mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137142
08/12/05 03:49 PM
|
Joined: Dec 2005
Posts: 4
Annorax64
OP
Self-satisified door
|
OP
Self-satisified door
Joined: Dec 2005
Posts: 4 |
The latest update to the detection rules for CA eTrust EZAntivirus is detecting (probably false positive) Win32.IRCFlood trojan in mirc.exe.
It winds-up deleting mirc.exe where ever it finds it.
CA eTrust EZAntivirus info: Product Version 7.0.6.7 Engine Version 11.9.1 Virus Signature Update: 9554
I had to "snooze" EZAntivirus, add c:\program files\mirc\mirc.exe to the "ignore" list and then reinstall mIRC in order to stop EZAntivirus from deleting mirc.exe.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137143
08/12/05 04:25 PM
|
Joined: Jun 2003
Posts: 5,024
Mentality
Hoopy frood
|
Hoopy frood
Joined: Jun 2003
Posts: 5,024 |
This happens more and more, not much we can do about it, including Khaled. Best thing to do is contact the antivirus development team and tell them to stop being so overprotective and somewhat ignorant to what mIRC is.
That said, before doing so, you should be certain that you weren't indeed infected with the IRC.Flood backdoor.
Regards,
Mentality/Chris
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137144
08/12/05 04:44 PM
|
Joined: Dec 2005
Posts: 4
Annorax64
OP
Self-satisified door
|
OP
Self-satisified door
Joined: Dec 2005
Posts: 4 |
Thanks, I just submitted a request to CA to fix their detection signatures (no virus/trojan found using other manufacturer's scanning software).
Annorax64
Last edited by Annorax64; 08/12/05 04:45 PM.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137145
08/12/05 08:37 PM
|
Joined: Feb 2005
Posts: 8
zGod
Nutrimatic drinks dispenser
|
Nutrimatic drinks dispenser
Joined: Feb 2005
Posts: 8 |
i have also had problems in the past with AdAware calling mirc.exe a potential security risk. i just knew to look for it and exclude it whenever i ran the anti-spyware.
Kalsiddon.com - games, videos, music & more perfect for wen u need a break @ work or school ;-)
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137146
08/12/05 08:48 PM
|
Joined: Mar 2003
Posts: 13
donnah
Pikka bird
|
Pikka bird
Joined: Mar 2003
Posts: 13 |
I have got the same trojan...and I also have eTrust anti-virus but I dont know what you mean by "snooze" eTrust.....could you please tell me how to do that? Thanks
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137147
08/12/05 10:05 PM
|
Joined: Jun 2003
Posts: 1
scarf
Mostly harmless
|
Mostly harmless
Joined: Jun 2003
Posts: 1 |
i have performed a fresh install of mirc, and etrust antivirus v7.1 is also immediately deleteing it because it find W32.ircflood. i will also submit a report to etrust. er... where do you submit this request, Annorax64?
Last edited by scarf; 08/12/05 10:11 PM.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137148
09/12/05 12:25 AM
|
Joined: Dec 2005
Posts: 1
Anihalator
Mostly harmless
|
Mostly harmless
Joined: Dec 2005
Posts: 1 |
((( Sorry I just discovered it was my Rogers Internet Online Protection That has been deleting the mirc )))...I deleted that shiz now all is fine ....
Last edited by Anihalator; 09/12/05 12:45 AM.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137149
09/12/05 12:31 AM
|
Joined: Feb 2004
Posts: 2,019
FiberOPtics
Hoopy frood
|
Hoopy frood
Joined: Feb 2004
Posts: 2,019 |
It's something you should complain about with the authors of your adware/avg software programs, as there's no such thing as a virus/spyware/etc. in the mIRC executable, atleast if you downloaded it from the official source, being http://www.mirc.com/get.htmlIf you download mIRC which is prepacked in a script, or from other sources, there's no telling what some people with malicious intentions have done with the mirc.exe. Khaled can't do anything to prevent this, it's those scanners that are incorrectly detecting mIRC as malicious software. If it's anything of a decent scanner, you should be able to put mIRC on some sort of exception list, otherwise maybe it's time to look for a better scanner.
Gone.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137150
09/12/05 12:34 AM
|
Joined: Jan 2003
Posts: 249
ClickHeRe
Fjord artisan
|
Fjord artisan
Joined: Jan 2003
Posts: 249 |
when enough people complain at their favorite adware/spyware/abti-virus company on bogus stuff being deleted automatically, they might do something about it.
They are only quick to jump the boat. Maybe you can configure your program to let the mIRC.exe excluded, but that poses a risk if another exe of the same name comes in.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137151
09/12/05 12:57 AM
|
Joined: Oct 2005
Posts: 7
drahnier
Nutrimatic drinks dispenser
|
Nutrimatic drinks dispenser
Joined: Oct 2005
Posts: 7 |
Yeah it does this to me, too. Just started tonight.
It did a similar thing a few months ago, except that was with some .ini file in the mirc directory, and that was resolved after a few days. This is worse because now it actually started deleting mirc.exe, forcing me to reinstall mirc.
I'm getting rid of this virus program because it obviously sucks, and i wouldn't want it to start finding non-existant viruses in any more important files, and deleting them too. That could screw up the entire computer.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137152
09/12/05 01:29 AM
|
Joined: Aug 2004
Posts: 7,252
RusselB
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
I'm using the most up-to-date version of Symantec's Norton Anti-virus, and have been using it (updating as updates have become available) since 2002.
I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137153
09/12/05 02:14 AM
|
Joined: Mar 2003
Posts: 13
donnah
Pikka bird
|
Pikka bird
Joined: Mar 2003
Posts: 13 |
could someone please tell me how to put mirc on ignore list in eTrust...I don't see any ignore list...Thanks in advance
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137154
09/12/05 03:28 PM
|
Joined: Dec 2005
Posts: 4
Annorax64
OP
Self-satisified door
|
OP
Self-satisified door
Joined: Dec 2005
Posts: 4 |
OK, I heard back from CA. They have fixed their mistake. Follow the these instructions and EZAntivirus should stop deleting mirc.exe: Thank you for contacting Computer Associates Technical Support. From your e-mail, I understand that EZ Antivirus is detecting mIRC as virus because of you are not able to use it. We sincerely apologize the inconvenience caused to you. To resolve the issue, I request you to perform the steps given below. 1. Update EZ Antivirus and run a thorough scan. 2. After the scan gets complete uninstall mIRC. 3. Download a fresh copy of mIRC and then install it. You can also exclude the file of mIRC from the scan. Below is a web page link that will assist you to exclude the file. http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1885The above information will help you to resolve your issue. Thank you for using Computer Associates Technical Support. Please contact us again if we can be of further assistance. Regards, Fakhruddin Khan Computer Associates Technical Support Team Thanks, Annorax64
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137155
09/12/05 03:29 PM
|
Joined: Dec 2005
Posts: 4
Annorax64
OP
Self-satisified door
|
OP
Self-satisified door
Joined: Dec 2005
Posts: 4 |
I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.
yet...
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137156
09/12/05 05:31 PM
|
Joined: Dec 2005
Posts: 1
Albert71292
Mostly harmless
|
Mostly harmless
Joined: Dec 2005
Posts: 1 |
Glad to hear I'm not the only person this happened to! Booted the computer this morning, and first thing that happened, ezAntivirus deleted "mirc.exe". Put it on the "exclude" list, then re-installed mIRC. All is well again. 
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137157
10/12/05 01:10 PM
|
Joined: Dec 2005
Posts: 2
prettymuchanoob
Bowl of petunias
|
Bowl of petunias
Joined: Dec 2005
Posts: 2 |
hello, this might not be quite the same, but i thought i would add my 2 cents rather than make a new thread.
anyway, yesterday i ran bitdefender's online scan, and it claimed that mirc.exe was infected with Backdoor.IRC.Zapchast.
mcafee hasnt found it, nor adaware. so do you think that is a false positive too? i've had mirc on my system for years and it came from the official site.
the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me??
Last edited by prettymuchanoob; 10/12/05 02:51 PM.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137158
10/12/05 05:58 PM
|
Joined: Aug 2004
Posts: 7,252
RusselB
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137159
10/12/05 09:52 PM
|
Joined: Dec 2005
Posts: 2
prettymuchanoob
Bowl of petunias
|
Bowl of petunias
Joined: Dec 2005
Posts: 2 |
That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer. hello russel. was that in reply to my bitdefender scan or everyone in general? sorry to sound dim, but what do you mean by it being a false positive due to the fact it's possible to code a script into mIRC which would allow backdoor access...? wouldnt that mean it isnt a false positive? 
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood tro
#137160
11/12/05 03:12 PM
|
Joined: Jun 2003
Posts: 994
CtrlAltDel
Hoopy frood
|
Hoopy frood
Joined: Jun 2003
Posts: 994 |
the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me?? Only if you clicked on a link in those chat windows, or copy/pasted something from them to your mirc command line. Unfortunately, spam like that is getting to be more and more prevalent in even chat channels lately. RusselB's comment only means your mirc has the potential to be dangerous .. not that it is. Deleting your mirc for what it COULD do would be like scrapping your car because it COULD go 100 miles/hr thus violating speed laws in most locations. 
I refuse to engage in a battle of wits with an unarmed person.
|
|
|
Re: mirc.exe v 6.16 infected with W32.IRCFlood trojan?
#137161
23/12/05 03:23 PM
|
Joined: Sep 2003
Posts: 5
MrBucket
Nutrimatic drinks dispenser
|
Nutrimatic drinks dispenser
Joined: Sep 2003
Posts: 5 |
Dammit... this is terribly aggravating. I am simply going to remove Bit Defender. I am sick of moving mirc.exe and moo.dll out of quarantine after every scan. 
|
|
|
|
|