GrayBird Backdoor Removal: Remove GrayBird Backdoor Forever

Let our support team solve your problem with GrayBird Backdoor and repair GrayBird Backdoor right now!

Leave the detailed description of your GrayBird Backdoor problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix GrayBird Backdoor problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete GrayBird Backdoor problem removal solution.

Describe your problem here and we'll contact you in several minutes:

* Name: * E-mail: * Problem summary: * Detailed problem description:

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Warning:

1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you GrayBird Backdoor removal solution.
2) All fields of this form are obligatory.

Guaranteed Problem Solution	Threat's description and solution are developed by Security Stronghold security team. Let professionals make your problems solved now!
What is GrayBird Backdoor? Technical details of GrayBird Backdoor problem and GrayBird Backdoor removal tool Methods for manual GrayBird Backdoor removal Free download of a program that will solve your problem automatically Free instant professional support in solving GrayBird Backdoor error from our Security Support Team

Threat's profile

	Name of the threat: GrayBird Backdoor
	Command or file name: !gaiguo.exe
	Threat type: Spyware\trojan
	Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

GrayBird Backdoor intrusion method

GrayBird Backdoor copies its file(s) to your hard disk. Its typical file name is !gaiguo.exe. Then it creates new startup key with name GrayBird Backdoor and value !gaiguo.exe. You can also find it in your processes list with name !gaiguo.exe or GrayBird Backdoor.

If you have further questions about GrayBird Backdoor, please fill in the form above and we'll contact you shortly.

» Download program to remove GrayBird Backdoor (GrayBird Backdoor Removal Tool)

Recommended Solution

If you are not sure what to delete, use our award winning program - GrayBird Backdoor Removal Tool.

GrayBird Backdoor Removal Tool will find and fully remove GrayBird Backdoor and all problems associated with GrayBird Backdoor virus.

Fast, easy, and handy, GrayBird Backdoor Removal Tool protects your computer against GrayBird Backdoor that does harm to your computer and breaks your privacy. GrayBird Backdoor Removal Tool scans your hard disks and registry and destroys any manifestation of GrayBird Backdoor. Standard anti-virus software can do nothing against malicious programs like GrayBird Backdoor. Remove GrayBird Backdoor straight away!

» Download GrayBird Backdoor Removal Tool now for free

How to fix GrayBird Backdoor

This problem can be solved manually by deleting all registry keys and files connected with GrayBird Backdoor, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by GrayBird Backdoor.

To get rid of GrayBird Backdoor, you should:

1. Kill the following processes and delete the appropriate files:

• 1[1].exe[0].exe
• ¡¡svchost.exe
• CiKE.exe
• copy of copy of zj[1].exe
• error.dat
• g_sere2006.dll
• g_sere2006.exe
• g_sere2006key.dll
• hacker.com.cn.exe
• jgd2.tmp
• netsvr32.exe
• paramstr.txt
• pfd2.tmp
• RpcSer.exe
• svchuvsts.exe
• systask.dll
• win.exe
• yang.exe

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use GrayBird Backdoor Removal Tool for safe problem solution.

2. Delete the following malicious folders:

• C:\Documents and Settings\User\Desktop\cike\
• C:\Documents and Settings\User\Desktop\swattool_1.38\

3. Delete the following malicious registry entries and\or values:

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: Type

• Key: System\CurrentControlSet\Services\GrayPigeon\Security
  Value: Security

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeon\Enum

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: Service

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: Description

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë\Security
  Value: Security

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: Type

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: Start

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: ImagePath

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: DisplayName

• Key: System\CurrentControlSet\Services\GrayPigeonServer\Security
  Value: Security

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: ObjectName

• Key: System\CurrentControlSet\Services\GrayPigeonServer
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSERVER\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonServer\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonServer\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonServer\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEONSERVER\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: Start

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: ImagePath

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: DisplayName

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: ObjectName

• Key: System\CurrentControlSet\Services\GrayPigeon
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEON\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeon\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeon\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEON\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: Type

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: Start

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: ImagePath

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: DisplayName

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: ObjectName

• Key: System\CurrentControlSet\Services\System Event Notification¡¡
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\System Event Notification¡¡\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\System Event Notification¡¡\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\System Event Notification¡¡\Enum
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1
  Value: NextInstance

• Key: System\CurrentControlSet\Services\System Event Notification¡¡\Security
  Value: Security

• Key: System\CurrentControlSet\Services\GrayPigeon\Enum

• Key: System\CurrentControlSet\Services\GrayPigeon\Enum
  Value: Count

• Key: System\CurrentControlSet\Services\GrayPigeon\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: Type

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: Start

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: ImagePath

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: DisplayName

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve\Security
  Value: Security

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: ObjectName

• Key: System\CurrentControlSet\Services\GrayPigeonSefgrve
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_GRAYPIGEONSEFGRVE\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonSefgrve\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonSefgrve\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\GrayPigeonSefgrve\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_GRAYPIGEONSEFGRVE\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\system32
  Value: Type

• Key: System\CurrentControlSet\Services\system32
  Value: Start

• Key: System\CurrentControlSet\Services\system32
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\system32
  Value: ImagePath

• Key: System\CurrentControlSet\Services\system32
  Value: DisplayName

• Key: System\CurrentControlSet\Services\system32\Security
  Value: Security

• Key: System\CurrentControlSet\Services\system32
  Value: ObjectName

• Key: System\CurrentControlSet\Services\system32
  Value: Description

• Key: System\CurrentControlSet\Services\RpcSer
  Value: Type

• Key: System\CurrentControlSet\Services\RpcSer
  Value: Start

• Key: System\CurrentControlSet\Services\RpcSer
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\RpcSer
  Value: ImagePath

• Key: System\CurrentControlSet\Services\RpcSer
  Value: DisplayName

• Key: System\CurrentControlSet\Services\RpcSer\Security
  Value: Security

• Key: System\CurrentControlSet\Services\RpcSer
  Value: ObjectName

• Key: System\CurrentControlSet\Services\RpcSer
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_RPCSER\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\RpcSer\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\RpcSer\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\RpcSer\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_RPCSER\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Enum\Root\LEGACY_SYSTEM_EVENT_NOTIFICATION*00A1*00A1\0000\Control
  Value: ActiveService

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: Type

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: Start

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: ImagePath

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: DisplayName

• Key: System\CurrentControlSet\Services\WINEOWS SEVER\Security
  Value: Security

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: ObjectName

• Key: System\CurrentControlSet\Services\WINEOWS SEVER
  Value: Description

• Key: SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS*00B7*00FE*00CE*00F1*00B6*00CB\0000\Control
  Value: ActiveService

• Key: SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS*00B7*00FE*00CE*00F1*00B6*00CB\0000\Control
  Value: ActiveService

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: DisplayName

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: ImagePath

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: ObjectName

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: Type

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: Start

• Key: SYSTEM\CurrentControlSet\Services\windows·þÎñ¶Ë
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\eonServer
  Value: Type

• Key: System\CurrentControlSet\Services\eonServer
  Value: Start

• Key: System\CurrentControlSet\Services\eonServer
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\eonServer
  Value: ImagePath

• Key: System\CurrentControlSet\Services\eonServer
  Value: DisplayName

• Key: System\CurrentControlSet\Services\eonServer\Security
  Value: Security

• Key: System\CurrentControlSet\Services\eonServer
  Value: ObjectName

• Key: System\CurrentControlSet\Services\eonServer
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_EONSERVER\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\eonServer\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\eonServer\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\eonServer\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: Type

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: Start

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: ErrorControl

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: ImagePath

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: DisplayName

• Key: System\CurrentControlSet\Services\svchuvsts\Security
  Value: Security

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: ObjectName

• Key: System\CurrentControlSet\Services\svchuvsts
  Value: Description

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS
  Value: NextInstance

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000\Control
  Value: *NewlyCreated*

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: Service

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: Legacy

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: ConfigFlags

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: Class

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: ClassGUID

• Key: SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_SVCHUVSTS\0000
  Value: DeviceDesc

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\svchuvsts\Enum

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\svchuvsts\Enum
  Value: Count

• Key: SYSTEM\CURRENTCONTROLSET\SERVICES\svchuvsts\Enum
  Value: NextInstance

• Key: System\CurrentControlSet\Enum\Root\LEGACY_SVCHUVSTS\0000\Control
  Value: ActiveService

• Key: COMFILE\SHELL\OPEN\COMMAND

Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use GrayBird Backdoor Removal Tool for safe problem solution.

Next threat: Graybird.K »

Learn more about GrayBird Backdoor and !gaiguo.exe »

« Back to catalog