Forums Bug Reports mIRC is bothering me

I have no idea where else to post this. I never downloaded or registered mIRC, yet everyday, when I boot my comp up, a lil red box with mIRC written in it, appears in the upper right hand side of my screen.

mIRC doesn't register on my start menu, startup list, or even the Add/Remove Programs lists.

How the f**k do I get rid of it?

This or this might help. (no promises)

Download an antivirus program and scan your computer, or if you already have one, update it and then scan.

I have Norton Anti-virus 2002, scan pretty much everyday, there's no virus.

Well if you didn't install it then someone or something did (mIRC certainly wouldn't download itself onto your computer and proceed to install itself). The default mIRC wouldn't cause any "lil red box with mIRC written in it" to appear on your screen either. That leaves three options:

• You or another user downloaded it, installed it and is now running a script on it. (possible)
• Something else has installed it on your computer and is running a script on it. (very unlikely)
• Something/someone/you else has [inadvertedly] installed a virus on your computer and the virus is one that pretends to be, or have something to do with mIRC (likely)

1, I suggest you ask anyone else who uses your computer if they have installed it on your computer

2, This is incredibly unlikely, if it did happen and it hasn't asked you about installing it then the overwhelming odds are it is a malicious script.

3, (In my opinion is still the most likely as norton doesn't detect everything, nothing does) it would still a good idea to try scanning with another scanner.


Whatever this is it isn't default mIRC, it is like I said, either a virus, or a (possibly malicious) script.

You could also try these:

Press ctrl+alt+delete and close every program that is running and you know was never running before you got this problem. If the box dissapears do a search on the internet for the name of the last file you closed, hopefully you will find out what it is and how to safely remove it.

You can also try going to start -> run -> msconfig, clicking the Startup tab and looking for anything called mirc.exe or mirc32.exe and disabling it, but it would still be a good idea to find out what this is.

Another idea would be searching for mirc.ini on your computer, if mirc is installed mirc.ini will be in the same directory as the program.


I also forgot to ask an obvious question: If you double, left or right click it (the box with mIRC written in it) does anything happen?


These are all the idea's I've had, if none of them work I hope someone else can help

In addition to what Collective suggests, you could go here and run a free online virus scan. Norton can miss certain trojans and virii, especially irc related ones. Good luck with it.

No one uses my comp, only I do, cause no one goes in my room. Lol.

I did what Poppy suggested, and that gave me 4 infected files. Deleted them, cause they all had IRC and/or mIRC in the name. Now it's gone, w00t. ^.^

Kind of a shame that you deleted them right away.. would have been nice to mail them to Symantec to get them added to the virus definitions...

There is little Symantec can do to prevent these trojans from spreading, since they do in fact use a hacked up copy of mIRC and normal mIRCscripts to achieve their tasks.

Then these trojans usually hide a small VB app that triggers AVs to pick up on that virus and then the user thinks they no longer have a virus.

I suggest that included in the mIRC help file and/or on the mIRC website(as well as IRC network websites), and also AV websites, taht users be made aware how to disarm these trojans themselves.

To best determine if you have an IRC trojan, close down all internet connection programs, especially ones you KNOW connect to IRC. Then run a netstat -n, and then see if anything is connecting to an outgoing port of 1024, or ports 6660-7000. Since these are the most common IRC connection ports, chances are they are using it.

Provided that the trojan is using a different port(unlikely), by closing down all internet connectivity programs(browsers, etc), you will see it continually be 'Connected".

Further digging, search the msconfig startup list for anything that's strange(i.e. non-system related files that are in C:\Windows). Another common thing is to name the trojan something like a true windows app, such as rundll32.exe. So make sure that 'rundll32.exe' is not starting up from within some off the wall folder(like c:\windows\systemfiles\rundll32.exe).

If you suspect a program, check the folder and see if there are other related items(maybe some mIRCscripts)...and then cancel the program and delete the folder.

I suggest that included in the mIRC help file and/or on the mIRC website(as well as IRC network websites), and also AV websites, taht users be made aware how to disarm these trojans themselves.

This part of mIRC's web page has a good bit of info and related links, like to an area of Symantec's website with how to remove details. As does this thread
Wandering about in the registry can be dangerous for new users who need to understand it has to be done carefully and to make a backup first.