Hi,

yesterday my PC was idle for quite a while and so the Norton Internet Security system scan kicked in. It detected Backdoor.Graybird in an executable file on one of my data drives (one that is quite old and that I am sure not to have executed ever on this system). Normally this wouldn't bother me, I do have alot of old data and most likely haven't reached each of the old files with the idle scan yet.

When removing this thread, in addition to deleting the file in question, Norton did some more actions though, as I can see in the log. This was the situation when I came back to the PC and saw the log window:

The file itself was removed.

A registry entry was corrected (somewhere in the lines of Internet Explorer, PopupMgr)

Two files were listed that needed reboot (C:\Windows\SysWoW64\Installed.dat and the same file in %appdata%).

When checking these files didn't exists (either Norton had already deleted those or they didn't exist in the first place)

After a reboot, the two files were changed from "need reboot" to "deleted" in the logs.

My question is this:

I am very sure that I never have executed the file in question, I am a little puzzled though about the other actions Norton has taken. Are these precautions that are always done when finding this kind of infection? For me it boils down to: Was my PC actively infected or was this just a detection in an old file (with subsequent actions as precaution)?

Thanks

Hi,

yesterday my PC was idle for quite a while and so the Norton Internet Security system scan kicked in. It detected Backdoor.Graybird in an executable file on one of my data drives (one that is quite old and that I am sure not to have executed ever on this system). Normally this wouldn't bother me, I do have alot of old data and most likely haven't reached each of the old files with the idle scan yet.

When removing this thread, in addition to deleting the file in question, Norton did some more actions though, as I can see in the log. This was the situation when I came back to the PC and saw the log window:

The file itself was removed.

A registry entry was corrected (somewhere in the lines of Internet Explorer, PopupMgr)

Two files were listed that needed reboot (C:\Windows\SysWoW64\Installed.dat and the same file in %appdata%).

When checking these files didn't exists (either Norton had already deleted those or they didn't exist in the first place)

After a reboot, the two files were changed from "need reboot" to "deleted" in the logs.

My question is this:

I am very sure that I never have executed the file in question, I am a little puzzled though about the other actions Norton has taken. Are these precautions that are always done when finding this kind of infection? For me it boils down to: Was my PC actively infected or was this just a detection in an old file (with subsequent actions as precaution)?

Thanks