mIRC Home    About    Download    Register    News    Help

Print Thread
#70776 09/02/04 02:15 AM
Joined: Feb 2004
Posts: 3
J
Jake1 Offline OP
Self-satisified door
OP Offline
Self-satisified door
J
Joined: Feb 2004
Posts: 3
I need help getting this trojan bullshit off my computer. Somebody messaged me in a chat, telling me to download this mircspeedup thing that would supposedly make sends qucker but it turns out it was one of those flood things. Now I can't go to some channels cause I've been banned because of it. Anyway, can anybody help me get this crap off my PC or link me to a site that could help? I've already tried virus scan and it couldn't delete it.

#70777 09/02/04 02:22 AM
Joined: Jan 2004
Posts: 18
G
Pikka bird
Offline
Pikka bird
G
Joined: Jan 2004
Posts: 18
Whats the Virus called? thats really what u need to find out ur virus software should tell u then use this link

Symantec Search page to see if there is a Tool to Fix -

as i havnt bothered to download this file yet..to check how bad it is this is the best info i can offer atm , but if u hang fire ill download it now and see. laugh



=--i dont condone software piracy--=
#70778 09/02/04 02:39 AM
Joined: Jan 2004
Posts: 18
G
Pikka bird
Offline
Pikka bird
G
Joined: Jan 2004
Posts: 18
Ack, i just tried to download it off a website that was spammed by a user on my server, but that host has apparently hit its quota for the month so i cant get from there, ill keep trying though if that link doesnt help let me know please so i can stop trying laugh



=--i dont condone software piracy--=
#70779 09/02/04 05:48 AM
Joined: Feb 2004
Posts: 3
J
Jake1 Offline OP
Self-satisified door
OP Offline
Self-satisified door
J
Joined: Feb 2004
Posts: 3
I deleted the virus which was called "winboot" or somethin. Then I scanned again with Macafee and it showed another infected file in a folder called "C:\_RESTORE\TEMP\A0022717.CPY" then I tried deleting it but it said it was write-protected or some [censored].

#70780 09/02/04 06:43 AM
Joined: Feb 2004
Posts: 3
J
Jake1 Offline OP
Self-satisified door
OP Offline
Self-satisified door
J
Joined: Feb 2004
Posts: 3
If you still wanna d/l it: <infected url deleted> Make sure to tell me how to get rid of it if you find a way, thanks in advance.

Last edited by ParaBrat; 10/02/04 08:57 AM.
#70781 09/02/04 06:45 AM
Joined: Aug 2003
Posts: 1,831
I
Hoopy frood
Offline
Hoopy frood
I
Joined: Aug 2003
Posts: 1,831
That is a Windows System Restore folder and files, this page tells you how to clean it.

#70782 09/02/04 07:47 AM
Joined: Jan 2003
Posts: 428
P
Fjord artisan
Offline
Fjord artisan
P
Joined: Jan 2003
Posts: 428
Get and run an up-to-date antivirus, and/or run one of the online ones. Get and run an anti-trojan like Pest Patrol too.

And the moral is... never ever download anything from a website promoted on IRC. In fact, don't even visit advertised websites, since many are virus infected.

Trust no-one! wink

PM


IRCnet & DALnet @#travelersinn
:-: IRC for fun and relaxation :-:
#70783 09/02/04 06:27 PM
Joined: Jun 2003
Posts: 5,024
M
Hoopy frood
Offline
Hoopy frood
M
Joined: Jun 2003
Posts: 5,024
It's probably not the best idea to post infected URLs on the boards, there are people who look through the threads that may be newbies, or perhaps people who will click it out of curiosity, or even by accident. Luckily Freewebs has frozen that account, but just as a future reference. The Forums have a PM feature, so if a specific person is helping you it might be an idea to PM the link to them, particuarly if they've shown an interest in downloading the virus for inspection reasons.

There are also a number of programs which you might like to use, it's better to run more than one (maybe more than two) AV programs as they have different methods of scanning, and some miss files. The following are ones I usually recommend:

AVG (Virus scanner)
Trendmicro (Online virus scan)
SwatIT (Trojan scanner)
The Cleaner (Trojan scanner)

Don't run two at the same time, that could cause problems.

Finally, to reiterate what PastMaster said, do not believe what people tell you. If people tell you that they know where you can get "free nude pictures of Britney" (or versions of that) then it's rubbish. You can usually see ample amounts of Britney on the TV anyway, so just use that wink - That's the same for anything which is sent to you via IRC. Ignore messages, ignore DCC transfers, do not use mIRC (or other IRC clients) for mass/illegal file trading (i.e. downloading movies, music etc) as that is a very popular way to give people virus's.

Check in your network's #Help channel and see if the network has a +R (or similar) usermode which blocks unregistered nicknames from messaging you. Some networks support nick registration, if yours does, then this might well be an available mode. You might want to do a search of sites such as www.mircscripts.org or www.mirc.net and see if they have "Spam protection" addons which close query messages when sites are sent to you. I recommend those sites simply because they check their submissions for viruses before they allow "the public" to download them.

And for general security, make sure you have the latest Windows updates (most importantly critical updates, but recommended ones are also a good idea) - www.windowsupdate.com

DALnet also set up a good document about how to avoid becoming an unwitting spammer, read it here.

Have fun! smile

Regards,


Mentality/Chris
#70784 10/02/04 09:02 AM
Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
Jake, i deleted that url. If Guyvah wants it, please pm him. I understand why you did it, but its just too risky to others to post an infected website here for anyone to click on.
Thanks for your understanding


ParaBrat @#mIRCAide DALnet
#70785 10/02/04 09:11 AM
Joined: Dec 2002
Posts: 3,127
P
Hoopy frood
Offline
Hoopy frood
P
Joined: Dec 2002
Posts: 3,127
aha! thanks Iori, darned if i could find where i put that url. no doubt with the others i put in a safe place so i wouldnt forget where they were crazy


ParaBrat @#mIRCAide DALnet
#70786 12/02/04 12:06 AM
Joined: Nov 2003
Posts: 2,327
T
Hoopy frood
Offline
Hoopy frood
T
Joined: Nov 2003
Posts: 2,327
you may also want to download spybot s&d, it's mainly for spyware but it removes trojans too: http://security.kolla.de


New username: hixxy
#70787 13/02/04 02:53 PM
Joined: Aug 2003
Posts: 1,831
I
Hoopy frood
Offline
Hoopy frood
I
Joined: Aug 2003
Posts: 1,831
The above link is the Win ME instructions.
Disabling or enabling Windows XP System Restore


Link Copied to Clipboard