mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Apr 2011
Posts: 31
E
EmoHobo Offline OP
Ameglian cow
OP Offline
Ameglian cow
E
Joined: Apr 2011
Posts: 31
Recently updated to windows 10 and started using mIRC on it, a program I have used nonstop since 2006.

Suddenly it's saying it's a Trojan:Script/Foretype.A!ml

it's deleting a bunch of files with names like

C:\Users\Name\AppData\Roaming\mIRC\mirc136393.tm_

Is this anything to be worried about? Should I stop using mIRC?

edit: I have now deleted all those files from my system, this is a legacy windows 7 machine and I wish I could of checked to see how old those where.
edit2: I reverted back to an older backup of mIRC where all that had changed was a few settings and it's all better. I'd still love to know what was causing this though.

Last edited by EmoHobo; 28/08/19 07:57 PM.
Joined: Apr 2010
Posts: 969
F
Hoopy frood
Offline
Hoopy frood
F
Joined: Apr 2010
Posts: 969
This is a false positive due to Windows Defender.

Please report such to Microsoft via Windows Feedback Hub


I am SReject
My Stuff
Joined: Dec 2002
Posts: 5,411
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,411
Which anti-virus software are you using?

If you have recently downloaded the latest version of mIRC from the official mIRC webstite and installed it on your system, this is likely due to a false-positive which usually happens when an anti-virus company updates their virus definition files without checking them properly. The result is that the anti-virus software starts incorrectly detecting some applications or files as trojans or viruses. Unfortunately this happens all the time. For example, some years ago Microsoft Security Essentials detected the Google Chrome web browser as a trojan and recommended that users delete it. You would need to contact your anti-virus software company to report the issue and to ask them for a solution. They should then correct the error in the next update of their virus definition files and should be able to tell you how to prevent their software from behaving this way in the meantime.

In addition, some anti-virus applications are more sensitive to IRC applications than others and will actively block/delete their files. You would need to add mIRC to their exclusion list to get around this. If that does not work, you would need to contact the anti-virus company for help.

You could also try uploading your mirc.exe to https://www.virustotal.com/gui/home/upload to check it.

Joined: Apr 2011
Posts: 31
E
EmoHobo Offline OP
Ameglian cow
OP Offline
Ameglian cow
E
Joined: Apr 2011
Posts: 31
Yes I'm using Windows Defender

This is the virus total upload: https://www.virustotal.com/gui/file...4e813c9de8db7411e68fc806fbfded/detection

Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
(Thread archive: The above link is reporting 0/69 detection. AKA: Clean.)


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Apr 2011
Posts: 31
E
EmoHobo Offline OP
Ameglian cow
OP Offline
Ameglian cow
E
Joined: Apr 2011
Posts: 31
So does anyone know what to make of the fact that eventually windows defender deleted the .ini file for mIRC and so I had to back up from my old settings and when I did that the problem vanished, it was no longer being detected.

Joined: Dec 2002
Posts: 5,411
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 5,411
There's no way to know for sure without looking at Window Defender's logs or asking Microsoft. It likely uses heuristics, which means that a combination of factors could trigger a particular reaction. If those factors have changed, it might no longer think the files are an issue.

Joined: Apr 2011
Posts: 31
E
EmoHobo Offline OP
Ameglian cow
OP Offline
Ameglian cow
E
Joined: Apr 2011
Posts: 31
Thanks and since my virus scans came up blank and this is just a false positive I can keep using my favorite IRC program worry free.


Link Copied to Clipboard