Forums General Discussion malware.Bkdr_Ircflood.X

Alright. I just finished pretty much EVERY post here and on that other website thread.

Let start by saying that this is 90% NOT a FALSE POSITIVE.
It's a mIRC backdoor/worm that's extremely dificult, if not impossible, to get rid of.

Like everyone else, housecall will find on my computer 'malware.BKDR_IRCFLOOD.X' trojan and simply report its successful identification and removal.

About a week ago I got a PM from a friend on a channel where I idle all the time.
It had couple of lines like "sap" and "hi" then followed by a link to a flash animation poking fun at microsoft windows.
Other people reported a link to a .jpg file or even a .txt file.
I did a Norton AV scan immediately after since my buddy told me that it wasn't him pm-ing me, but he's infected with a trojan. Norton didn't find anything, and it's been almost a week since then my mirc was working just fine.

Yesterday I joined my usual list of channels and within 2 minutes started receiving conspicious messages from people all over whom I don't know.
Their replies were consistent with what the worm pm's other users, especially when some of them commented on the flash animation 'microsoft OS sux' and so on.
Of course, I would get kicked/banned from channels and servers.

I knew immediately my computer was infected for sure.
I scanned many times with housecall and other utilities. Only housecall finds it, supposedly 'removes' it, but it's back there next time I start mirc.

My conclusion is that trendmicro/housecall is not mistaken, but it simply doesn't know (yet) how to propperly remove this serious threat. And all of you who think you are safe just because your mirc seems to be working fine think twice.
I would say that the clever design of the worm allows it to 'sleep' for a few days and then start causing troubles.

I'm not going to take chances with this worm, since as reported by trendmicro, it not only affects mirc behaviour, but it can also record my activity online, steal passwords and use my computer for DDOS attacks.

For now I'm booting into my linux install until I get time to do this and also install a hardware router/firewall.

I'll try one other thing mentioned on boards and let you know final result, although I'll still format, it's just too risky.

Good Luck.