mIRC Home    About    Download    Register    News    Help

Print Thread
#65872 29/12/03 05:22 PM
Joined: Dec 2003
Posts: 5
R
rents Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
R
Joined: Dec 2003
Posts: 5
I ran an online antivirus -http://housecall.trendmicro.com/housecall/start_corp.asp
and it detects a virus while mIRC 5.9 is running and deletes mirc32.exe. The virus is called malware.bkdr_random.k.
I tried running mIRCv6.03 while running the AV and nothing happens. Does anyone know what's up with this? Thanks in advance.

#65873 29/12/03 05:41 PM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
Did you set the same directory for v6.03 that you had for 5.9? If it's a different directory it's possible the virus doesn't affect mIRC in different folders.

Either way, you should have upgraded to version 6.12 by now.

The Trendmicro virus scanner does not remove a virus, so I suggest you download a good free virus scanner (personally, I recommend AVG) and run a full system scan. That should safely remove your virus. To be sure it has, run the Trendmicro one after running a full system scan with AVG.

5.9 has a serious buffer overflow exploit, and 6.0 > 6.11 have a serious DCC exploit, therefore, I strongly suggest you upgrade.

I also suggest that in future, you do not:

- Download files off of other users without trusting them (this includes XDCC files etc).

- Go to any websites which are advertised to you.

- Let other people use your computer without knowing what they are doing, especially if they use IRC.

Good luck smile

Regards,


Mentality/Chris
#65874 29/12/03 05:44 PM
Joined: Dec 2003
Posts: 5
R
rents Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
R
Joined: Dec 2003
Posts: 5
I tried now testing it out with mIRCv5.91 and it detects the following virus: worm_thrax.a

I have installed v6.12 and no virus was detected. The weird thing is that some friends of mine ran the online scan while using v5.9 and v5.91 and no virus was detected.

#65875 29/12/03 06:58 PM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
Indeed, it has nothing to do with the mIRC version you use, *you* have an infection on *your* computer. Why it is only affecting mIRC 5.9x I don't know, however, AVG should remove it from your system, and you should be using 6.12 anyway.

Regards,


Mentality/Chris
#65876 30/12/03 12:23 AM
Joined: Dec 2003
Posts: 5
R
rents Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
R
Joined: Dec 2003
Posts: 5
That's weird considering the fact NAV is constantly running. Also, I received the exe file of mircv5.91 via email and put it in a new folder and ran it. Then I ran the scan and it detected another virus called: worm_thrax.a.

#65877 30/12/03 12:40 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
A recent finding of mine has been that despite having to pay ridiculous amounts of money to keep NAV registered, it doesn't catch as many worms or viruses as AVG does. I have them both running, and earlier I (deliberately) visited a virus infected URL - AVG alerted me of a backdoor being placed in my Documents and Settings folder...NAV (with Auto Protect enabled) did not.

Anyway, if you receive an .exe file via any form, particuarly by IRC or email, you should be caution, and if it is from someone you don't know, delete it straight away without opening it.

My previous posts still apply smile

Regards,


Mentality/Chris
#65878 30/12/03 12:57 AM
Joined: Jun 2003
Posts: 384
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Jun 2003
Posts: 384
You should never run two AV products at the same time, ditto firewalls, as they can interfere with each other's operation crazy

#65879 30/12/03 01:46 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
I used to run one without the other, but I've heard of several people who do so, so I decided to try it out - thus far, no problems.

I have never and intend to never run two firewalls at the same time.

Regards,


Mentality/Chris
#65880 30/12/03 02:39 AM
Joined: Dec 2003
Posts: 5
R
rents Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
R
Joined: Dec 2003
Posts: 5
I ran AVG 6.0 and it didn't detect anything. I'm an oper on an irc network and I am aware of mirc exploits and the like. Anyway, I know NAV sometimes doesn't detect things other AV software detect. That's why I decided to give AVG a try. I also run ad-aware and spybot which supposedly also detect malware but they didn't catch anything. I am now running v6.12 and after running the online AV no virus was detected.

#65881 30/12/03 03:05 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
Doesn't that mean your problem is sorted? smile

Regards,


Mentality/Chris
#65882 30/12/03 03:39 AM
Joined: Dec 2003
Posts: 5
R
rents Offline OP
Nutrimatic drinks dispenser
OP Offline
Nutrimatic drinks dispenser
R
Joined: Dec 2003
Posts: 5
Maybe, maybe not. I sure hope so, though. Thanks to all the people who tried to help me out.

#65883 30/12/03 03:58 AM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
No problem, I hope so too smile

Have a good chat experience!

Regards,


Mentality/Chris
#65884 23/03/04 01:34 PM
Joined: Apr 2003
Posts: 1
L
Mostly harmless
Offline
Mostly harmless
L
Joined: Apr 2003
Posts: 1
i also get this problem with mIRC 6.14 :[ click here and it only happens when i have mIRC running :\

#65885 24/03/04 08:39 PM
Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
its a good idea to close mIRC and other apps when you're running housecall.

versions of mIRC that you download from mirc.com arent infected. you dont say where exactly housecall found the trojan, but of course you know those things hide all over the place and effect lots of things. one possibility to keep in mind (other than you got infected) is that sometimes AV's get what are called false positives from software. if you are sure that your puter shows clean just before adding a new clean legit copy of mIRC and shows infected after you download it, then contact trendmicro, explain and ask about the possibility of a false positive


ParaBrat @#mIRCAide DALnet

Link Copied to Clipboard