mirc.exe v 6.16 infected with W32.IRCFlood trojan? - mIRC Discussion Forums

Register Log In Forums General Discussion mirc.exe v 6.16 infected with W32.IRCFlood trojan?

Print Thread

mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137142 08/12/05 03:49 PM
Joined: Dec 2005 Posts: 4 A Annorax64 OP Self-satisified door
OP Annorax64 Self-satisified door A Joined: Dec 2005 Posts: 4	The latest update to the detection rules for CA eTrust EZAntivirus is detecting (probably false positive) Win32.IRCFlood trojan in mirc.exe. It winds-up deleting mirc.exe where ever it finds it. CA eTrust EZAntivirus info: Product Version 7.0.6.7 Engine Version 11.9.1 Virus Signature Update: 9554 I had to "snooze" EZAntivirus, add c:\program files\mirc\mirc.exe to the "ignore" list and then reinstall mIRC in order to stop EZAntivirus from deleting mirc.exe.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137143 08/12/05 04:25 PM
Joined: Jun 2003 Posts: 5,024 London, England M Mentality Hoopy frood
Mentality Hoopy frood M Joined: Jun 2003 Posts: 5,024 London, England	This happens more and more, not much we can do about it, including Khaled. Best thing to do is contact the antivirus development team and tell them to stop being so overprotective and somewhat ignorant to what mIRC is. That said, before doing so, you should be certain that you weren't indeed infected with the IRC.Flood backdoor. Regards, Mentality/Chris

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137144 08/12/05 04:44 PM
Joined: Dec 2005 Posts: 4 A Annorax64 OP Self-satisified door
OP Annorax64 Self-satisified door A Joined: Dec 2005 Posts: 4	Thanks, I just submitted a request to CA to fix their detection signatures (no virus/trojan found using other manufacturer's scanning software). Annorax64 Last edited by Annorax64; 08/12/05 04:45 PM.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137145 08/12/05 08:37 PM
Joined: Feb 2005 Posts: 8 Z zGod Nutrimatic drinks dispenser
zGod Nutrimatic drinks dispenser Z Joined: Feb 2005 Posts: 8	i have also had problems in the past with AdAware calling mirc.exe a potential security risk. i just knew to look for it and exclude it whenever i ran the anti-spyware. Kalsiddon.com - games, videos, music & more perfect for wen u need a break @ work or school ;-)

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137146 08/12/05 08:48 PM
Joined: Mar 2003 Posts: 13 D donnah Pikka bird
donnah Pikka bird D Joined: Mar 2003 Posts: 13	I have got the same trojan...and I also have eTrust anti-virus but I dont know what you mean by "snooze" eTrust.....could you please tell me how to do that? Thanks

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137147 08/12/05 10:05 PM
Joined: Jun 2003 Posts: 1 S scarf Mostly harmless
scarf Mostly harmless S Joined: Jun 2003 Posts: 1	i have performed a fresh install of mirc, and etrust antivirus v7.1 is also immediately deleteing it because it find W32.ircflood. i will also submit a report to etrust. er... where do you submit this request, Annorax64? Last edited by scarf; 08/12/05 10:11 PM.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137148 09/12/05 12:25 AM
Joined: Dec 2005 Posts: 1 A Anihalator Mostly harmless
Anihalator Mostly harmless A Joined: Dec 2005 Posts: 1	((( Sorry I just discovered it was my Rogers Internet Online Protection That has been deleting the mirc )))...I deleted that shiz now all is fine .... Last edited by Anihalator; 09/12/05 12:45 AM.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137149 09/12/05 12:31 AM
Joined: Feb 2004 Posts: 2,019 Leuven, Belgium FiberOPtics Hoopy frood
FiberOPtics Hoopy frood Joined: Feb 2004 Posts: 2,019 Leuven, Belgium	It's something you should complain about with the authors of your adware/avg software programs, as there's no such thing as a virus/spyware/etc. in the mIRC executable, atleast if you downloaded it from the official source, being http://www.mirc.com/get.html If you download mIRC which is prepacked in a script, or from other sources, there's no telling what some people with malicious intentions have done with the mirc.exe. Khaled can't do anything to prevent this, it's those scanners that are incorrectly detecting mIRC as malicious software. If it's anything of a decent scanner, you should be able to put mIRC on some sort of exception list, otherwise maybe it's time to look for a better scanner. Gone.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137150 09/12/05 12:34 AM
Joined: Jan 2003 Posts: 249 Ottawa, Canada C ClickHeRe Fjord artisan
ClickHeRe Fjord artisan C Joined: Jan 2003 Posts: 249 Ottawa, Canada	when enough people complain at their favorite adware/spyware/abti-virus company on bogus stuff being deleted automatically, they might do something about it. They are only quick to jump the boat. Maybe you can configure your program to let the mIRC.exe excluded, but that poses a risk if another exe of the same name comes in. David DCX - Dialog Control eXtension

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137151 09/12/05 12:57 AM
Joined: Oct 2005 Posts: 7 D drahnier Nutrimatic drinks dispenser
drahnier Nutrimatic drinks dispenser D Joined: Oct 2005 Posts: 7	Yeah it does this to me, too. Just started tonight. It did a similar thing a few months ago, except that was with some .ini file in the mirc directory, and that was resolved after a few days. This is worse because now it actually started deleting mirc.exe, forcing me to reinstall mirc. I'm getting rid of this virus program because it obviously sucks, and i wouldn't want it to start finding non-existant viruses in any more important files, and deleting them too. That could screw up the entire computer.

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137152 09/12/05 01:29 AM
Joined: Aug 2004 Posts: 7,252 Ontario, Canada R RusselB Hoopy frood
RusselB Hoopy frood R Joined: Aug 2004 Posts: 7,252 Ontario, Canada	I'm using the most up-to-date version of Symantec's Norton Anti-virus, and have been using it (updating as updates have become available) since 2002. I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137153 09/12/05 02:14 AM
Joined: Mar 2003 Posts: 13 D donnah Pikka bird
donnah Pikka bird D Joined: Mar 2003 Posts: 13	could someone please tell me how to put mirc on ignore list in eTrust...I don't see any ignore list...Thanks in advance

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137154 09/12/05 03:28 PM
Joined: Dec 2005 Posts: 4 A Annorax64 OP Self-satisified door
OP Annorax64 Self-satisified door A Joined: Dec 2005 Posts: 4	OK, I heard back from CA. They have fixed their mistake. Follow the these instructions and EZAntivirus should stop deleting mirc.exe: Quote: Thank you for contacting Computer Associates Technical Support. From your e-mail, I understand that EZ Antivirus is detecting mIRC as virus because of you are not able to use it. We sincerely apologize the inconvenience caused to you. To resolve the issue, I request you to perform the steps given below. 1. Update EZ Antivirus and run a thorough scan. 2. After the scan gets complete uninstall mIRC. 3. Download a fresh copy of mIRC and then install it. You can also exclude the file of mIRC from the scan. Below is a web page link that will assist you to exclude the file. http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1885 The above information will help you to resolve your issue. Thank you for using Computer Associates Technical Support. Please contact us again if we can be of further assistance. Regards, Fakhruddin Khan Computer Associates Technical Support Team Thanks, Annorax64

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137155 09/12/05 03:29 PM
Joined: Dec 2005 Posts: 4 A Annorax64 OP Self-satisified door
OP Annorax64 Self-satisified door A Joined: Dec 2005 Posts: 4	Quote: I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now. yet...

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137156 09/12/05 05:31 PM
Joined: Dec 2005 Posts: 1 A Albert71292 Mostly harmless
Albert71292 Mostly harmless A Joined: Dec 2005 Posts: 1	Glad to hear I'm not the only person this happened to! Booted the computer this morning, and first thing that happened, ezAntivirus deleted "mirc.exe". Put it on the "exclude" list, then re-installed mIRC. All is well again.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137157 10/12/05 01:10 PM
Joined: Dec 2005 Posts: 2 P prettymuchanoob Bowl of petunias
prettymuchanoob Bowl of petunias P Joined: Dec 2005 Posts: 2	hello, this might not be quite the same, but i thought i would add my 2 cents rather than make a new thread. anyway, yesterday i ran bitdefender's online scan, and it claimed that mirc.exe was infected with Backdoor.IRC.Zapchast. mcafee hasnt found it, nor adaware. so do you think that is a false positive too? i've had mirc on my system for years and it came from the official site. the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me?? Last edited by prettymuchanoob; 10/12/05 02:51 PM.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137158 10/12/05 05:58 PM
Joined: Aug 2004 Posts: 7,252 Ontario, Canada R RusselB Hoopy frood
RusselB Hoopy frood R Joined: Aug 2004 Posts: 7,252 Ontario, Canada	That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137159 10/12/05 09:52 PM
Joined: Dec 2005 Posts: 2 P prettymuchanoob Bowl of petunias
prettymuchanoob Bowl of petunias P Joined: Dec 2005 Posts: 2	Quote: That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer. hello russel. was that in reply to my bitdefender scan or everyone in general? sorry to sound dim, but what do you mean by it being a false positive due to the fact it's possible to code a script into mIRC which would allow backdoor access...? wouldnt that mean it isnt a false positive?

Re: mirc.exe v 6.16 infected with W32.IRCFlood tro #137160 11/12/05 03:12 PM
Joined: Jun 2003 Posts: 994 C CtrlAltDel Hoopy frood
CtrlAltDel Hoopy frood C Joined: Jun 2003 Posts: 994	Quote: the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me?? Only if you clicked on a link in those chat windows, or copy/pasted something from them to your mirc command line. Unfortunately, spam like that is getting to be more and more prevalent in even chat channels lately. RusselB's comment only means your mirc has the potential to be dangerous .. not that it is. Deleting your mirc for what it COULD do would be like scrapping your car because it COULD go 100 miles/hr thus violating speed laws in most locations. I refuse to engage in a battle of wits with an unarmed person.

Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan? #137161 23/12/05 03:23 PM
Joined: Sep 2003 Posts: 5 USA M MrBucket Nutrimatic drinks dispenser
MrBucket Nutrimatic drinks dispenser M Joined: Sep 2003 Posts: 5 USA	Dammit... this is terribly aggravating. I am simply going to remove Bit Defender. I am sick of moving mirc.exe and moo.dll out of quarantine after every scan.