Forums mIRC Help Trojan Backdoor.flood

I am using MIRC 6.3 and each time i open the program my spy ware detects and sucessfully deletes a trojan backdoor.flood: also known as backdoor.mirc.flood and backdoor.irc.flood. I can delete this from my system but, it always returns when mirc is started. any ideas on how to prevent this from happening, other than just not using Mirc?
Thanks

So it *does* delete.



But you said it does delete?



Now you're making some sense. I guess you need a method to prevent it from creating itself. Makes me wonder if they trojan really was deleted. But I guess the problem is - it was not successfully deleted. Check the recycle bin?

Try some anti-trojan busters.

If it returns exactly when you start mIRC, then there is likely a script loaded into your mIRC that is creating the virus file.

Start your mIRC, then type:

/remote off

Close mIRC, then delete the virus file. Start your mIRC again and see if the virus file comes back. If it doesn't come back, then you have a bad script loaded into your mIRC. Unload any unknown scripts.

If the virus file DOES come back after you typed /remote off, then there is a separate program running that is creating the virus file, not mIRC. Use an antivirus scanner in safemode to get rid of that program.

-genius_at_work

if it comes back , he could delete mirc.exe and install a fresh
mirc

Thanks for all the good advise folks, I have done the / remote off, didnt help. put in a fresh copy of mirc, trojan still comes back but only when mirc is started. It seems that my programs are deleting the trojan because a follow up check shows it deleted. any other ideas. I have several programs working to catch and delete all this junk and I am quite surprised that this keeps coming back considering all the software I have to prevent it.
Thanks.

Overzealous program marking a legitimate mirc.exe as a trojan. Stupid companies who don't know what they're doing and create false positives just because zombie computers often connect to an IRC network.

I suppose so that could be the case.. i keep getting a backdoor.trojan on a program called spyware detector( #1 pc computing program of the year, last year i think). Problem is mirc is showing up as a trojan and I have allowed that program for some time, i might add with no problems. This however seems different. It is also detected on stopzilla spyware and spybot search and destroy. All three programs cant be wrong, can they???

You running many programs at once? thats not a good idea, if one program detect a virus/trojan, then move it to chest. and another one prevent the first one from move it to chest, then you got what you have now, you should only run 1 virus scanner, then let it do the job, one thing you can try, thats turn off your virus scanner, then go to a www site and use a online scanner, i can give you some that helped me befor.

http://www.bitdefender.com/scan8/ie.html
http://support.f-secure.com/enu/home/ols.shtml
http://www.tenebril.com/scanner/main_scan.php

Try run them and see if they can detect something that your programs can't find.

Anyway.. what do you do... if you purchase programs of good reputation and they tell you that a certain program is responsible for your computers infection, do you just ignore those warnings or do you try to protect your data. I wonder if there is some kind of replicator someplace that my antivirus isnt seeing that may be causing the replication, I use Avast free antivirus, one of the very best ive ever seen, and it is supposed to catch trojans as well, it doesnt find any problem with mirc or with the backdoor.flood. So which series of programs are in error. Dont know, and what would you do if these circumatances persisted on your computer?????

I use avast too, but how ever even the best programs fail from time to time, and if you use a online scanner you can feel more secure if it don't find anything, how ever if more then one scanner tells a user he are infected, then it's something wrong, i don't belive all programs he using feel the same thing and it's nothing there. a online scanner would be the best way to deal with it, at least i think so and it dosent hurt to try

Thanks again for the help... i tried the online scanner tenbril and it found many things, some of which i think are ok... like my home page and things i know are good, and some are not. i am scanning with f secure now results to follow.

If you suspect a file is causing a false positive with your virus scanner, you can always upload it to http://virusscan.jotti.org/ where it is checked with lots of programs.

Does the spyware program give you more details on the file(s) that it is deleting? Does it give you a name and location for the file?

-genius_at_work

Read what symantec has to say about backdoor.irc.flood and you'll see that you need to reinstall the original mIRC software after removing the trojan.

http://www.symantec.com/security_response/writeup.jsp?docid=2001-080313-3306-99

Ok Seems like all that fixed the problem. I found an adware program from lavasoft that was corrupted, I deleted that and installed a fresh copy. Then I deleted the the hijacker programs i had from that progam and restarted mirc. I then deleted the trojans and uninstalled mirc. I then installed a new dloaded copy of that. Now i dont seem to be getting any hijackers or trojans. Basically, i think symantec was saying that the backdoor.flood was included in the mirc program, which is what I suspected. I have talked to many users of mirc and they all say that the trojans are a result of programs improperly identifying them. In this case I think they are wrong and I would suggest that they take care of that problem.
Thanks for all your help.