mIRC Home    About    Download    Register    News    Help

Print Thread
Joined: Dec 2002
Posts: 9
Y
yodaddi Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
Y
Joined: Dec 2002
Posts: 9
Stop this [censored] [censored] Laming Virus BackDoor Thing You Bitch. If You Think You are not doing this BackDoor things then You Must type ( /unload -rs Ä ) Now to Remove Virus in your Computer ! Because You are Auto Sending Message to type a command with will set BackDoor in User Computer. and here's another one:
Your IRC script msg'd me with a "$decode" mIRC Infection. You must have typed a ".write" or "$decode" command to get infected. Please go to the NOHACK channel on DalNET for assistance in removing this infection. ( « Ë×Çü®§îöñ » )

people are accusing me of this. i don't know why. this could be why i'm getting banned from the channels that i want to stay in. any solutions? i appreciate it.

Last edited by yodaddi; 03/01/03 03:08 AM.
Joined: Dec 2002
Posts: 1,321
H
Hoopy frood
Offline
Hoopy frood
H
Joined: Dec 2002
Posts: 1,321
Open mIRC.

Type: /server kernel-c.dal.net -j #NoHack

Tell them Hammer sent you. cool


DALnet: #HelpDesk and #m[color:#FF0000]IR[color:#EEEE00]C
Joined: Dec 2002
Posts: 329
Fjord artisan
Offline
Fjord artisan
Joined: Dec 2002
Posts: 329
or click here <a href="irc://dalnet/NoHack" target="_blank">irc://dalnet/NoHack</a> wink

Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
The sad thing about that kick reason is that Ä is not the only file that can produce the auto-advertising that you could be sending. There is also server.ini (not to be confused with servers.ini which is a proper mIRC file), aliases.ini (in some cases, not all - Pays to know your script here!), script.ini, (again, know your script!), - (no file extension, just the dash as a file name), and a few others.

It pays to know what files you normally have in your mIRC directory. It also pays not to visit websites that get advertised on IRC as this is how you would have picked up the file to begin with. Some websites can shift a file called rol.vbs to your machine which rewrites itself to your mIRC directory where-ever it is, it doesn't need to be on C:\mIRC. There's a few different versions of rol.vbs. Some just make your script an adbot (as it appears yours has) and other versions also add a warbot to your script which can be used to DDoS an IRC server. You'll never know you are doing either of these things until you get told because all the inputs are prefixed with a full stop which stops them being echoed to your screen.

Where I chat, we don't often get this problem, hence the lack of a dedicated room aimed at virus removal techniques. On the odd occasion that someone does get infected we place the URL or part of it in the IRCd's swearfilter so it looks like this...

http://www.*********.com/******/**********.htm (Swearfilter puts stars in place of the words)

...and then we write a formal complaint to the webhost which results in the site's removal inside 24 hrs.

How can I prevent this happening to me? The most common way is visiting advertised websites. Most official IRC/channel websites can universally be trusted but anything news, porn or sex related, steer clear of it. Avoid it like the plague.

One other thing you should do too is have anti-virus software. Most brands will pick up files like rol.vbs as you download them and this is the best way to remove those files before they do any damage.


Link Copied to Clipboard