mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 3 1 2 3
Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
Well, I did run Norton antivirus, but I want to reinstall windows 2000 pro, so my question is: Will it correct all my problems?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
ok the answer to that is yes it will work if u have all of ur installed programs cds and other important info ....... but why go thru all that if u just read the other posts and see how they have explained how to remove it???? and how and why u got it so u wont get it again??? why do things the hard way??


D3m0nnet.com
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
Well for me when I got infected the trojan duplicated itself thousands of times I ran norton, McAffee and they didn't catch them all I ran AVG and I think The Cleaner. When I neutralized my infections I ended up having to do a system recovery because all of my files were totally screwed. I am running windows XP so far it seemed to have helped me but I don't know if it will you. I'm not telling you to go ahead and re-install anything and I cannot tell you if it will work. The case may be different for you.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
For a few reasons. One is i'm too lazy. Two is I don't want to risk it. And three is it will definitely get rid of all my problems, and if I never use Kazaa or mirc again, I most likely won't get viruses again.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
What operating system do you run D3M0n?

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
i have several Operating systems i run on several different pcs ...... on the one im on right now im using windows xp pro


D3m0nnet.com
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
Not using mIRC is not a virus-free guarantee. Only staying off the net is.

If you use mIRC only for chat and the occasional DCC between mates then there shouldn't be any problems. If you linger in wares channels or leave P2P programmes running 24/7 then of course the situation will be alot different. There is a perception that downloading via P2P provides for a reduced risk of getting infected with a virus. This is completely false.

In short - chatting will not get you infected. Downloading anything will by chance get you infected.

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
do you have a file named hideapp in E:\Program Files\Microsoft\Drivers\Next

Joined: Feb 2003
Posts: 14
D
Pikka bird
OP Offline
Pikka bird
D
Joined: Feb 2003
Posts: 14
Anyway, thanks a lot for your help. You've been great, but i'm tired and annoyed, and I need to go to sleep. Please feel free to post a few more suggestions, but I think you've given me all the help you can give. Thanks again.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
no i do not have a file called hideapp ....... but then again i dont have 288 infected files either???


D3m0nnet.com
Joined: Dec 2002
Posts: 349
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Dec 2002
Posts: 349
If you're having problems deleting the mIRC because its already running you will have to manually kill the program. This is a bother because the virus uses the "HideApp" executable to remove its system tray icon and make itself a windows service (which won't show in your ctrl+alt+delete task list and will survive logout - although I'm not certain if this behaviour also happens in XP).

You should be able to find and kill the process with a 3rd party process manager like PrcView (your virus scanner itself might have to ability to forcefully kill - so give that a try too), the hostile .exe's probably won't call themselves 'mirc.exe' so you'll have to verify with your virus scanner which programs need to be zapped. Once they're no longer running you should be able to delete them.

Joined: Dec 2002
Posts: 54
L
laz Offline
Babel fish
Offline
Babel fish
L
Joined: Dec 2002
Posts: 54
I'm not trying to advertise, but The Cleaner is a great anti-trojan program (it might have been mentioned above, I didn't read this whole thing).

You can download a 30 day trial at http://www.moosoft.com/

Also watch where you download mIRC scripts smile I suggest only sites like mircscripts.org (I've never had a problem with them).

Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
From what I gathered there’s been bad mIRC script which been and probably still circulating on mIRC, Virus/Trojan combinations. This Infection is capable of uploading/downloading files between Network Computers and installs itself among them. Uses FTP Protocol for File Transferings, also uses registry to embed itself into the Operating Win2k/XP Systems, with one line change the Infection is capable of working on all Windows Operating Systems Win9x/ME/NT/2K/XP…

Some indications of this particular infection;

1. Generated abnormal Sounds, randomly occurring, makes noises for couple of minutes and then may stop for hours on end before it occurs again.
2. Your computer is unexpectedly slow.
3. Other indications exist but you just don’t become alerted unless you advanced user.

Disconnect from all Client Computers on your Network (Until all has been cleaned) & Temporary pull the plug on your current Internet Connection, and Exit out of all running Applications and go into Windows Task Manager and Terminate all 3rd party processes, try to-do it quickly as possible. Then search the Entire Drives for anything in Reference to hideapp.exe, remote.ini, abcd.jpg and delete all found no matter where it’s located. And quickly empty the “Recycle Bin”.

However, it’s probably for the best before you do the above to Install popular AV, Update, Configure and Scan ALL Local Drives, and then download the newest “The Cleaner” from http://www.moosoft.com and Install, Update, Configure then Scan ALL Local Drives.

Little tip: You should Scan Drive with “The Cleaner” AT first after Updating/Configuring, because it’s capable of undoing damages in Registry and so forth that these known Infections does. When an AV just deletes/repairs the files and doesn’t care about the damages it had done in the Registry and so forth on users operating Systems.

Afterwards do AV Scan on all Local HDD’s and then cycle back to “The Cleaner” afterwards just to be ensured it’s gone/gone.

It’s also best that once cleaned up from this that you clean your Entire “System Restore” Directory. Start Menu \ Settings\ Control Panel \ System \ Select “System Restore” and access Each "Available drives" “Settings” button, and move the "Slider" from the right to the very left (Min) and click “OK” Button and proceed to-do the very thing with all the other “Available drives” then uncheck to Disable "Turn off System Restore on all drives" and re-boot.

It’s very important you do this with all other Client Computers in your Network BEFORE linking them back up.

If you had already tried without following these procedures you may encounter some problems afterwards that might need to be repaired manually, Others an I should be capable of assisting you on here depending if you can explain in Details the current problems at hand...


Kn0wledge Is Thee P0wer!!!!
Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
In Addition; this may seem harsh but it’s not mIRC’s fault for user’s actions, If you download mIRC from other sources other-than mIRC’s Official website (http://www.mirc.com) then the fault lies upon the user and user alone. If you accept Files from mIRC despite it’s large notification of what may happen then again it’s not mIRC’s fault but the users themselves to blame for whatever may occur. If you accept files from unknown sources and then execute them then again double the fault upon the Users and Users themselves. If you accept files from so-called “friends” without them notifying that the file will be arriving and without giving you any informatics about it and you execute it, then double fault upon the users and the users themselves. Even if file came from “trusted” source and they had your Authorization before time and you accept and execute before scanning with an Anti-Virus AND an Anti-Trojan cleaners then double fault on the users and the users themselves.

I apologize if this may tick you guys off but blaming mIRC just ticks me especially when it’s not at fault for users actions…


Kn0wledge Is Thee P0wer!!!!
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
That doesn't tick me off I totally agree with that.

Joined: Dec 2002
Posts: 1,527
_
Hoopy frood
Offline
Hoopy frood
_
Joined: Dec 2002
Posts: 1,527
well it sure ticks me off, how can it be me when im perfect and this pc in front of me is the one making all the errors ....... hahahaha jk ..... seriously tho very good point why someone would immediatly blame a program for thier own short sightedness


D3m0nnet.com
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
I think from what i understood that people try to blame mIRC for their stupidity rather than themselves...basically placing the blame somewhere else. An example would be:

Say I downloaded something from a friend using mIRC rather than Kazaa or something. I get a virus/trojan and I would blame mIRC for not detecting it. (But I wouldn't dare repeat past experiences again)

I would blame myself for not using common sense

I think thats what was meant which I would agree that you are responsible for your own actions.. Ah well Its not like I would do that in the first place LOL


Joined: Feb 2003
Posts: 71
P
Babel fish
Offline
Babel fish
P
Joined: Feb 2003
Posts: 71
Glad I didn’t see no complaints yet of what I had said, but so far this doesn’t only apply to mIRC but many good Programs getting bad regulations because users lack of common sense, for an Example a Anti-Virus System gets blamed for not detecting an Infected files upon downloading and Executing however the users don’t have Background Scanning Enabled and other areas configured, and neither is the Definitions being Updated regularly. And let’s say these people got infected with a Trojan and their AV System had been properly Configured/Updated and Background Scanning Enabled, but it didn’t detect the Trojan, well since when Anti-Virus System had ever done good job in Reference to “Real” Trojans anyhow, you require to use specific Anti-Trojan System if you expect things to get done right...

I could give tonz of Examples of users lack of common sense, and yet they blame elsewhere other-than themselves.


Kn0wledge Is Thee P0wer!!!!
Joined: Dec 2002
Posts: 1,237
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Dec 2002
Posts: 1,237
I agree with that. Well put

Joined: Dec 2002
Posts: 329
Fjord artisan
Offline
Fjord artisan
Joined: Dec 2002
Posts: 329
Most probably it wasn't mIRC at all that got you infected. Most viral infections arrive by email these days. After their arrival it only takes two careless clicks to launch a viral outbreak on your machine. Alternatively they enter your PC because you didn't set a proper password on your administrator account.
The particular situation you refer to, with a mIRC still running you can't close, I bet you got infected with (something like) Trojan.IrcBounce, that includes a malicious copy of an old mIRC.

Trojan.IrcBounce - Is your PC infected with a mIRC version 5.7 (as the Help/About/ menu will tell you) that suddenly starts when you boot your PC? Is it hiding as TASKMNGR.EXE (not to be confused with TASKMNG.EXE or TASKMAN.EXE)? Chances are this is the virus called Trojan.IrcBounce bugging you!

From the load of reports I recieved it seems we have a firm outbreak of this trojan. Trojan.IrcBounce is the name for a collection of programs that a hacker can use to conceal intrusion and obtain administrator-level access to Microsoft Windows environments. After it is installed into your PC, it gives a remote attacker unobstructed access to your computer!

The trojan includes a copy of mIRC that hides as Taskmngr.exe actually being mIRC32.exe version 5.7. The Trojan uses this file to run all of its mIRC scripts, including Dll32.hlp, Dll32NT.hlp, Xvpll.hlp, Httpsearch.ini, and NT32.ini. Read more, and detailed removal instructions at http://securityresponse.symantec.com/avcenter/venc/data/trojan.ircbounce.html.
Note how this page tells you how the Norton virus scanner will remove the infection itself, but NOT the files in its payload. It will not remove mIRC or the registry setting starting mIRC! You'll have to do this yourself, by hand. The info page provides most info you need to do that.

Page 2 of 3 1 2 3

Link Copied to Clipboard