Discussion in 'malware problems & news' started by Randy_Bell, Apr 15, 2003.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    Symantec Security Response - Backdoor.Graybird.B

    Backdoor.Graybird.B is a variant of Backdoor.Graybird. It gives a hacker unauthorized access to your computer. The existence of the file Svch0st.exe is an indication of a possible infection.

    This threat is written in Delphi and compressed with ASPack.

    Also Known As: Backdoor.Delf.eb [KAV]
    Type: Trojan Horse
    Infection Length: 306,804 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux

    Once Backdoor.Graybird is installed, it waits for the commands from the remote client. These commands allow the hacker to perform any of the following actions:
    • Deliver system and network information to the hacker, including login names and cached network passwords.
    • Install an FTP server, which allows the hacker to use the compromised computer as a temporary storage device.
    • Open or close the CD-ROM drive and perform other annoying actions.
    • Download and execute files.
    (See above link for technical details, removal instructions, and reversing changes made to the registry)
Thread Status:
Not open for further replies.