|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
Hello, Please forgive me if i have posted this in the incorrect forum. I have mirc version 6.21 which is paid for so no problems there. Now my problem is this, If i start up mirc then start using it. My firewall Online Armour flags the program straight away telling me that this program is logging my key strokes. Is this normal ?
Should i be worried ?
Is this a normal function of mirc ?So what i have done is instruct the firewall to block all keystroke logging by mirc. But this has greatly reduced the functionality i now have with mirc, ie: i can not copy or paste messeges etc, & Ctrl + K does not work so no colors. I have to manually put in my passes instead of quickly copying them from notepad like i used to etc.On my pc mirc is the only program that my firewall has flagged me on as logging key strokes. My pc is XP Pro Service pack 3. Has been freshly formatted with a clean reinstall recently. Currently using Avast AV "paid ver", Spybot Search & Destroy, Javacool's SpywareBlaster & Tall Emu's Online Armout Firewall "Paid ver". Please help me
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
In general this sounds like something you should be contacting your AV software tech support about. mIRC is not a keylogger, if the AV thinks it is its probably a false positive. An easy way to check is:
in mIRC type //echo -a $md5($mircexe,2) $script(0) $dll(0) $version $os
Report the results here
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
Thank you for helping argv0, Here is what it reported: 52f9f2101923e84dd146fd1058d97b60 4 0 6.21 XPHope this helps.
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
I'm not sure about the $md5 number, but the fact that you have 4 scripts running, to me, indicates that you might want to unload those scripts and see if you still get the same response from your av/firewall. As a sidenote, upgrading to the latest version (6.35) is always recommended, and your registration information will transfer to the updated version automatically. You can get the latest version here
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
This seems normal to me. I'm guessing the AV is reporting a false positive for mIRC. This is something you should take up with your AV vendor's support techs/forums- they would have a better explanation as to why this is the case and hopefully a way to fix it. As long as you have that AV software running, there's little we can suggest. To answer your questions in full, however:
Is this normal?
No, AV software should generally not call a chat client a keylogger. This either means the client is compromised OR it's a false positive. In my opinion I can conclude with fair certainty that the case is the latter.
Should I be worried?
If it's a false positive you should not really be worried. If I were you, I'd be more worried about the loss of functionality due to my AV diagnosing my system incorrectly.
Is this a normal function of mIRC?
It is not a functiona of mIRC at all, normal or otherwise. mIRC is not a keylogger. If the client was compromised, however, it could be made into one-- but again, this goes back to question 1.
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
Thank you both for helping me. I have upgraded to ver 6.35 and my registration carried accross, i did the same test again as above with these results. 2f63a83968f9586fe4fb48134253619c 4 0 6.35 XPI disabled the keylogger prompt in the firewall & i started mirc 6.35 i logged in and i can type words as i could before BUT the moment i try to copy something a command or pass etc from notepad the FireWalls KeyLogger kicked in prompting me to block it. So i blocked it to remain safe. I will now go to the firewall vendor and ask for assistance, the 4 scripts that are running within mirc were done by somebody deemed reputable on irc "a friend" these scripts make life much easier.If need be i will send the Firewall vendor my entire script as to make sure that it is a false positive. Anyway i hope you may be able to glean something from my latest result bolded. When i tried to copy then paste this to save me from typing it in the firewall antikeylogger activated and would not allow the paste into mirc, so i typed it in manually. >>> //echo -a $md5($mircexe,2) $script(0) $dll(0) $version $os New Result: at ver 6.35 2f63a83968f9586fe4fb48134253619c 4 0 6.35 XPAlso i will get one of our stations IT guys to have a look at it as well. Thank you very much for all your help, i will keep you posted on the outcome, PS: If you have any more ideas then please feel free to post them
Last edited by Coldfront; 11/05/09 05:45 AM.
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
This sounds like a false positive to me. Unless //echo -a $com(0) is reporting something other than 0, mIRC is unable to perform any keylogging without dlls/coms running, so it really can't be due to a compromised client. The md5 matches up with the correct value for 6.35, so for all intensive purposes mIRC is running perfectly normally.
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
|
|
|
|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
By dlls/coms are you referring to DCOM ? in case it is then my DCOM is turned off Disabled & my port 135 is closed
|
|
|
|
Joined: Oct 2003
Posts: 3,918
Hoopy frood
|
Hoopy frood
Joined: Oct 2003
Posts: 3,918 |
No, DLL and COM are two separate technologies to perform similar tasks.
- argv[0] on EFnet #mIRC - "Life is a pointer to an integer without a cast"
|
|
|
|
Joined: Nov 2006
Posts: 1,559
Hoopy frood
|
Hoopy frood
Joined: Nov 2006
Posts: 1,559 |
I was only worried that perhaps one of the 4 scripts that are loaded & currently running may be the cause. I prefer to choose caution every time. Apart from a clean test installation (with no custom scripts loaded), and as there are no dlls involved, you could disable the processing of your 4 scripts temporarily, with the command: The issue shouldn't be caused by your scripts if "complaining" at copy-paste operations recurs after you did this. Just remember to to re-enable the processing of the scripts after the test, with: "/remote on"
|
|
|
|
Joined: May 2009
Posts: 6
Nutrimatic drinks dispenser
|
OP
Nutrimatic drinks dispenser
Joined: May 2009
Posts: 6 |
I was only worried that perhaps one of the 4 scripts that are loaded & currently running may be the cause. I prefer to choose caution every time. Apart from a clean test installation (with no custom scripts loaded), and as there are no dlls involved, you could disable the processing of your 4 scripts temporarily, with the command: The issue shouldn't be caused by your scripts if "complaining" at copy-paste operations recurs after you did this. Just remember to to re-enable the processing of the scripts after the test, with: "/remote on" Horstl, Thank you so much, the remote command is definitley going to be VERY helpfull. That should put matters to rest once i test it.
Sheeeesh you guy's really know your stuff.
Dunkou PS: Horstl, You may be an Old hand, but to me you are the Master of mIRC!!!!!
|
|
|
|
|