Wednesday, December 21, 2011

How to Fix the Backdoor.Graybird Trojan Horse


End Infected Processes
1. Press 'Ctrl' + 'Alt' + 'Delete.'
2. Click on the 'Task Manager' and then click on the 'Processes' tab.
3. End the following processes. To end a process, click on the process and then click 'End Process.''396109520.exe'
'50b825f5.exe'
'930905eb.exe'
'backdoor.graybird.c.exe'
'backdoor.graybird.e.exe'
'backdoor.graybird.f.exe'
'backdoor.graybird.m.exe'
'backdoor.graybird.p.exe'
'backdoor.graybird.w.exe'
'h_client.exe'
Unregister Infected DLL Files
4. Hold down the Windows key and press 'R.' The Run box opens.
5. Type 'cmd' into the Run box and click 'OK.' The Command Prompt opens.
6. Type the following into the Command Prompt. Be sure to press 'Enter' after each line.'regsvr32 /u backdoor.graybird.l.dll'
'regsvr32 /u backdoor.graybird.l[2].dll'
'regsvr32 /u backdoor.graybird.m.dll'
'regsvr32 /u backdoor.graybird.s.dll'
Delete Infected Files
7. Click on the 'Start' menu.
8. Click on the 'Search Programs and Files' box.
9. Search for and delete the following files. To delete a file, right-click on it and select 'Delete.''396109520.exe'
'50b825f5.exe'
'930905eb.exe'
'backdoor.graybird.c.exe'
'backdoor.graybird.e.exe'
'backdoor.graybird.f.exe'
'backdoor.graybird.l.dll'
'backdoor.graybird.l[2].dll'
'backdoor.graybird.m.dll'
'backdoor.graybird.m.exe'
'backdoor.graybird.p.exe'
'backdoor.graybird.s.dll'
'backdoor.graybird.w.exe'
'cserver.dat'
'cserver_dll.dat'
'h_client.exe'
'heibai.net.txt'
'help.chm'
'operate.ini'
'sserver.dat'