Page 1 of 2

Getting a Backdoor virus warning on Decoder

Posted: Wed Jun 17, 2009 2:53 am
by surpsy
Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.

Re: Getting a Backdoor virus warning on Decoder

Posted: Wed Jun 17, 2009 11:48 am
by rovingcowboy
clean the virus out.
turn off system restore.
check for the virus again and run it to clean it out again if still there.

now reboot the computer.

check the system again for the virus.

if there again clean again and reboot again.

check it again it should be gone.

when it is gone. reinstall mediamonkey by just doing an over install.

check the system again for the virus see if it is back, if it is back let us know
and let us know where you downloaded the install from.?

if the virus is NOT back after the last install of mediamonkey.
then reboot your system again, now turn on system restore, and then reboot one more time.
that will get rid of the system backup files where the virus install might be hidden,
and make you new back up files. :)

Re: Getting a Backdoor virus warning on Decoder

Posted: Wed Jun 17, 2009 3:23 pm
by Zeke129
You should also upload the suspect file to Virustotal.com to make sure it isn't a false positive.

Re: Getting a Backdoor virus warning on Decoder

Posted: Wed Jun 17, 2009 7:40 pm
by Lowlander
Most likely a false positive due to virus scanners not knowing the new version of MediaMonkey 3.1. You might want to contact the Antivirus maker about this issue.

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 1:18 am
by surpsy
Hi again,

I tried what was suggested but when i install MM again and then scan again decoder.exe gets flagged. I am using xp pro 2002 sp3. I downloaded 3.1.0.1256 from the mediamonkey web site as i have a lifetime license. The machine i built myself. the virus checker i use is pctools av 6.0.0.19 engine 6.6.1.16 database 10.004.050(6.12640). I do not really want to go back to 3.1.0.1252 which i download from the 3.1 test build site. Please help

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 5:47 am
by David Franziskaner
Hi there. I am also having exactly the same problem with my PC Tools Spyware Doctor flagging up "Backdoor.Graybird.GEN" as a virus. I have tried the reboot/reinstall advice and the glitch remains each time I attempt to analyse/set the volume of an unanalysed track. I am currently emailing PC Tools to see if they can help solve this problem - which has come out of the blue solely in the past 48 hours. It's possible I've brought this bug in via music etc that I've downloaded but this has not happened before; in fact, I've had nothing go wrong with MM before this problem. Please can we solve it - I really don't want to have to go back to the lumbering beast that is iTunes!

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 8:50 am
by rovingcowboy
i'm sorry guys i can't confirm this as i don't get it with my avg program.
it sounds like you got a good download of the program so it must be as lowlander said,
so check with pctools send them the info and get them to fix their database to not make monkey
read as a bad file.

if it was a bad decoder believe me you would not be the only ones reporting it now. there would be half the forum reporting it. 8)

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 10:20 am
by Lowlander
This is most likely due to a false positive from PC Tools which means PC Tools needs to update their software for this issue to be resolved. It's good that you already contacted them and other users experiencing this should do likewise.

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 10:31 am
by DazB
Hi,

Avira doesn't see any virus either.

Daz

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 10:38 am
by rovingcowboy
DazB wrote:Hi,

Avira doesn't see any virus either.

Daz
thats good its one more to get :D

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 2:28 pm
by paulmt
surpsy wrote:Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.
I also use PCTools Spyware Dr. in conjunction with Norton 360 which is my main AV protection and have had this same problem for the last few days.
I haven't been able to isolate what the error is as PCTools is not showing any history in the log after the alert.
What I can confirm though is that by disabling Spyware Dr the volume analysis and files conversion go ahead as normal. I am comfortable and confident in my Norton product that this is not a trojan or some other virus but an error with the last or recent update of Spyware Dr which updates every day.

I would be interested in hearing back from anyone that reports an actual error message to PC Tools and to hear what they have to say in response to your report. My programme does auto reporting of any alert, but I'm not sure this one has been reported since it does appear to be a false positive.

***Edited*** I have also lodged a possible false positive report with PCTOOLS

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Jun 19, 2009 11:49 pm
by surpsy
Thanks for your responces i to have now reported this to pctools i will let you know what there responce is

Re: Getting a Backdoor virus warning on Decoder

Posted: Sat Jun 20, 2009 2:16 am
by paulmt
PC Tools have already responded to me suggesting my programme was out of date. I'm not sure how as I update automatically but anyway after uninstalling and reinstalling the copy they pointed me at, I have it back up and running.
Unfortunately this hasn't stopped the problem, back to the drawing board :-)

Re: Getting a Backdoor virus warning on Decoder

Posted: Sat Jun 20, 2009 6:58 am
by Peke
Few updates, Avast, Kaspersky, Zone Alarm, Bit Defender, PrevX, f-prot and NOD32 are tested and none of them report virus in decoder.exe

BTW "Backdoor.Graybird.GEN" is Delphi written virus back in 2007 and most likely that is why PC tools detect it.

To Confirm false positive can you download decoder.exe from http://www.4shared.com/dir/16835696/8f0 ... Stuff.html

Re: Getting a Backdoor virus warning on Decoder

Posted: Fri Aug 21, 2009 12:44 pm
by H
PC Tools Spyware Doctor is still saying that the file 'decoder.exe' in my MediaMonkey folder is infected with Backdoor.Graybird.GEN. It's now August and the earliest comments in this thread were from June, which is a little before I started having the problem myself when I installed MediaMonkey on a new computer. So my question is why hasn't Spyware Doctor put the file on a safe list if it's a false positive? Is it possible that MediaMonkey has actually been distributing an infected installer?

My Avira Antivirus doesn't report any problem with the file, but today I decided to submit the file to ThreatExpert to get another opinion and like Spyware Doctor, it came up POSITIVE reporting the same infection with Backdoor.Graybird.GEN. ThreatExpert posts their reports online. This one is available here: http://www.threatexpert.com/report.aspx ... a8f8ed5a77

ThreatExpert's description of the infection:
"Backdoor.Graybird.GEN has rootkit functionality. It injects itself into various processes causing them to be hidden. It also logs keystrokes and sends this information to remote servers."

Spyware Doctor's description:
"A malicious application that runs in the background and allows remote access to your system, giving the attacker full control."