How to remove virus backdoor.graybird?
Closed
dex_cer
Posts
1
Registration date
Thursday September 11, 2008
Status
Member
Last seen
September 12, 2008
-
Sep 12, 2008 at 08:54 AM
roshan - Mar 9, 2009 at 04:59 AM
roshan - Mar 9, 2009 at 04:59 AM
2 responses
if you find out please let me know regards tony.
I just had this Trojan removed. I am using Symantec Antivirus. The AV keeps on prompting a detection on CUSTSATKEY.dll which detected as Backdoor.Graybird, however it was never sucessfully removed due to another SERVICE was installed and call the CUSTSAYKEY.dll
Here is what I did.
1) Launch Windows Explorer --> Tools --> Folder Options ---> Show hidden files and folders.
2) Browse C:\Program Files\Messenger
3) There are 5 hidden files:1) custsat.exe 2) CUSTSATKEY1.dll 3) CUSTSATKEY2.dll 4) CUSTSATKEY.dll 5) CUSTSATKEY.log
4) Download Autoruns from SYSINTERNAL (https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
5) Launch Autoruns
6) Search for WudgSvc in Everything Tab
7) Right click to delete it.
8) Reboot
9) Remove all the 5 hidden files in C:\Program Files\Messenger
This is due to Symantec does not detect custsat.exe as a Trojan.
Here is what I did.
1) Launch Windows Explorer --> Tools --> Folder Options ---> Show hidden files and folders.
2) Browse C:\Program Files\Messenger
3) There are 5 hidden files:1) custsat.exe 2) CUSTSATKEY1.dll 3) CUSTSATKEY2.dll 4) CUSTSATKEY.dll 5) CUSTSATKEY.log
4) Download Autoruns from SYSINTERNAL (https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
5) Launch Autoruns
6) Search for WudgSvc in Everything Tab
7) Right click to delete it.
8) Reboot
9) Remove all the 5 hidden files in C:\Program Files\Messenger
This is due to Symantec does not detect custsat.exe as a Trojan.
