Getting a Backdoor virus warning on Decoder

Get answers about using MediaMonkey 4 for Windows.

Moderator: Gurus

surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Getting a Backdoor virus warning on Decoder

Post by surpsy »

Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.
rovingcowboy
Posts: 14163
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy »

clean the virus out.
turn off system restore.
check for the virus again and run it to clean it out again if still there.

now reboot the computer.

check the system again for the virus.

if there again clean again and reboot again.

check it again it should be gone.

when it is gone. reinstall mediamonkey by just doing an over install.

check the system again for the virus see if it is back, if it is back let us know
and let us know where you downloaded the install from.?

if the virus is NOT back after the last install of mediamonkey.
then reboot your system again, now turn on system restore, and then reboot one more time.
that will get rid of the system backup files where the virus install might be hidden,
and make you new back up files. :)
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy A51 5G Android ) 6. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.
Zeke129
Posts: 35
Joined: Mon Jan 26, 2009 2:58 pm

Re: Getting a Backdoor virus warning on Decoder

Post by Zeke129 »

You should also upload the suspect file to Virustotal.com to make sure it isn't a false positive.
Lowlander
Posts: 56491
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Getting a Backdoor virus warning on Decoder

Post by Lowlander »

Most likely a false positive due to virus scanners not knowing the new version of MediaMonkey 3.1. You might want to contact the Antivirus maker about this issue.
surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Re: Getting a Backdoor virus warning on Decoder

Post by surpsy »

Hi again,

I tried what was suggested but when i install MM again and then scan again decoder.exe gets flagged. I am using xp pro 2002 sp3. I downloaded 3.1.0.1256 from the mediamonkey web site as i have a lifetime license. The machine i built myself. the virus checker i use is pctools av 6.0.0.19 engine 6.6.1.16 database 10.004.050(6.12640). I do not really want to go back to 3.1.0.1252 which i download from the 3.1 test build site. Please help
David Franziskaner

Re: Getting a Backdoor virus warning on Decoder

Post by David Franziskaner »

Hi there. I am also having exactly the same problem with my PC Tools Spyware Doctor flagging up "Backdoor.Graybird.GEN" as a virus. I have tried the reboot/reinstall advice and the glitch remains each time I attempt to analyse/set the volume of an unanalysed track. I am currently emailing PC Tools to see if they can help solve this problem - which has come out of the blue solely in the past 48 hours. It's possible I've brought this bug in via music etc that I've downloaded but this has not happened before; in fact, I've had nothing go wrong with MM before this problem. Please can we solve it - I really don't want to have to go back to the lumbering beast that is iTunes!
rovingcowboy
Posts: 14163
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy »

i'm sorry guys i can't confirm this as i don't get it with my avg program.
it sounds like you got a good download of the program so it must be as lowlander said,
so check with pctools send them the info and get them to fix their database to not make monkey
read as a bad file.

if it was a bad decoder believe me you would not be the only ones reporting it now. there would be half the forum reporting it. 8)
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy A51 5G Android ) 6. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.
Lowlander
Posts: 56491
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Getting a Backdoor virus warning on Decoder

Post by Lowlander »

This is most likely due to a false positive from PC Tools which means PC Tools needs to update their software for this issue to be resolved. It's good that you already contacted them and other users experiencing this should do likewise.
DazB
Posts: 409
Joined: Mon Jun 11, 2007 4:09 am
Location: Yorkshire, UK

Re: Getting a Backdoor virus warning on Decoder

Post by DazB »

Hi,

Avira doesn't see any virus either.

Daz
rovingcowboy
Posts: 14163
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy »

DazB wrote:Hi,

Avira doesn't see any virus either.

Daz
thats good its one more to get :D
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy A51 5G Android ) 6. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.
paulmt
Posts: 1170
Joined: Tue Jul 18, 2006 6:06 pm

Re: Getting a Backdoor virus warning on Decoder

Post by paulmt »

surpsy wrote:Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.
I also use PCTools Spyware Dr. in conjunction with Norton 360 which is my main AV protection and have had this same problem for the last few days.
I haven't been able to isolate what the error is as PCTools is not showing any history in the log after the alert.
What I can confirm though is that by disabling Spyware Dr the volume analysis and files conversion go ahead as normal. I am comfortable and confident in my Norton product that this is not a trojan or some other virus but an error with the last or recent update of Spyware Dr which updates every day.

I would be interested in hearing back from anyone that reports an actual error message to PC Tools and to hear what they have to say in response to your report. My programme does auto reporting of any alert, but I'm not sure this one has been reported since it does appear to be a false positive.

***Edited*** I have also lodged a possible false positive report with PCTOOLS
MediaMonkey 3.2.4.1304 Gold Lifetime
Hardware: Intel Core 2 Quad 3.33GHz, 8Gb Ram, 2tB Internal Storage, 2tB External Storage (USB & eSATA)
Software: Windows 7 Ultimate x64, FireFox v3.6.x, ThunderBird v3 x64, MailWasher Pro v6.5, Kaspersky Internet Security 2010
Backups by Karens Replicator v3.5.12,
surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Re: Getting a Backdoor virus warning on Decoder

Post by surpsy »

Thanks for your responces i to have now reported this to pctools i will let you know what there responce is
paulmt
Posts: 1170
Joined: Tue Jul 18, 2006 6:06 pm

Re: Getting a Backdoor virus warning on Decoder

Post by paulmt »

PC Tools have already responded to me suggesting my programme was out of date. I'm not sure how as I update automatically but anyway after uninstalling and reinstalling the copy they pointed me at, I have it back up and running.
Unfortunately this hasn't stopped the problem, back to the drawing board :-)
MediaMonkey 3.2.4.1304 Gold Lifetime
Hardware: Intel Core 2 Quad 3.33GHz, 8Gb Ram, 2tB Internal Storage, 2tB External Storage (USB & eSATA)
Software: Windows 7 Ultimate x64, FireFox v3.6.x, ThunderBird v3 x64, MailWasher Pro v6.5, Kaspersky Internet Security 2010
Backups by Karens Replicator v3.5.12,
Peke
Posts: 17457
Joined: Tue Jun 10, 2003 7:21 pm
Location: Earth
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by Peke »

Few updates, Avast, Kaspersky, Zone Alarm, Bit Defender, PrevX, f-prot and NOD32 are tested and none of them report virus in decoder.exe

BTW "Backdoor.Graybird.GEN" is Delphi written virus back in 2007 and most likely that is why PC tools detect it.

To Confirm false positive can you download decoder.exe from http://www.4shared.com/dir/16835696/8f0 ... Stuff.html
Best regards,
Peke
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
Image
Image
Image
How to attach PICTURE/SCREENSHOTS to forum posts
H

Re: Getting a Backdoor virus warning on Decoder

Post by H »

PC Tools Spyware Doctor is still saying that the file 'decoder.exe' in my MediaMonkey folder is infected with Backdoor.Graybird.GEN. It's now August and the earliest comments in this thread were from June, which is a little before I started having the problem myself when I installed MediaMonkey on a new computer. So my question is why hasn't Spyware Doctor put the file on a safe list if it's a false positive? Is it possible that MediaMonkey has actually been distributing an infected installer?

My Avira Antivirus doesn't report any problem with the file, but today I decided to submit the file to ThreatExpert to get another opinion and like Spyware Doctor, it came up POSITIVE reporting the same infection with Backdoor.Graybird.GEN. ThreatExpert posts their reports online. This one is available here: http://www.threatexpert.com/report.aspx ... a8f8ed5a77

ThreatExpert's description of the infection:
"Backdoor.Graybird.GEN has rootkit functionality. It injects itself into various processes causing them to be hidden. It also logs keystrokes and sends this information to remote servers."

Spyware Doctor's description:
"A malicious application that runs in the background and allows remote access to your system, giving the attacker full control."
Post Reply