus. Ie. parts of it have been gotten rid of and it can't do any damage. But the virus may have affected system .dlls and the like. Norton can't muck around with these because they are constantly in use when the system is running, and you know that Windows won't let you change something when it's in use.

Basically, if you can't see anything that the virus is doing, leave it alone.

Could you post a screenshot of the notice Norton comes up with at logon?

Cheers,

Jon

PS. If you want to do a reformat, you may as well. Cleans out the system nicely, just make sure you back everything up!!
 
...&&LiveScripts.NET - Over 300 free Scripts and Extensive Scripting Tutorials&&AMD Athlon 64 3700+ @ 2.8Ghz | Asus A8N-SLi Premium | BFG Tech GeForce 7900GT 256mb @ 475/1360Mhz | 1Gb GeIL Ultra-X NF4 Edition | 160Gb WD SATA-3 HDD | Hiper Type-R 580W
Back to top 
IP Logged
 
Reply #5 - Sep 17th, 2005 at 10:51am

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
AAh thanks, Greatly appreciated.

I have re-formatted and backup it all up now, making do' with the laptop.

I didn't know you could get a Virus from online multiplayer games? ???

I was playing battlefield 2, and zonealarm kept mentioning a High risk or somethin, i didn't take that much notice because sometimes its just programs loading up, but i restarted my PC and the norton Virus sign came up saying it had found one and automatically deleted it, and this now happens every time i logon.

But ive re-formatted now, so A fresh system!

So what do you think? Did i get it from an online multiplayer game? Or something else?

All i go on is SimV and PC hardware sites and thats all.

Many thanks indeed.

James, Wink
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #6 - Sep 17th, 2005 at 11:10am

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
ALSO IS spoolsv.exe  a system process???

I have just looked in windows task manager, thats all.

Wondered if it was a safe application.
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #7 - Sep 17th, 2005 at 11:41am

Fozzer   Offline
Colonel
An elderly FS 2004 addict!
Hereford. England. EGBS.

Posts: 24861
 *****
 
Hi Jimbo...!

If you have problems in getting Norton to remove a Trojan or Virus, when Windows is running, start the computer in "Safe" mode...
Press the F8 key during boot-up.
When the screen has loaded, locate your CD Rom with the Norton disk in it.
Double click the CD to run Norton scan... Grin...!

When running in Safe Mode Windows is not operating, and will not be "using" it's registry, allowing Norton to modify it as required.. Wink...!

This works much more successfully then trying to get Norton to do the job whilst Windows is running...!

Cheers Jimbo...!

Paul... 8)...!

Norton's tip:
----------------
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.

After the files are deleted, restart the computer in Normal mode.
 
Dell Dimension 5000 BTX Tower. Win7 Home Edition, 32 Bit. Intel Pentium 4, dual 2.8 GHz. 2.5GB RAM, nVidia GF 9500GT 1GB. SATA 500GB + 80GB. Philips 17" LCD Monitor. Micronet ADSL Modem only. Saitek Cyborg Evo Force. FS 2004 + FSX. Briggs and Stratton Petrol Lawn Mower...Motor Bikes. Gas Cooker... and lots of musical instruments!.... ...!
Yamaha MO6,MM6,DX7,DX11,DX21,DX100,MK100,EMT10,PSR400,PSS780,Roland GW-8L v2,TR505,Casio MT-205,Korg CX3v2 dual manual,+ Leslie 760,M-Audio Prokeys88,KeyRig,Cubase,Keyfax4,Guitars,Orchestral,Baroque,Renaissance,Medieval Instruments.
Back to top 
IP Logged
 
Reply #8 - Sep 17th, 2005 at 11:49am

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
Cheers foz!, a bit late now, but VERY handy in the future!

Cheers mate

James Wink
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #9 - Sep 17th, 2005 at 12:03pm

Fozzer   Offline
Colonel
An elderly FS 2004 addict!
Hereford. England. EGBS.

Posts: 24861
 *****
 
Quote:
Cheers foz!, a bit late now, but VERY handy in the future!

Cheers mate

James Wink



Good-on-ya, Jimbo... Grin...!

For anyone who is interested, an alternative method...>>>

Press "Delete" during boot up to go into the BIOS.
Select your CD ROM as the first boot disk instead of the hard drive.
Pop the norton disk in the CD ROM.
Save the BIOS, and re-start the computer.

The CD will be detected first and the Norton disk will perform a scan.
When all is completed satisfactorally, go back into BIOS, change the first boot disk back again to the hard drive.
Save the BIOS, and re-start the computer as normal.
Sorted... Wink...!

This method also performs the scan before Windows starts...!

Cheers...!

Paul.
 
Dell Dimension 5000 BTX Tower. Win7 Home Edition, 32 Bit. Intel Pentium 4, dual 2.8 GHz. 2.5GB RAM, nVidia GF 9500GT 1GB. SATA 500GB + 80GB. Philips 17" LCD Monitor. Micronet ADSL Modem only. Saitek Cyborg Evo Force. FS 2004 + FSX. Briggs and Stratton Petrol Lawn Mower...Motor Bikes. Gas Cooker... and lots of musical instruments!.... ...!
Yamaha MO6,MM6,DX7,DX11,DX21,DX100,MK100,EMT10,PSR400,PSS780,Roland GW-8L v2,TR505,Casio MT-205,Korg CX3v2 dual manual,+ Leslie 760,M-Audio Prokeys88,KeyRig,Cubase,Keyfax4,Guitars,Orchestral,Baroque,Renaissance,Medieval Instruments.
Back to top 
IP Logged
 
Reply #10 - Sep 17th, 2005 at 3:17pm

GeForce   Offline
Colonel
It keeps going and going!!
Wooohoooooo!!
London, United Kingdom

Gender: male
 Posts: 2616
 *****
 
Quote:
ALSO IS spoolsv.exe  a system process???

I have just looked in windows task manager, thats all.

Wondered if it was a safe application.


Yes mate, that's the Windows Printer Spooling program. Check this: http://www.liutilities.com/products/wintaskspro/processlibrary/spoolsv/

As for getting the virus from the actual game, it's not likely, although theoritically it is possible. For example if the game uses a map you don't have and that map is downloaded to your computer, it could contain a virus.

I'm not sure how you got it, though now you've formatted it doesn't make any difference.

Cheers,

Jon
 
...&&LiveScripts.NET - Over 300 free Scripts and Extensive Scripting Tutorials&&AMD Athlon 64 3700+ @ 2.8Ghz | Asus A8N-SLi Premium | BFG Tech GeForce 7900GT 256mb @ 475/1360Mhz | 1Gb GeIL Ultra-X NF4 Edition | 160Gb WD SATA-3 HDD | Hiper Type-R 580W
Back to top 
IP Logged
 
Reply #11 - Sep 17th, 2005 at 5:23pm

Jimbo   Offline
Colonel
Jimbo's Flight Simulation
Tours
South Yorkshire, UK

Gender: male
 Posts: 3052
 *****
 
Oook Jon.

you have been a real help pal, very appreciated, i hope you know that! Wink

Its a mystery to me, im just trying to find out where i got it from so that i dont do it again.
But next time i will enable norton and spyware sweeper on!

Cheers mate Smiley

James 8)
 
..Jimbo's Tours, MORE info in the MULTIPLAYER SECTION
Back to top 
IP Logged
 
Reply #12 - Sep 17th, 2005 at 7:01pm

Katahu   Offline
Colonel

Gender: male
 Posts: 6920
 *****
 
Note: If all of the above fails, there is always the hammer. Enjoy. Grin
 
Back to top 
IP Logged
 
Reply #13 - Sep 18th, 2005 at 4:40pm

GeForce   Offline
Colonel
It keeps going and going!!
Wooohoooooo!!
London, United Kingdom

Gender: male
 Posts: 2616
 *****
 
Quote:
Note: If all of the above fails, there is always the hammer. Enjoy. Grin


Trust you! Grin

No problem James, anytime Wink

Jon 8)
 
...&&LiveScripts.NET - Over 300 free Scripts and Extensive Scripting Tutorials&&AMD Athlon 64 3700+ @ 2.8Ghz | Asus A8N-SLi Premium | BFG Tech GeForce 7900GT 256mb @ 475/1360Mhz | 1Gb GeIL Ultra-X NF4 Edition | 160Gb WD SATA-3 HDD | Hiper Type-R 580W
Back to top 
IP Logged
 
Page Index Toggle Pages: 1
Send Topic Print
Previous Topic | Next Topic
  « Home ‹ Board Top of this page

Simviation Forum » Powered by YaBB 2.5 AE!
YaBB Forum Software © 2000-2010. All Rights Reserved.

Valid RSS Valid XHTML Valid CSS Powered by Perl Source Forge