mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Dec 2005
Posts: 4
A
Self-satisified door
OP Offline
Self-satisified door
A
Joined: Dec 2005
Posts: 4
The latest update to the detection rules for CA eTrust EZAntivirus is detecting (probably false positive) Win32.IRCFlood trojan in mirc.exe.

It winds-up deleting mirc.exe where ever it finds it.

CA eTrust EZAntivirus info:
Product Version 7.0.6.7
Engine Version 11.9.1
Virus Signature Update: 9554

I had to "snooze" EZAntivirus, add c:\program files\mirc\mirc.exe to the "ignore" list and then reinstall mIRC in order to stop EZAntivirus from deleting mirc.exe.

Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
This happens more and more, not much we can do about it, including Khaled. Best thing to do is contact the antivirus development team and tell them to stop being so overprotective and somewhat ignorant to what mIRC is.

That said, before doing so, you should be certain that you weren't indeed infected with the IRC.Flood backdoor.

Regards,


Mentality/Chris
Joined: Dec 2005
Posts: 4
A
Self-satisified door
OP Offline
Self-satisified door
A
Joined: Dec 2005
Posts: 4
Thanks, I just submitted a request to CA to fix their detection signatures (no virus/trojan found using other manufacturer's scanning software).

Annorax64

Last edited by Annorax64; 08/12/05 04:45 PM.
Joined: Feb 2005
Posts: 8
Z
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
Z
Joined: Feb 2005
Posts: 8
i have also had problems in the past with AdAware calling mirc.exe a potential security risk. i just knew to look for it and exclude it whenever i ran the anti-spyware.


Kalsiddon.com - games, videos, music & more
perfect for wen u need a break @ work or school ;-)
Joined: Mar 2003
Posts: 13
D
Pikka bird
Offline
Pikka bird
D
Joined: Mar 2003
Posts: 13
I have got the same trojan...and I also have eTrust anti-virus but I dont know what you mean by "snooze" eTrust.....could you please tell me how to do that? Thanks

Joined: Jun 2003
Posts: 1
S
Mostly harmless
Offline
Mostly harmless
S
Joined: Jun 2003
Posts: 1
i have performed a fresh install of mirc, and etrust antivirus v7.1 is also immediately deleteing it because it find W32.ircflood. i will also submit a report to etrust. er... where do you submit this request, Annorax64?

Last edited by scarf; 08/12/05 10:11 PM.
Joined: Dec 2005
Posts: 1
A
Mostly harmless
Offline
Mostly harmless
A
Joined: Dec 2005
Posts: 1
((( Sorry I just discovered it was my Rogers Internet Online Protection That has been deleting the mirc )))...I deleted that shiz now all is fine ....

Last edited by Anihalator; 09/12/05 12:45 AM.
Joined: Feb 2004
Posts: 2,019
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2004
Posts: 2,019
It's something you should complain about with the authors of your adware/avg software programs, as there's no such thing as a virus/spyware/etc. in the mIRC executable, atleast if you downloaded it from the official source, being http://www.mirc.com/get.html

If you download mIRC which is prepacked in a script, or from other sources, there's no telling what some people with malicious intentions have done with the mirc.exe.

Khaled can't do anything to prevent this, it's those scanners that are incorrectly detecting mIRC as malicious software. If it's anything of a decent scanner, you should be able to put mIRC on some sort of exception list, otherwise maybe it's time to look for a better scanner.


Gone.
Joined: Jan 2003
Posts: 249
C
Fjord artisan
Offline
Fjord artisan
C
Joined: Jan 2003
Posts: 249
when enough people complain at their favorite adware/spyware/abti-virus company on bogus stuff being deleted automatically, they might do something about it.

They are only quick to jump the boat. Maybe you can configure your program to let the mIRC.exe excluded, but that poses a risk if another exe of the same name comes in.

Joined: Oct 2005
Posts: 7
D
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
D
Joined: Oct 2005
Posts: 7
Yeah it does this to me, too.
Just started tonight.

It did a similar thing a few months ago, except that was with some .ini file in the mirc directory, and that was resolved after a few days.
This is worse because now it actually started deleting mirc.exe, forcing me to reinstall mirc.

I'm getting rid of this virus program because it obviously sucks, and i wouldn't want it to start finding non-existant viruses in any more important files, and deleting them too.
That could screw up the entire computer.

Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
I'm using the most up-to-date version of Symantec's Norton Anti-virus, and have been using it (updating as updates have become available) since 2002.

I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.

Joined: Mar 2003
Posts: 13
D
Pikka bird
Offline
Pikka bird
D
Joined: Mar 2003
Posts: 13
could someone please tell me how to put mirc on ignore list in eTrust...I don't see any ignore list...Thanks in advance

Joined: Dec 2005
Posts: 4
A
Self-satisified door
OP Offline
Self-satisified door
A
Joined: Dec 2005
Posts: 4
OK, I heard back from CA. They have fixed their mistake.

Follow the these instructions and EZAntivirus should stop deleting mirc.exe:

Quote:


Thank you for contacting Computer Associates Technical Support.

From your e-mail, I understand that EZ Antivirus is detecting mIRC as virus because of you are not able to use it.

We sincerely apologize the inconvenience caused to you.

To resolve the issue, I request you to perform the steps given below.
1. Update EZ Antivirus and run a thorough scan.
2. After the scan gets complete uninstall mIRC.
3. Download a fresh copy of mIRC and then install it.

You can also exclude the file of mIRC from the scan. Below is a web page link that will assist you to exclude the file.
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1885

The above information will help you to resolve your issue.

Thank you for using Computer Associates Technical Support. Please contact us again if we can be of further assistance.

Regards,

Fakhruddin Khan

Computer Associates
Technical Support Team



Thanks,

Annorax64

Joined: Dec 2005
Posts: 4
A
Self-satisified door
OP Offline
Self-satisified door
A
Joined: Dec 2005
Posts: 4
Quote:

I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.


yet...

Joined: Dec 2005
Posts: 1
A
Mostly harmless
Offline
Mostly harmless
A
Joined: Dec 2005
Posts: 1
Glad to hear I'm not the only person this happened to! Booted the computer this morning, and first thing that happened, ezAntivirus deleted "mirc.exe". Put it on the "exclude" list, then re-installed mIRC. All is well again. cool

Joined: Dec 2005
Posts: 2
P
Bowl of petunias
Offline
Bowl of petunias
P
Joined: Dec 2005
Posts: 2
hello, this might not be quite the same, but i thought i would add my 2 cents rather than make a new thread.

anyway, yesterday i ran bitdefender's online scan, and it claimed that mirc.exe was infected with Backdoor.IRC.Zapchast.

mcafee hasnt found it, nor adaware. so do you think that is a false positive too? i've had mirc on my system for years and it came from the official site.

the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me??

Last edited by prettymuchanoob; 10/12/05 02:51 PM.
Joined: Aug 2004
Posts: 7,252
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Aug 2004
Posts: 7,252
That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.

Joined: Dec 2005
Posts: 2
P
Bowl of petunias
Offline
Bowl of petunias
P
Joined: Dec 2005
Posts: 2
Quote:
That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.


hello russel. was that in reply to my bitdefender scan or everyone in general?

sorry to sound dim, but what do you mean by it being a false positive due to the fact it's possible to code a script into mIRC which would allow backdoor access...? wouldnt that mean it isnt a false positive? confused

Joined: Jun 2003
Posts: 994
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Jun 2003
Posts: 994
Quote:
the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me??


Only if you clicked on a link in those chat windows, or copy/pasted something from them to your mirc command line. Unfortunately, spam like that is getting to be more and more prevalent in even chat channels lately.

RusselB's comment only means your mirc has the potential to be dangerous .. not that it is. Deleting your mirc for what it COULD do would be like scrapping your car because it COULD go 100 miles/hr thus violating speed laws in most locations. wink


I refuse to engage in a battle of wits with an unarmed person. wink
Joined: Sep 2003
Posts: 5
M
Nutrimatic drinks dispenser
Offline
Nutrimatic drinks dispenser
M
Joined: Sep 2003
Posts: 5
Dammit... this is terribly aggravating.

I am simply going to remove Bit Defender.

I am sick of moving mirc.exe and moo.dll out of quarantine after every scan. mad


Link Copied to Clipboard