Manual Removal of Backdoor.Graybird Trojan Spyware

Damage Level : High/Medium
Distribution Level: Unknown

No Auto Removal Tool for Backdoor.Graybird Trojan Spyware
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal

%AppData%\key folder\filewin.exe %CommonFavorites%\netservice.exe %CommonFavorites%\plug\001.dll %DownloadedProgramFiles%\usbkey.exe %InternetCache%\qq.exe %ProgramFiles%\advanced invisible keylogger\win16sys.dll %ProgramFiles%\bbs.hksxs.com.exe %ProgramFiles%\common files\360safe\qq.com %ProgramFiles%\common files\directdb.com %ProgramFiles%\common files\iugaq.exe %ProgramFiles%\common files\netdde.dll %ProgramFiles%\common files\netdde.exe %ProgramFiles%\common files\netddekey.dll %ProgramFiles%\common files\syskey.dll %ProgramFiles%\common files\system\msadc\nettps.dll %ProgramFiles%\common files\system\msadc\nettps.exe %ProgramFiles%\common files\system\msasp32.exe %ProgramFiles%\common files\system\nvcpl.exe %ProgramFiles%\common files\system\services.exe %ProgramFiles%\common files\system\svchostsers.com %ProgramFiles%\hacke.cn.exe %ProgramFiles%\hgzserver\adminis.exe %ProgramFiles%\hgzserver\g_server2006.dll %ProgramFiles%\hgzserver\g_server2006key.dll %ProgramFiles%\hgzserver\hacker.com.cn.exe %ProgramFiles%\hgzserver\shuibai8.exe %ProgramFiles%\hgzuerver\hacker.com.cn.exe %ProgramFiles%\intel\intel.exe %ProgramFiles%\intel\intell.dll %ProgramFiles%\internet explorer\connection wizard\auiyg.exe %ProgramFiles%\internet explorer\connection wizard\svchosi.exe %ProgramFiles%\internet explorer\inexplore.com %ProgramFiles%\internet explorer\svchosi.exe %ProgramFiles%\internet explorer\svchost.dll %ProgramFiles%\internet explorer\svchostkey.dll %ProgramFiles%\internet explorer\update.dll %ProgramFiles%\java\javs.exe %ProgramFiles%\meteors\svchost.dll %ProgramFiles%\meteors\svchost.exe %ProgramFiles%\meteors\svchostkey.dll %ProgramFiles%\outlook express\ghost.exe %ProgramFiles%\personal pc spy\win16sys.dll %ProgramFiles%\qq.exe %ProgramFiles%\rtlcpli.exe %ProgramFiles%\server.exe %ProgramFiles%\windows media player\wowuc.exe %ProgramFiles%\windows nt\accessories\vbs.exe %ProgramFiles%\windowsupdate\svchost.exe %ProgramFiles%\xunjie.cn.exe %System%\_msinfo.exe %System%\_publishing.exe %System%\_usb.exe %System%\0.exe %System%\0309c26e.exe %System%\36dbc900.dll %System%\3800hk.dll %System%\487c0a80.exe %System%\4e17c240.exe %System%\a340d383.exe %System%\alxres061230.exe %System%\anti.dll %System%\appen.exe %System%\applictie.exe %System%\aws.exe %System%\bifrost\server.exe %System%\bluefire.exe %System%\brc_server.exe %System%\btcrackdll.dll %System%\btcrackdllfpga.dll %System%\c2c.dll %System%\ccevtsvc.exe %System%\clipbook.exe %System%\closeapp.exe %System%\cnxcis.dll %System%\comsvcs.exe %System%\cs.exe %System%\cybertv.exe %System%\d249ad80.exe %System%\d249ad80t.exe %System%\dbmssocns.dll %System%\ddos.exe %System%\dhcpserver.dll %System%\dllcache\msyow.exe %System%\dllcache\vba.dll %System%\doskeys.exe %System%\drivers\etc\l68z386i.dll %System%\drivers\lpd.sys %System%\drivers\spoclsv.exe %System%\drivers\spools.exe %System%\drivers\svchost.exe %System%\drivers\system.exe %System%\dxdiag.com %System%\enqueue.exe %System%\expl0rer.exe %System%\fe.exe %System%\frundlll.exe %System%\fservice.exe %System%\hyyk.dll %System%\hz_sys_temtray.dll %System%\iexplqre.exe

If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg 

Manually Remove From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
“g.exe” = “%Windir%\g.exe”
Navigate to and delete the following subkeys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\GrayPigeonServer
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root
\LEGACY_GrayPigeonServer

Restart your Computer.
Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)

• Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB960714)
• Security Update for Internet Explorer for Windows XP x64 Edition (KB960714)
• Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB960714)
• Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB960714)
• Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB960714)
• Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB960714)

Description of PrivacyControl and consequences of its residing on your PC

PrivacyControl (Privacy Control) is often a number one threat for safety of computers and of no use for privacy protection. It is adverted through misleading banner ads and links leading to its sponsored web-pages where the rogue is available for download as trialware. Direct opening of PrivacyControl purchase form is also possible. Even having paid for PrivacyControl malware, users are nevertheless recommended to remove PrivacyControl, because this application will soon ask to update it. This proposal will be made by means of annoying notifications and freezes of your system. PrivacyControl is described by its vendors as a great fighter for your private life confidentiality, but in fact cannot find any compromising material, nor remove it.  Click here  to scan computer free of charge and remove PrivacyControl at once.

PrivacyControl Technical Details

• Full name: PrivacyControl, Privacy Control, Privacy-Control
• Version: 2009
• Type: Rogue anti-spyware
• Origin: Russian Federation

PrivacyControl Screenshots (click to enlarge):

Signs of being infected with PrivacyControl:

PrivacyControl detection is unlikely to be your headache in case of manual download. However, there are may be extraordinary situations when user did not pay much attention to the deed of this program trial installation and then increased the security preferences to the highest level thus disabling the pop-ups and program window launching by PrivacyControl. There could be also a popup-blocker installed that did not let PrivacyControl disclose its presence and ask for registration. This would, however, activate trojan to change your settings and this at least would result in frequent freezes and finally the system might be hardly affected. Normally, both in case of hidden and manual installation, PrivacyControl would show numerous pop-ups and standard program window with the registration option. As soon as you have seen this, remove PrivacyControl. Click here  to start free scan now to identify this and other malware and viruses and trojans and worms and get rid of PrivacyControl.

Automatic Removal of PrivacyControl from your PC:

Automated option of PrivacyControl removal is a warranty that you will remove PrivacyControl forever and remove any related trojans – well, the unrelated will be as well removed. Start downloading right now to remove PrivacyControl using a professional solution.

Download PrivacyControl Removal Tool

Manual Removal of PrivacyControl:

Please, take the following actions before you get rid of PrivacyControl manually:
- make sure you know how to manage the Registry and dll files deletion
- reboot Windows to ensure there is no active application and disable Internet connection if it is automatically established.
- print out the PrivacyControl removal guide

Remove PrivacyControl files and dll’s

PrivacyControl
PrivacyShell.dll
PrivacyControl.exe
PrivacyControl on the Web.lnk
Uninstall PrivacyControl.lnk
PrivacyControl.lnk
PrivacyControl.url

Unregister PrivacyControl registry values:

*\shellex\ContextMenuHandlers\PrivacyShellExt
AllFilesystemObjects\shellex\ContextMenuHandlers\PrivacyShellExt
AppID\D9A9DE7F-A259-4BC1-A348-87BC1053C4E8
AppID\PrivacyShell.DLL
6D642CFA-40F8-4AE0-9144-538BC1D725E4
Directory\shellex\ContextMenuHandlers\PrivacyShellExt

PrivacyControl Remover with free scan

A truly powerful feature of the shell is the capability to redirect the input and output of commands to and from other commands and files. To allow commands to be strung together, the shell uses metacharacters. As noted earlier, a metacharacter is a typed character that has special meaning to the shell for connecting commands or requesting expansion.


Piping Commands
The pipe (|) metacharacter connects the output from one command to the input of another command. This lets you have one command work on some data, and then have the next command deal with the results. Here is an example of a command line that includes pipes:

$ cat /etc/password | sort | less

This command lists the contents of the /etc/password file and pipes the output to the sort command. The sort command takes the usernames that begin each line of the /etc/password file, sorts them alphabetically, and pipes the output to the less command (to page through the output).

Pipes are an excellent illustration of how UNIX, the predecessor of Linux, was created as an operating system made up of building blocks. A standard practice in UNIX was to connect utilities in different ways to get different jobs done. For example, before the days of graphical word processors, users created plain-text files that included macros to indicate formatting. To see how the document really appeared, they would use a command such as the following:

$ gunzip < /usr/share/man/man1/grep.1.gz | nroff -c -man | less

In this example, the contents of the grep man page (grep.1.gz) are directed to the gunzip command to be unzipped. The output from gunzip is piped to the nroff command to format the man page using the manual macro (-man). The output is piped to the less command to display the output. Because the file being displayed is in plain text, you could have substituted any number of options to work with the text before displaying it. You could sort the contents, change or delete some of the content, or bring in text from other documents. The key is that, instead of all those features being in one program, you get results from piping and redirecting input and output between multiple commands.


Sequential Commands
Sometimes you may want a sequence of commands to run, with one command completing before the next command begins. You can do this by typing several commands on the same command line and separating them with semicolons (;):

$ date ; troff -me verylargedocument | lpr ; date

In this example, I was formatting a huge document and wanted to know how long it would take. The first command (date) showed the date and time before the formatting started. The troff command formatted the document and then piped the output to the printer. When the formatting was done, the date and time was printed again (so I knew how long the troff command took to complete). Another useful command to add to the end of a long command line is the mail command. You could add mail -s “Finished the long command” chris@example.com to the end of a command line. Then, for example, a mail message is sent to the user you choose after the command completes.


Background Commands
Some commands can take a while to complete. Sometimes you may not want to tie up your shell waiting for a command to finish. In those cases, you can have the commands run in the background by using the ampersand (&).

Text formatting commands (such as nroff and troff, described earlier) are examples of commands that are often run in the background to format a large document. You also might want to create your own shell scripts that run in the background to check continuously for certain events to occur, such as the hard disk filling up or particular users logging in. Here is an example of a command being run in the background:

$ troff -me verylargedocument | lpr &


Expanding Commands
With command substitution, you can have the output of a command interpreted by the shell instead of by the command itself. In this way, you can have the standard output of a command become an argument for another command. The two forms of command substitution are $(command) and `command` (backticks, not single quotes). The command in this case can include options, metacharacters, and arguments. Here is an example of using command substitution:

$ vi $(find /home | grep xyzzy)

In this example, the command substitution is done before the vi command is run. First, the find command starts at the /home directory and prints out all files and directories below that point in the file system. The output is piped to the grep command, which filters out all files except for those that include the string xyzzy in the filename. Finally, the vi command opens all filenames for editing (one at a time) that include xyzzy. This particular example is useful if you want to edit a file for which you know the name but not the location. As long as the string is uncommon, you can find and open every instance of a filename existing beneath a point you choose in the file system. (In other words, don’t use grep a from the root file system or you’ll match and try to edit several thousand files.)


Expanding Arithmetic Expressions
There may be times when you want to pass arithmetic results to a command. There are two forms you can use to expand an arithmetic expression and pass it to the shell: $[expression] and $(expression). Here is an example:

$ echo “I am $[2008 - 1957] years old.”
I am 51 years old.

The shell interprets the arithmetic expression first (2008 - 1957), and then passes that information to the echo command. The echo command displays the text, with the results of the arithmetic (51) inserted. Here’s an example of the other form:

$ echo “There are $(ls | wc -w) files in this directory.”
There are 14 files in this directory.

This lists the contents of the current directory (ls) and runs the word count command to count the number of files found (wc -w). The resulting number (14 in this case) is echoed back with the rest of the sentence shown.


Expanding Environment Variables
Environment variables that store information within the shell can be expanded using the dollar sign ($) metacharacter. When you expand an environment variable on a command line, the value of the variable is printed instead of the variable name itself, as follows:

$ ls -l $BASH
-rwxr-xr-x 1 root root 625516 Dec 5 11:13 /bin/bash

Using $BASH as an argument to ls -l causes a long listing of the bash command to be printed. The following section discusses shell environment variables.

Do you remember your first computer? I can still remember my first one, known as the XT series. You can just imagine how rare hard drives were back then, making use of the Jurassic floppy drives that started everything in the computing binge. They have incrementally shrunk and today we don’t even use the floppy drive anymore. We make use of the hard drive or the portable USB drives while others make the most out of their optical storage solutions, thing we never foresaw back then.

Then there was the usual monochrome look to which users with the VGA card were the big dogs in the computing industry. Today, you are practically allowed to watch videos in full living color, something that many would see as common as long as you get the right RGB colors to enjoy movies and graphics as clearly and defined as possible.

Most of these cropped up when I came across this post, the NeXT computer which is rare these days. I don’t know if it still functional but it is a collector’s item. NeXt was actually the company where Steve Jobs started out when he was booted out of Apple in 1985. These extremely high end and high priced computers eventually moved to an all-software model.

It’s a historical device. Tim Berners-Lee used a NeXT Computer in 1991 to create the first web browser and web server, and John Carmack used a NeXTcube to build Wolfenstein 3D and the original Doom.

Source