Getting a Backdoor virus warning on Decoder

Get answers about using the current release of MediaMonkey for Windows.

Moderator: Gurus

surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Getting a Backdoor virus warning on Decoder

Post by surpsy » Wed Jun 17, 2009 2:53 am

Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.

rovingcowboy
Posts: 14153
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy » Wed Jun 17, 2009 11:48 am

clean the virus out.
turn off system restore.
check for the virus again and run it to clean it out again if still there.

now reboot the computer.

check the system again for the virus.

if there again clean again and reboot again.

check it again it should be gone.

when it is gone. reinstall mediamonkey by just doing an over install.

check the system again for the virus see if it is back, if it is back let us know
and let us know where you downloaded the install from.?

if the virus is NOT back after the last install of mediamonkey.
then reboot your system again, now turn on system restore, and then reboot one more time.
that will get rid of the system backup files where the virus install might be hidden,
and make you new back up files. :)
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy 5 Android 5) 6. Proscan tablet Android 4.3 ) 7. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.

Zeke129
Posts: 35
Joined: Mon Jan 26, 2009 2:58 pm

Re: Getting a Backdoor virus warning on Decoder

Post by Zeke129 » Wed Jun 17, 2009 3:23 pm

You should also upload the suspect file to Virustotal.com to make sure it isn't a false positive.

Lowlander
Posts: 45909
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Getting a Backdoor virus warning on Decoder

Post by Lowlander » Wed Jun 17, 2009 7:40 pm

Most likely a false positive due to virus scanners not knowing the new version of MediaMonkey 3.1. You might want to contact the Antivirus maker about this issue.
Lowlander (MediaMonkey user since 2003)

surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Re: Getting a Backdoor virus warning on Decoder

Post by surpsy » Fri Jun 19, 2009 1:18 am

Hi again,

I tried what was suggested but when i install MM again and then scan again decoder.exe gets flagged. I am using xp pro 2002 sp3. I downloaded 3.1.0.1256 from the mediamonkey web site as i have a lifetime license. The machine i built myself. the virus checker i use is pctools av 6.0.0.19 engine 6.6.1.16 database 10.004.050(6.12640). I do not really want to go back to 3.1.0.1252 which i download from the 3.1 test build site. Please help

David Franziskaner

Re: Getting a Backdoor virus warning on Decoder

Post by David Franziskaner » Fri Jun 19, 2009 5:47 am

Hi there. I am also having exactly the same problem with my PC Tools Spyware Doctor flagging up "Backdoor.Graybird.GEN" as a virus. I have tried the reboot/reinstall advice and the glitch remains each time I attempt to analyse/set the volume of an unanalysed track. I am currently emailing PC Tools to see if they can help solve this problem - which has come out of the blue solely in the past 48 hours. It's possible I've brought this bug in via music etc that I've downloaded but this has not happened before; in fact, I've had nothing go wrong with MM before this problem. Please can we solve it - I really don't want to have to go back to the lumbering beast that is iTunes!

rovingcowboy
Posts: 14153
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy » Fri Jun 19, 2009 8:50 am

i'm sorry guys i can't confirm this as i don't get it with my avg program.
it sounds like you got a good download of the program so it must be as lowlander said,
so check with pctools send them the info and get them to fix their database to not make monkey
read as a bad file.

if it was a bad decoder believe me you would not be the only ones reporting it now. there would be half the forum reporting it. 8)
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy 5 Android 5) 6. Proscan tablet Android 4.3 ) 7. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.

Lowlander
Posts: 45909
Joined: Sat Sep 06, 2003 5:53 pm
Location: MediaMonkey 5

Re: Getting a Backdoor virus warning on Decoder

Post by Lowlander » Fri Jun 19, 2009 10:20 am

This is most likely due to a false positive from PC Tools which means PC Tools needs to update their software for this issue to be resolved. It's good that you already contacted them and other users experiencing this should do likewise.
Lowlander (MediaMonkey user since 2003)

DazB
Posts: 409
Joined: Mon Jun 11, 2007 4:09 am
Location: Yorkshire, UK

Re: Getting a Backdoor virus warning on Decoder

Post by DazB » Fri Jun 19, 2009 10:31 am

Hi,

Avira doesn't see any virus either.

Daz

rovingcowboy
Posts: 14153
Joined: Sat Oct 25, 2003 7:57 am
Location: (Texas)
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by rovingcowboy » Fri Jun 19, 2009 10:38 am

DazB wrote:Hi,

Avira doesn't see any virus either.

Daz
thats good its one more to get :D
roving cowboy / keith hall. My skins http://www.mediamonkey.com/forum/viewto ... =9&t=16724 for some help check on Monkey's helpful messages at http://www.mediamonkey.com/forum/viewto ... 4008#44008 MY SYSTEMS.1.Jukebox WinXp pro sp 3 version 3.5 gigabyte mb. 281 GHz amd athlon x2 240 built by me.) 2.WinXP pro sp3, vers 2.5.5 and vers 3.5 backup storage, shuttle 32a mb,734 MHz amd athlon put together by me.) 3.Dell demension, winxp pro sp3, mm3.5 spare jukebox.) 4.WinXp pro sp3, vers 3.5, dad's computer bought from computer store. )5. Samsung Galaxy 5 Android 5) 6. Proscan tablet Android 4.3 ) 7. amd a8-5600 apu 3.60ghz mm version 4 windows 7 pro bought from computer store.

paulmt
Posts: 1170
Joined: Tue Jul 18, 2006 6:06 pm

Re: Getting a Backdoor virus warning on Decoder

Post by paulmt » Fri Jun 19, 2009 2:28 pm

surpsy wrote:Hello,

I have recently installed MediaMonkey 3.1.0.1256 now when I try to Convert the audio format of my music files my Pctools antivirus reports that DECODER.EXE has the backdoor.graybird.gen trojan. I scan the setup file but it reports no such virus I installed mediamonkey again and then scanned the program file media monkey directory and decoder.exe was flagged with the virus.
I also use PCTools Spyware Dr. in conjunction with Norton 360 which is my main AV protection and have had this same problem for the last few days.
I haven't been able to isolate what the error is as PCTools is not showing any history in the log after the alert.
What I can confirm though is that by disabling Spyware Dr the volume analysis and files conversion go ahead as normal. I am comfortable and confident in my Norton product that this is not a trojan or some other virus but an error with the last or recent update of Spyware Dr which updates every day.

I would be interested in hearing back from anyone that reports an actual error message to PC Tools and to hear what they have to say in response to your report. My programme does auto reporting of any alert, but I'm not sure this one has been reported since it does appear to be a false positive.

***Edited*** I have also lodged a possible false positive report with PCTOOLS
MediaMonkey 3.2.4.1304 Gold Lifetime
Hardware: Intel Core 2 Quad 3.33GHz, 8Gb Ram, 2tB Internal Storage, 2tB External Storage (USB & eSATA)
Software: Windows 7 Ultimate x64, FireFox v3.6.x, ThunderBird v3 x64, MailWasher Pro v6.5, Kaspersky Internet Security 2010
Backups by Karens Replicator v3.5.12,

surpsy
Posts: 3
Joined: Wed Jun 17, 2009 2:47 am

Re: Getting a Backdoor virus warning on Decoder

Post by surpsy » Fri Jun 19, 2009 11:49 pm

Thanks for your responces i to have now reported this to pctools i will let you know what there responce is

paulmt
Posts: 1170
Joined: Tue Jul 18, 2006 6:06 pm

Re: Getting a Backdoor virus warning on Decoder

Post by paulmt » Sat Jun 20, 2009 2:16 am

PC Tools have already responded to me suggesting my programme was out of date. I'm not sure how as I update automatically but anyway after uninstalling and reinstalling the copy they pointed me at, I have it back up and running.
Unfortunately this hasn't stopped the problem, back to the drawing board :-)
MediaMonkey 3.2.4.1304 Gold Lifetime
Hardware: Intel Core 2 Quad 3.33GHz, 8Gb Ram, 2tB Internal Storage, 2tB External Storage (USB & eSATA)
Software: Windows 7 Ultimate x64, FireFox v3.6.x, ThunderBird v3 x64, MailWasher Pro v6.5, Kaspersky Internet Security 2010
Backups by Karens Replicator v3.5.12,

Peke
Posts: 12201
Joined: Tue Jun 10, 2003 7:21 pm
Location: Serbia
Contact:

Re: Getting a Backdoor virus warning on Decoder

Post by Peke » Sat Jun 20, 2009 6:58 am

Few updates, Avast, Kaspersky, Zone Alarm, Bit Defender, PrevX, f-prot and NOD32 are tested and none of them report virus in decoder.exe

BTW "Backdoor.Graybird.GEN" is Delphi written virus back in 2007 and most likely that is why PC tools detect it.

To Confirm false positive can you download decoder.exe from http://www.4shared.com/dir/16835696/8f0 ... Stuff.html
Best regards,
Pavle
MediaMonkey Team lead QA/Tech Support guru
Admin of Free MediaMonkey addon Site HappyMonkeying
Image
Image
How to add SCREENSHOTS to forum

H

Re: Getting a Backdoor virus warning on Decoder

Post by H » Fri Aug 21, 2009 12:44 pm

PC Tools Spyware Doctor is still saying that the file 'decoder.exe' in my MediaMonkey folder is infected with Backdoor.Graybird.GEN. It's now August and the earliest comments in this thread were from June, which is a little before I started having the problem myself when I installed MediaMonkey on a new computer. So my question is why hasn't Spyware Doctor put the file on a safe list if it's a false positive? Is it possible that MediaMonkey has actually been distributing an infected installer?

My Avira Antivirus doesn't report any problem with the file, but today I decided to submit the file to ThreatExpert to get another opinion and like Spyware Doctor, it came up POSITIVE reporting the same infection with Backdoor.Graybird.GEN. ThreatExpert posts their reports online. This one is available here: http://www.threatexpert.com/report.aspx ... a8f8ed5a77

ThreatExpert's description of the infection:
"Backdoor.Graybird.GEN has rootkit functionality. It injects itself into various processes causing them to be hidden. It also logs keystrokes and sends this information to remote servers."

Spyware Doctor's description:
"A malicious application that runs in the background and allows remote access to your system, giving the attacker full control."

Post Reply