mIRC Home    About    Download    Register    News    Help

Print Thread
Page 1 of 3 1 2 3
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
When I start the computer, it says i don't have, or i'm missing, the hideapp.exe file in the mirc folder. I checked, and it's there, but if I click on it, the same message appears. Maybe if I get another hideapp file from one of you, it might work. Please tell me what to do.
Thank You
-DO

Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
mIRC doesn't have a hideapp.exe, if your copy does then you definately are not running a version downloaded from mIRC.com. What I would suggest you do is uninstall mIRC, run a virus scan, then reinstall mIRC but ONLY DOWNLOAD mIRC FROM THIS SITE. If you download it from somewhere else it is possible that someone has modified mIRC and included some infected files (which is why you should run a virus scan).

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
First of all, I did download mirc from morc.com. Second, I can't uninstall. When I click on the uninstall button, it says I need to close it first, but I never opened it. I ran a virus scan today, and I got 288 infected files. All of which were irc trojans. I think mirc is always open when I start the computer, and therefore, I keep getting these irc trojans. Please help me out.
Thank You
-DO

Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
Open DOS and type netstat

This shows all current connections. It may be that this trojan is logged in to several networks and has the URL catcher turned on to automatically send you to infected websites.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
geez did u click on that same spammed url that many times??? ok jk but yes u need to close the mirc connection as watchdog stated above and then uninstall it and again run that scan


D3m0nnet.com
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
How do I get to dos? And also, how am I supposed to uninstall if it won't let me?

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
I have windows 2000 pro, and it's not a dos operated system.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
ok click start menu then click all programs then accessories and then msdos ...... at that prompt letter type netstat ..... it will list all of your connections ........ then if u are using windowx xp u could press control alt and delete at the same time ONE TIME only
click the processes tab and close down any mirc process ....... then uninstall the program and restart ur pc
repeat process till u have deleted any mirc from ur pc that is active and tryin to run
...... altho u will have to run another virus scan after this to ensure u dont have more infected files ...... not to mention u will need to remove the start as service from the registry on the/those infected mircs


D3m0nnet.com
Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
lol EVERY windows OS has Dos prompt capability in it ..... and even tho they say it isnt dos based it still recognizes it


D3m0nnet.com
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
The problem is, I can't uninstall mirc. I close all mirc processes (which is only one) and then when I try to uninstall, it won't let me because it says it's still running.

Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
Just type /run cmd in mIRC.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
But I can't even connect to mirc.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
if it says its still running it either re ran its execution on its own after u stopped it OR you missed it ..... possibly it is renamed or whatnot but it is still there running suggestion ....... close anything u know ur not using ...... and then uninstall that mirc ....... then reboot ....... aside from that there are other posts here that give a better detailed way of removing this ..... click search ...... look for virus or trojans expland it to about one month in the search one would be located HERE another would be HERE

hope that help alil


D3m0nnet.com
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
This is such a nuisance. I can't play Warcraft 3 because it says I need direct x 8.1 or newer, but I have 9.0, so do you think it could be possible that this mirc thing isn't letting me play? I could play the game before the error messages.

Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
Try this, Play the game without mIRC!

Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
No need to log into a server. If mIRC can be opened you can perform any /run commands there and indeed some others. You can also go to Start Button - Run and then just type cmd there to kick it in the guts.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
hmmm. Thanks for the help guys, but nothing worked.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
ok first off i wasnt aware mirc had anything to do with warcraft3 or directx ..... but lets say this ....... U HAVE SEVERAL F'd up files ......... stop worrying about a game and fix that first ...... dont go trying every lil button out to test what does or doesnt work ...... your problem is because of this irc trojan u let into your pc ...... remove that then fix your toys ....... most likely your files are f'd up because of this trojan read them posts i told u about and do a bigger search of that subject to find more info on how to get rid of it as its been discussed several times


D3m0nnet.com
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
I had at least 9 irc trojans today, and 288 infected files. Do you think that if I remove everything from my hard drive, then reinstall windows and all my programs, that it will work. I was thinking about that, and decided it's a good idea since I don't have anything important on my computer.

Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
Did you run a virus/trojan scanner after becoming infected?

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
Well, I did run Norton antivirus, but I want to reinstall windows 2000 pro, so my question is: Will it correct all my problems?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
ok the answer to that is yes it will work if u have all of ur installed programs cds and other important info ....... but why go thru all that if u just read the other posts and see how they have explained how to remove it???? and how and why u got it so u wont get it again??? why do things the hard way??


D3m0nnet.com
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
Well for me when I got infected the trojan duplicated itself thousands of times I ran norton, McAffee and they didn't catch them all I ran AVG and I think The Cleaner. When I neutralized my infections I ended up having to do a system recovery because all of my files were totally screwed. I am running windows XP so far it seemed to have helped me but I don't know if it will you. I'm not telling you to go ahead and re-install anything and I cannot tell you if it will work. The case may be different for you.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
For a few reasons. One is i'm too lazy. Two is I don't want to risk it. And three is it will definitely get rid of all my problems, and if I never use Kazaa or mirc again, I most likely won't get viruses again.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
What operating system do you run D3M0n?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
i have several Operating systems i run on several different pcs ...... on the one im on right now im using windows xp pro


D3m0nnet.com
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
Not using mIRC is not a virus-free guarantee. Only staying off the net is.

If you use mIRC only for chat and the occasional DCC between mates then there shouldn't be any problems. If you linger in wares channels or leave P2P programmes running 24/7 then of course the situation will be alot different. There is a perception that downloading via P2P provides for a reduced risk of getting infected with a virus. This is completely false.

In short - chatting will not get you infected. Downloading anything will by chance get you infected.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
do you have a file named hideapp in E:\Program Files\Microsoft\Drivers\Next

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
Anyway, thanks a lot for your help. You've been great, but i'm tired and annoyed, and I need to go to sleep. Please feel free to post a few more suggestions, but I think you've given me all the help you can give. Thanks again.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
no i do not have a file called hideapp ....... but then again i dont have 288 infected files either???


D3m0nnet.com
Joined: Dec 2002
Posts: 349
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Dec 2002
Posts: 349
If you're having problems deleting the mIRC because its already running you will have to manually kill the program. This is a bother because the virus uses the "HideApp" executable to remove its system tray icon and make itself a windows service (which won't show in your ctrl+alt+delete task list and will survive logout - although I'm not certain if this behaviour also happens in XP).

You should be able to find and kill the process with a 3rd party process manager like PrcView (your virus scanner itself might have to ability to forcefully kill - so give that a try too), the hostile .exe's probably won't call themselves 'mirc.exe' so you'll have to verify with your virus scanner which programs need to be zapped. Once they're no longer running you should be able to delete them.

Joined: Dec 2002
Posts: 54
L
laz Offline
Babel fish
Offline
Babel fish
L
Joined: Dec 2002
Posts: 54
I'm not trying to advertise, but The Cleaner is a great anti-trojan program (it might have been mentioned above, I didn't read this whole thing).

You can download a 30 day trial at http://www.moosoft.com/

Also watch where you download mIRC scripts smile I suggest only sites like mircscripts.org (I've never had a problem with them).

Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
From what I gathered there’s been bad mIRC script which been and probably still circulating on mIRC, Virus/Trojan combinations. This Infection is capable of uploading/downloading files between Network Computers and installs itself among them. Uses FTP Protocol for File Transferings, also uses registry to embed itself into the Operating Win2k/XP Systems, with one line change the Infection is capable of working on all Windows Operating Systems Win9x/ME/NT/2K/XP…

Some indications of this particular infection;

1. Generated abnormal Sounds, randomly occurring, makes noises for couple of minutes and then may stop for hours on end before it occurs again.
2. Your computer is unexpectedly slow.
3. Other indications exist but you just don’t become alerted unless you advanced user.

Disconnect from all Client Computers on your Network (Until all has been cleaned) & Temporary pull the plug on your current Internet Connection, and Exit out of all running Applications and go into Windows Task Manager and Terminate all 3rd party processes, try to-do it quickly as possible. Then search the Entire Drives for anything in Reference to hideapp.exe, remote.ini, abcd.jpg and delete all found no matter where it’s located. And quickly empty the “Recycle Bin”.

However, it’s probably for the best before you do the above to Install popular AV, Update, Configure and Scan ALL Local Drives, and then download the newest “The Cleaner” from http://www.moosoft.com and Install, Update, Configure then Scan ALL Local Drives.

Little tip: You should Scan Drive with “The Cleaner” AT first after Updating/Configuring, because it’s capable of undoing damages in Registry and so forth that these known Infections does. When an AV just deletes/repairs the files and doesn’t care about the damages it had done in the Registry and so forth on users operating Systems.

Afterwards do AV Scan on all Local HDD’s and then cycle back to “The Cleaner” afterwards just to be ensured it’s gone/gone.

It’s also best that once cleaned up from this that you clean your Entire “System Restore” Directory. Start Menu \ Settings\ Control Panel \ System \ Select “System Restore” and access Each "Available drives" “Settings” button, and move the "Slider" from the right to the very left (Min) and click “OK” Button and proceed to-do the very thing with all the other “Available drives” then uncheck to Disable "Turn off System Restore on all drives" and re-boot.

It’s very important you do this with all other Client Computers in your Network BEFORE linking them back up.

If you had already tried without following these procedures you may encounter some problems afterwards that might need to be repaired manually, Others an I should be capable of assisting you on here depending if you can explain in Details the current problems at hand...


Kn0wledge Is Thee P0wer!!!!
Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
In Addition; this may seem harsh but it’s not mIRC’s fault for user’s actions, If you download mIRC from other sources other-than mIRC’s Official website (http://www.mirc.com) then the fault lies upon the user and user alone. If you accept Files from mIRC despite it’s large notification of what may happen then again it’s not mIRC’s fault but the users themselves to blame for whatever may occur. If you accept files from unknown sources and then execute them then again double the fault upon the Users and Users themselves. If you accept files from so-called “friends” without them notifying that the file will be arriving and without giving you any informatics about it and you execute it, then double fault upon the users and the users themselves. Even if file came from “trusted” source and they had your Authorization before time and you accept and execute before scanning with an Anti-Virus AND an Anti-Trojan cleaners then double fault on the users and the users themselves.

I apologize if this may tick you guys off but blaming mIRC just ticks me especially when it’s not at fault for users actions…


Kn0wledge Is Thee P0wer!!!!
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
That doesn't tick me off I totally agree with that.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
well it sure ticks me off, how can it be me when im perfect and this pc in front of me is the one making all the errors ....... hahahaha jk ..... seriously tho very good point why someone would immediatly blame a program for thier own short sightedness


D3m0nnet.com
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
I think from what i understood that people try to blame mIRC for their stupidity rather than themselves...basically placing the blame somewhere else. An example would be:

Say I downloaded something from a friend using mIRC rather than Kazaa or something. I get a virus/trojan and I would blame mIRC for not detecting it. (But I wouldn't dare repeat past experiences again)

I would blame myself for not using common sense

I think thats what was meant which I would agree that you are responsible for your own actions.. Ah well Its not like I would do that in the first place LOL


Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
Glad I didn’t see no complaints yet of what I had said, but so far this doesn’t only apply to mIRC but many good Programs getting bad regulations because users lack of common sense, for an Example a Anti-Virus System gets blamed for not detecting an Infected files upon downloading and Executing however the users don’t have Background Scanning Enabled and other areas configured, and neither is the Definitions being Updated regularly. And let’s say these people got infected with a Trojan and their AV System had been properly Configured/Updated and Background Scanning Enabled, but it didn’t detect the Trojan, well since when Anti-Virus System had ever done good job in Reference to “Real” Trojans anyhow, you require to use specific Anti-Trojan System if you expect things to get done right...

I could give tonz of Examples of users lack of common sense, and yet they blame elsewhere other-than themselves.


Kn0wledge Is Thee P0wer!!!!
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
I agree with that. Well put

Joined: Dec 2002
Posts: 329
Fjord artisan
Offline
Fjord artisan
Joined: Dec 2002
Posts: 329
Most probably it wasn't mIRC at all that got you infected. Most viral infections arrive by email these days. After their arrival it only takes two careless clicks to launch a viral outbreak on your machine. Alternatively they enter your PC because you didn't set a proper password on your administrator account.
The particular situation you refer to, with a mIRC still running you can't close, I bet you got infected with (something like) Trojan.IrcBounce, that includes a malicious copy of an old mIRC.

Trojan.IrcBounce - Is your PC infected with a mIRC version 5.7 (as the Help/About/ menu will tell you) that suddenly starts when you boot your PC? Is it hiding as TASKMNGR.EXE (not to be confused with TASKMNG.EXE or TASKMAN.EXE)? Chances are this is the virus called Trojan.IrcBounce bugging you!

From the load of reports I recieved it seems we have a firm outbreak of this trojan. Trojan.IrcBounce is the name for a collection of programs that a hacker can use to conceal intrusion and obtain administrator-level access to Microsoft Windows environments. After it is installed into your PC, it gives a remote attacker unobstructed access to your computer!

The trojan includes a copy of mIRC that hides as Taskmngr.exe actually being mIRC32.exe version 5.7. The Trojan uses this file to run all of its mIRC scripts, including Dll32.hlp, Dll32NT.hlp, Xvpll.hlp, Httpsearch.ini, and NT32.ini. Read more, and detailed removal instructions at http://securityresponse.symantec.com/avcenter/venc/data/trojan.ircbounce.html.
Note how this page tells you how the Norton virus scanner will remove the infection itself, but NOT the files in its payload. It will not remove mIRC or the registry setting starting mIRC! You'll have to do this yourself, by hand. The info page provides most info you need to do that.

Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
“Most probably it wasn't mIRC at all that got you infected.”

mIRC doesn’t get people infected, it’s people lack of common sense which gets themselves infected. Yea maybe the Transferred files over IRC was the source of how you received the Infected Files but its Lack of common sense which gets anyone infected. People should know by now not to execute files unless sent by very “trusted” sources (who had your authorization to send, with informatics about the files) and even then you should scan the files before executing them with an properly Configured/Updated AV, AT Cleaners. Because even “Trusted” sources may have spread which they aren’t aware of themselves do to no AV & AT or lack of laziness to properly Configure/Update the AV, AT Cleaners and run Manual Scans on these files downloaded.


Kn0wledge Is Thee P0wer!!!!
Page 1 of 3 1 2 3

Link Copied to Clipboard