mIRC Home    About    Download    Register    News    Help

Topic Options
#169202 - 20/01/07 07:12 AM Very high CPU usage
Cristanu9 Offline
Self-satisified door

Registered: 20/01/07
Posts: 3
Hi,

The computer started recently to act very sluggish, 100% CPU usage every once in a while...

I've narrowed the problem to the following:
Recently installed mIRC version 6.21.00 if used in conjunction with IE7 browsing makes explorer.exe use 100% of CPU every once in a while. The culprit inside explorer.exe that uses 100% CPU is " ntdll.dll!RtlAllocateHeap+0x18c ".

This only happens if I use mIRC.

I'd really appreciate any insight on what needs to be done in order to fix this problem, I really like the mIRC client!

System is a WinXP SP2 Home, Pentium 4 2gHz with 1gb of ram.


Thank you,
Cristanu

Top
#169207 - 20/01/07 09:24 AM Re: Very high CPU usage [Re: Cristanu9]
RusselB Offline
Planetary brain

Registered: 03/08/04
Posts: 7252
Loc: Ontario, Canada
This type of thing has been reported before, with almost all versions at one time or another. The big problem is the fact that the specific conditions that get the 100% CPU usage are rare and almost impossible to duplicate on a regular basis.

I found that installing IE7 after mIRC, rather than the other way around, made a difference, but I guarantee nothing.

Top
#169279 - 20/01/07 09:50 PM Re: Very high CPU usage [Re: RusselB]
Cristanu9 Offline
Self-satisified door

Registered: 20/01/07
Posts: 3
Thanks for the help.

I'm not sure what exactly is going on, if it's something to do with mIRC itself or something else:

Vba32Scanner found a " Backdoor.IRC.Cloner.ae#2 " inside the mirc.ini file.

Is it possible for a virus/trojan to spread trough an irc chat room without downloading any file or clicking any link?
All the settings are set to default as it was set by the mIRC installation.

Cristanu

Top
#169286 - 21/01/07 12:51 AM Re: Very high CPU usage [Re: Cristanu9]
Riamus2 Offline
Planetary brain

Registered: 13/10/04
Posts: 8327
Loc: NC, USA
If you don't download anything and don't click links, you won't get any trojans. However, you could get something from browsing the internet or downloading/running other things that will latch onto any mirc installation.
_________________________
Invision Support
#Invision on irc.irchighway.net

Top
#169367 - 22/01/07 05:17 AM Re: Very high CPU usage [Re: Riamus2]
Cristanu9 Offline
Self-satisified door

Registered: 20/01/07
Posts: 3
Thank you for the help, I really appreciate it.

Everytime I run mIRC it creates the mirc.ini file which is then found to be trojan infected by the a/v program.

After a fresh delete of the mirc.ini file, mIRC won't create that high CPU hog while IE7 is running and browsing.

I hope it's ok to post the content of the mirc.ini file, hopefully someone can see if there is something that shouldn't be there - From a site that describes the IRC.cloner trojan, they list the whole file "mirc.ini" as a possible reason...




[dirs]
logdir=logs\
waves=sounds\
midis=sounds\
mp3s=sounds\
wmas=sounds\
oggs=sounds\
[options]
n0=0,0,0,1,0,0,300,0,0,0,1,0,0,0,0,0,1,0,0,0,4096,0,1,0,0,0,1,1,0,50,1,0,0,1,0
n1=5,100,0,0,0,0,0,0,0,1,0,1,0,0,1,1,1,1,0,0,1,1,1,0,5,0,0,0,0,0,1,0,0,0,1,10
n2=0,1,0,1,1,1,1,1,0,60,120,0,0,1,0,0,1,1,0,120,20,10,0,1,1,0,0,1,0,0,0,0,0,0,1,0
n3=5000,0,0,0,0,0,1,1,0,1,0,1,0,0,1,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,3,180,0,0,0,0
n4=1,0,1,0,0,3,9999,0,0,1,1,0,1024,1,1,99,60,0,0,1,1,1,1,0,1,5000,1,5,0,0,3,0,1,1,0,0,1
n5=1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,0,1,0,300,30,10,0,1,29,0,0,1,8192,1,0,0,115,0,1,0,0
n6=0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,0,0,0,100,1,1,0,0,1,0,0,4,1,0,1,0,0
n7=1,0,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,70,0,3,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,0,1
n8=1,2,0,168,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0
[about]
version=6.21
[ident]
active=yes
userid=Cristanu
system=UNIX
port=113
[socks]
enabled=no
port=1080
method=4
dccs=no
useip=yes
[language]
sjis=0
multibyte=0
mbed=0
utf=1
linking=1
[clicks]
status=/lusers
query=/whois $$1
channel=/channel
nicklist=/query $$1
notify=/whois $$1
message=/whois $$1
[dde]
ServerStatus=on
ServiceName=mIRC
CheckName=off
[marker]
show=off
size=3
colour=4
method=1
[text]
defport=6667
commandchar=/
linesep=-
timestamp=[HH:nn]
logstamp=[HH:nn]
accept=*.jpg,*.gif,*.png,*.bmp,*.txt,*.log,*.wav,*.mid,*.mp3,*.wma,*.ogg,*.zip
ignore=*.exe,*.com,*.bat,*.dll,*.ini,*.mrc,*.vbs,*.js,*.pif,*.scr,*.lnk,*.pl,*.shs,*.htm,*.html,*.wmf
theme=mIRC Classic
network=Undernet
[warn]
dcc=on
fserve=on
[dccserver]
n0=0,59,0,0,0,0
[agent]
enable=0,0,0
char=merlin.acs
lang=0x0409
options=1,1,1,100,0
speech=150,60,100,1,180,10,50,1,1,1,0,50,1
channel=1,1,1,1,1,1,1,1,1
private=1,1,1,1
other=1,1,1,1,1,1,1,0
pos=20,20
[mirc]
user=Cristanu
nick=Cristanu
host=Random serverSERVER:irc.undernet.com:6669GROUP:Undernet
email=Cristanu@nospam.com
[files]
servers=servers.ini
finger=finger.txt
urls=urls.ini
addrbk=addrbk.ini
[styles]
thin=1
font=1
color=default
size=2
buttons=0
[windows]
main=160,960,71,852,0,1,0
wchannel=87,791,159,555,0,1,0
wlist=-1,791,-1,555,0,1,0
[pfiles]
n0=popups.ini
n1=popups.ini
n2=popups.ini
n3=popups.ini
n4=popups.ini
[ports]
dcc=1
other=0
random=off
bind=off
[ssl]
show=1
[waves]
connect=No Sound
[dragdrop]
n0=*.wav:/sound $1 $2-
n1=*.*:/dcc send $1 $2-
s0=*.*:/dcc send $1 $2-
[extensions]
n0=defaultEXTDIR:download\
n1=*.wav,*.mid,*.mp3,*.wma,*.oggEXTDIR:sounds\
[channelslist]
last=Financialchat.txt
[colors]
n0=mIRC Classic,0,6,4,5,2,3,3,3,3,3,3,1,5,7,6,1,3,2,3,5,1,0,1,0,1,15,6,0
n1=mIRC Modern,0,6,4,7,2,3,4,3,3,3,3,1,5,2,6,1,14,2,3,5,1,0,1,0,1,14,5,0
n2=Monochrome State,1,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,15,1,15,1,15,15,15,14,1,15
n3=Placid Hues,0,2,4,7,2,3,3,3,3,15,3,1,5,7,6,1,3,2,3,5,1,0,1,0,1,15,6,0
n4=Rainbow Sky,0,7,4,5,1,1,3,3,8,13,3,14,2,7,13,5,3,8,3,4,14,0,5,0,3,14,10,0
[palettes]
n0=16777215,0,8323072,37632,255,127,10223772,32764,65535,64512,9671424,16776960,16515072,16711935,8355711,13816530
n1=16777215,0,11010048,3299627,240,4737160,8388720,26832,1632504,57344,94740,16776960,16515072,16711935,8355711,13816530
n2=16777215,0,8323072,37632,255,127,10223772,32764,65535,64512,9671424,16776960,16515072,16711935,8355711,13816530
n3=15658734,0,12140,1508038,255,10964547,6579262,33023,65535,4227072,9474048,9920537,16711680,16711935,6579300,8553090
n4=16777215,3618615,12087408,16744448,255,32764,65535,43008,9671424,16776960,16515072,16711935,8355711,16711808,8355711,13816530
[afiles]
n0=aliases.ini
[rfiles]
n0=remote.ini
n1=remote.ini

Top
#169381 - 22/01/07 01:06 PM Re: Very high CPU usage [Re: Cristanu9]
Khaled Offline


Planetary brain

Registered: 04/12/02
Posts: 4297
Loc: London, UK
This usually means that your anti-virus software is incorrectly thinking that your mirc.ini file is part of a trojan/virus and is trying to prevent it from being created/used by mIRC. This is called a "false positive" detection and should be reported to your anti-virus company as incorrect behaviour by their software.

Top