Trojan.Graybird

Hi, I have a malware problem.

It's been a while since I attempted to address it, ...due to frustration.
so details may be sketchy at the moment.

I had run out of ideas on how to deal with it, until I met your malware thread, and have decided, it's about time I gave it a go. Knowing (hopefully) that with all your support, I will succeed it getting rid of this problem.

When identified by Symantec, it identifies it as a trojan.graybird, but other antivirus I have tried just identified it as a random trojan. Symantec recommendations for getting rid of trojan.graybird (both versions) didn't work, and none of the antiviruses I tried could have either. I tried Symantec Endpoint 11, Microsoft Security Essentials, ESET Nod32 and one or 2 others I can't remember.

The machine is Windows XP.

It was on my brother's PC and I foolishly believing in my profound abilities, used a flash drive to transfer data between my PC and his, since the virus blocks internet access after a few hours of infection and his PC could no longer connect. Since then, I've been using both PCs with Linux (Ubuntu).

On my PC, I have 2 drives, one which houses the OS and the other for Storage of data. I had backed up my few files and then nuked my Windows XP partition, since I don't really keep anything much in there.

My plan is to follow your advice on your malware thread:
http://forums.majorgeeks.com/showthread.php?t=35407
but after re-installing Windows XP and running a full scan with Symantec, (with the secondary drive disabled in the bios, something I had also done previously) the primary drive is clean. So I used Macrium Reflect to image the partition, so I have a clean return point if things go south.

The thing is, from the last time I did this, I'm 100% certain the trojan resides in the secondary drive.

So knowing this, how do I proceed with your thread?
from the running CCleaner part. Do I run CCleaner on a clean drive with basically nothing on it or do I connect the secondary drive and then run it?
Does CCleaner only look at the OS drive or other drives?

Knowing that the virus is on this secondary drive, would there be a way to connect it and scan (and hopefully remove the malware), without re-infecting the primary?

 

Thanks, based on what you said, I will boot into windows with both drives connected and run through the malware cleaning procedure and hope for the best.

 

Here are my logs.

From my preliminary analyses, they all appear to be clean.:-o
And, so far I'm not getting any signs of malware, so maybe the reinstall did it.

I'll keep you guys informed, if any malware-like activities show up.:cool

 

Thanks again.

As I said in my original post, my brother's PC is also infected, so with my new-found knowledge, I will apply the same procedure to his PC.

Though, I believe that I know where the source of the re-infection lies; I had backed up the drivers and used that to reinstall the driver pack. Most likely the trojan is hiding in there.

 

Thanks, I toggled system restore, as a copy of the virus was found in system volume on the secondary drive by symmantec during a full system scan. Subsequent scans were clean.

I restored my previous image I started with; which was also clean, so that I can use these softwares again, if I get an infection; since I realized a couple of them made use of the trial period for them.