That link redirects to a rapidshare downlad of "Serial Searcher 2000.exe" This file
IS DEFINITELY A VIRUS!"Serial Searcher 2000.exe" installs (amongst other things) a file called 'regmon.exe' in "%WinDir%\system32\drivers\"
Regmon.exe contains in plain text the code your finding in security.mrc (as well as the filename). It's started every time you boot/restart your PC, via [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
as
"Registry Monitor"="C:\\WINDOWS\\system32\\drivers\\regmon.exe"
(Obviously "C;\Windows\" is realtive to the machine)There is also other files added, some deleted, some attributes altered, other regkeys added and/or altered, but that seems to be the main culprit
as far as the writing of mIRC scriptcode goes.
FWIW:
Nod32 picked this up and quarantined it
before I could run/install it, and appears to clean it after ignoring the warning and restoring from quarantine and then running it.
After rebooting (needed), it appears to be cleaned. (I can't be totally sure of that though, my limited testing was done in a sandboxed environment)
Note: regmon.exe is also the name of a legitimate progrom, but the
legit version would not likely be in the system32\drivers directory.