dangit...Symantic just found this...says it deleted it, but after running the antivirus program in safe mode, it found the virus AGAIN after it rebooted. I did a search online...supposedly it lets some bad guy gain access into my computer...any thoughts on how to get rid of it? I found a website that suggested I D/L SpySweeper...but SS didn't find the virus. Help!

1/2/2006 6:26:14 PM

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html

1/2/2006 6:29:41 PM

NOrton didn't FIND anything when I ran the system scan...but it gives me a window when the computer is finished booting up.

Also, I can't update the virus definitions b/c something, somewhere is corrupted (not sure how THAT happened either).

1/2/2006 7:33:17 PM

try following this stuff:

Quote :

"4. Reversing the changes made to the registry CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions. 1. Click Start, and then click Run. (The Run dialog box appears.) 2. Type regedit Then click OK. (The Registry Editor opens.) 3. Navigate to each of these the keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NOTE: All the keys do not exist on all the systems. 4. For each one, in the right pane, delete any of the following values: "svchost" = "%System%\Svch0st.exe" "winlogon" = "%System%\Winlogon.exe" "system" = "%System%\Explorer.exe" "ravmond" = "%System%\Explorer.exe" 5. If you are running Windows NT/2000/XP, navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows 6. In the right pane, delete the value: "run" = "%system%\svch0st.EXE" "run" = "%system%\ravmond.exe" 7. Exit the registry editor. 4. Reversing the changes made to the Win.ini file If you are running Windows 95/98/Me, follow these steps: 1. The function you perform depends on your operating system: * Windows 95/98: Go to step b. * Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you need to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. Symantec recommends deleting this file before continuing with the steps in this section. To do this: 1. Start Windows Explorer. 2. Browse to and select the C:\Windows\Recent folder. 3. In the right pane, select the Win.ini file and delete it. The Win.ini file will be regenerated when you save your changes to it in step f. 2. Click Start, and then click Run. 3. Type the following: edit c:\windows\win.ini and then click OK. (The MS-DOS Editor opens.) NOTE: If Windows is installed in a different location, make the appropriate path substitution. 4. In the [windows] section of the file, look for a line similar to: run = C:\WINDOWS\SYSTEM\SVCH0ST.EXE 5. If this line exists, delete the entire line. 6. Click File, and then click Save. 7. Click File, and then click Exit."

[Edited on January 2, 2006 at 8:07 PM. Reason : .]

1/2/2006 8:07:16 PM

well...I just did all that but didn't find any of the values...any other ideas?

1/2/2006 9:17:21 PM

clear internet cookies, temp internet files, history, etc. then try rebooting again to see if it still pops up

[Edited on January 2, 2006 at 9:22 PM. Reason : .]

1/2/2006 9:20:43 PM

ok...I'll try that

ps every time I reboot I continue to get the antivirus notification...it says "clean failed, quarantine failed, delete successful, access denied" and it says the file infected was in my temp folder...not sure if that helps at all.

1/2/2006 9:29:32 PM

oh dear, that didn't work either

1/2/2006 9:33:33 PM

reformat imminent.

1/2/2006 9:37:33 PM

^unfortunately this is my first PC (I grew up with Apple/Mac) and I've never reformatted before...also, all my computer cds have been in storage since I moved so I dont even think I could reformat if I wanted to

1/2/2006 9:43:47 PM

if you need a CD i can give you one.

1/2/2006 9:45:54 PM

I'd appreciate it...but I don't live in Raleigh anymore

1/2/2006 9:46:44 PM

i figured.

you may as well just embrace the virus like a new puppy.

1/2/2006 9:48:54 PM

haha

I've already got the new puppy covered

1/2/2006 9:49:53 PM

i cant believe that a reformat is the only solution. do u have XP with system restore turned on? cause if u do, try turnin off the restore and then rerun the anti-virus stuff. in addition rerun, spybot, ad-aware, etc.

[Edited on January 2, 2006 at 9:54 PM. Reason : .]

1/2/2006 9:52:40 PM

oh gosh...I have no idea if system restore is on or not...

1/2/2006 9:53:49 PM

between symantec corp, spybot, ad-aware, and zonealarm, i don't think i've ever gottena virus before...let's hope this isn't one i get

1/2/2006 10:20:02 PM

well...I don't have zonealarm, and my symantic antivirus whatever is having issues (though I did figure out how to manually update the virus definitions). Anyhoo...I found a link to a thread where bunch of people that appeared to be in the UK that had the same problem I have. BUT, from what I gathered it sounded like the virus alert was some fluke through microsoft's newest system update...only problem I see here is that I downloaded the microsoft updates for my system AFTER the virus alert...

I'm at work right now so I don't have the link...but at any rate, I'm not sure I've got the same problem that was reported in that thread anyway...

1/3/2006 8:53:18 AM

bttt

1/3/2006 3:52:56 PM

take your shirt off?

1/3/2006 4:00:17 PM

ok after reading this whole thing: http://www.experts-exchange.com/Security/Win_Security/Q_21564654.html

it could just be a fluke that u r gettin those popups but that nuthin is actually on ur system. the guy who had the problem uninstalled every spyware program, firewalls, norton programs (including anti-virus) and then reinstalled everything. he said after the reinstallation he no longer got that popup on startup and that his system was completely clean from spyware and viruses. it's worth a shot to do all that but no guarantees; i mean it worked for him, could work for u.

if u do do this, download ur anti-virus prog, firewall (if u have 1), and anti-malware progs to a disk. then disconnect from the net, reinstall everything. then update everything and rerun all progs.

1/3/2006 4:07:07 PM

^^hah for some reason I don't think that'll work

^hey, its worth a shot...I'll see what I can accomplish when I get home

1/3/2006 4:27:19 PM

also pop MS Antispyware on your system, even though it probably wont clean this up, its far and away the best anti spyware program out there. and free

1/3/2006 4:34:50 PM

will do

1/3/2006 5:03:04 PM