Getting a Backdoor virus warning on Decoder

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) :( :o :-? 8) :lol: :x :P :oops: :cry: :evil: :roll: :wink:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Getting a Backdoor virus warning on Decoder

Re: Getting a Backdoor virus warning on Decoder

by Peke » Fri Aug 21, 2009 6:54 pm

Just to let you know Decoder.exe was last time changed back in December 2007 for MediaMonkey 3.0.1.1124 RC6 so almost two years without detection, I don't think so. Send them full MediaMonkey Installation for testing not just Decoder.exe as user that contacted us also contacted PC Tools and they confirmed that it is False positive.

Also see clear description on Symantec "Backdoor.Graybird!gen is a generic detection that detects variants of the Backdoor.Graybird family of Trojans. " so Antivirus developers needs to fix their Scanning engine for Backdoor.Graybird variations types.

EDIT: Additional list http://www.threatexpert.com/threats/bac ... d-gen.html

Re: Getting a Backdoor virus warning on Decoder

by Lowlander » Fri Aug 21, 2009 12:49 pm

No other antivirus detects a virus in decoder.exe, so I think it's safe to say that PC Tools moves really slow on this issue. You did make sure you have the latest definitions from PC Tools?

Re: Getting a Backdoor virus warning on Decoder

by H » Fri Aug 21, 2009 12:44 pm

PC Tools Spyware Doctor is still saying that the file 'decoder.exe' in my MediaMonkey folder is infected with Backdoor.Graybird.GEN. It's now August and the earliest comments in this thread were from June, which is a little before I started having the problem myself when I installed MediaMonkey on a new computer. So my question is why hasn't Spyware Doctor put the file on a safe list if it's a false positive? Is it possible that MediaMonkey has actually been distributing an infected installer?

My Avira Antivirus doesn't report any problem with the file, but today I decided to submit the file to ThreatExpert to get another opinion and like Spyware Doctor, it came up POSITIVE reporting the same infection with Backdoor.Graybird.GEN. ThreatExpert posts their reports online. This one is available here: http://www.threatexpert.com/report.aspx ... a8f8ed5a77

ThreatExpert's description of the infection:
"Backdoor.Graybird.GEN has rootkit functionality. It injects itself into various processes causing them to be hidden. It also logs keystrokes and sends this information to remote servers."

Spyware Doctor's description:
"A malicious application that runs in the background and allows remote access to your system, giving the attacker full control."

Re: Getting a Backdoor virus warning on Decoder

by Peke » Sat Jun 20, 2009 6:58 am

Few updates, Avast, Kaspersky, Zone Alarm, Bit Defender, PrevX, f-prot and NOD32 are tested and none of them report virus in decoder.exe

BTW "Backdoor.Graybird.GEN" is Delphi written virus back in 2007 and most likely that is why PC tools detect it.

To Confirm false positive can you download decoder.exe from http://www.4shared.com/dir/16835696/8f0 ... Stuff.html

Re: Getting a Backdoor virus warning on Decoder

by paulmt » Sat Jun 20, 2009 2:16 am

PC Tools have already responded to me suggesting my programme was out of date. I'm not sure how as I update automatically but anyway after uninstalling and reinstalling the copy they pointed me at, I have it back up and running.
Unfortunately this hasn't stopped the problem, back to the drawing board :-)

Re: Getting a Backdoor virus warning on Decoder

by surpsy » Fri Jun 19, 2009 11:49 pm

Thanks for your responces i to have now reported this to pctools i will let you know what there responce is

Re: Getting a Backdoor virus warning on Decoder

by paulmt » Fri Jun 19, 2009 2:28 pm

surpsy wrote:Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.
I also use PCTools Spyware Dr. in conjunction with Norton 360 which is my main AV protection and have had this same problem for the last few days.
I haven't been able to isolate what the error is as PCTools is not showing any history in the log after the alert.
What I can confirm though is that by disabling Spyware Dr the volume analysis and files conversion go ahead as normal. I am comfortable and confident in my Norton product that this is not a trojan or some other virus but an error with the last or recent update of Spyware Dr which updates every day.

I would be interested in hearing back from anyone that reports an actual error message to PC Tools and to hear what they have to say in response to your report. My programme does auto reporting of any alert, but I'm not sure this one has been reported since it does appear to be a false positive.

***Edited*** I have also lodged a possible false positive report with PCTOOLS

Re: Getting a Backdoor virus warning on Decoder

by rovingcowboy » Fri Jun 19, 2009 10:38 am

DazB wrote:Hi,

Avira doesn't see any virus either.

Daz
thats good its one more to get :D

Re: Getting a Backdoor virus warning on Decoder

by DazB » Fri Jun 19, 2009 10:31 am

Hi,

Avira doesn't see any virus either.

Daz

Re: Getting a Backdoor virus warning on Decoder

by Lowlander » Fri Jun 19, 2009 10:20 am

This is most likely due to a false positive from PC Tools which means PC Tools needs to update their software for this issue to be resolved. It's good that you already contacted them and other users experiencing this should do likewise.

Re: Getting a Backdoor virus warning on Decoder

by rovingcowboy » Fri Jun 19, 2009 8:50 am

i'm sorry guys i can't confirm this as i don't get it with my avg program.
it sounds like you got a good download of the program so it must be as lowlander said,
so check with pctools send them the info and get them to fix their database to not make monkey
read as a bad file.

if it was a bad decoder believe me you would not be the only ones reporting it now. there would be half the forum reporting it. 8)

Re: Getting a Backdoor virus warning on Decoder

by David Franziskaner » Fri Jun 19, 2009 5:47 am

Hi there. I am also having exactly the same problem with my PC Tools Spyware Doctor flagging up "Backdoor.Graybird.GEN" as a virus. I have tried the reboot/reinstall advice and the glitch remains each time I attempt to analyse/set the volume of an unanalysed track. I am currently emailing PC Tools to see if they can help solve this problem - which has come out of the blue solely in the past 48 hours. It's possible I've brought this bug in via music etc that I've downloaded but this has not happened before; in fact, I've had nothing go wrong with MM before this problem. Please can we solve it - I really don't want to have to go back to the lumbering beast that is iTunes!

Re: Getting a Backdoor virus warning on Decoder

by surpsy » Fri Jun 19, 2009 1:18 am

Hi again,

I tried what was suggested but when i install MM again and then scan again decoder.exe gets flagged. I am using xp pro 2002 sp3. I downloaded 3.1.0.1256 from the mediamonkey web site as i have a lifetime license. The machine i built myself. the virus checker i use is pctools av 6.0.0.19 engine 6.6.1.16 database 10.004.050(6.12640). I do not really want to go back to 3.1.0.1252 which i download from the 3.1 test build site. Please help

Re: Getting a Backdoor virus warning on Decoder

by Lowlander » Wed Jun 17, 2009 7:40 pm

Most likely a false positive due to virus scanners not knowing the new version of MediaMonkey 3.1. You might want to contact the Antivirus maker about this issue.

Re: Getting a Backdoor virus warning on Decoder

by Zeke129 » Wed Jun 17, 2009 3:23 pm

You should also upload the suspect file to Virustotal.com to make sure it isn't a false positive.

Top