These assorted nasties are things you do NOT want on your computer. The payloads vary, from putting backdoors on your machine to steal your passwords and other private information, to erasing your hard drive and lots in between. They gain control of your computer and distribute themselves using your Windows Operating system (like win98, winxp, etc), your web browser (like Internet Explorer), your email and IRC. Your computer may be used with a group of similarly infected computers to attack IRC servers and webservers.

These nasties fly around at warp speed, with new ones being created all the time. The first step in preventing this from happening to you is to understand how you get them:
-by clicking on infected urls (websites)
-by running infected files or software
-by opening infected email attachments
-by running infected scripts
-by typing something some stranger tells you to
-by not patching against security vulnerabilities in software you run

Understand that no one AV (antivirus) can be expected to catch everything. Its a good idea to use multiple resources on a regular basis, and keep your AV updated. In addition to the info and resources at http://www.mirc.co.uk/help/virus.html the following resources were contributed by many people (special thanks to Mentality & Iori) If you have resources that you would like added, please pm me with the info. Note that mIRC is not affiliated with any of these sites. Any questions or problems with them need to be directed to their authors. Of course you know that any software may discover it has vulnerabilites as exploits are created.
Please be sure to read the info on these sites before using the software.

WARNING: You need to be aware that there are a lots of supposedly helpful software and sites that in fact are far
from helpful. Some infect your computer, some say they are removing spyware/trojans/virus but are really adding their own. Here we will list some reputable resources and will add to it as more are suggested.

Free Online AV scanners

Panda ActiveScan: http://www.pandasoftware.com/activescan/

TrendMicro Housecall: http://housecall.trendmicro.com/

RAV Online Scan: http://www.ravantivirus.com/scan/

BitDefender Online: http://www.bitdefender.com/scan/licence.php


Free AV programs

Avast!: http://www.avast.com/i_idt_153.html

AntiVir: http://www.free-av.com/

AVG Free: http://www.grisoft.com/us/us_dwnl_free.php http://www.grisoft.com/faq/us_faqtext.php?id=184&sid=26


Trojan Removers (Free)

McAfee Stinger: http://vil.nai.com/vil/stinger/

Kaspersky clrav: http://www.kaspersky.com/news.html?id=3673884

Avast!: http://www.avast.com/i_idt_171.html

Symantec: http://securityresponse.symantec.com/avcenter/tools.list.html


Free trials (Shareware)
AV Programs

Nod32: http://www.nod32.com/download/trial.htm

KAV: http://www.kaspersky.com/download.html

AVG: http://www.grisoft.com/us/us_dwnl7.php (Also has a "Free" version)

Sophos: http://www.sophos.com/products/sav/eval/

F-Secure: http://www.f-secure.com/download-purchase/list.shtml


Trojan Removers (Shareware)

Trojan Remover: http://www.simplysup.com/tremover/details.html

Trojan Hunter: http://www.misec.net/trojanhunter.jsp

Tauscan: http://www.agnitum.com/products/tauscan/

TDS-3: http://tds.diamondcs.com.au/

The Cleaner: http://moosoft.com/products/cleaner/

SwatIt: http://swatit.org/download.html


Security checks
Symantec: http://security.norton.com/sscv6/default.asp?productid=symsc&langid=ie&venid=sym

Lockdown: http://stealthtests.lockdowncorp.com/

Shield'sUp: https://grc.com/x/ne.dll?bh0bkyd2

Spyware detection & removal
Ad-Aware: http://www.lavasoft.de/software/adaware/
SpyBot: http://www.safer-networking.org/
PestPatrol: http://www.pestpatrol.com/ shareware with free trial
Windows Defender: http://www.microsoft.com/athome/security/spyware/software/default.mspx
Spyware Doctor: http://www.pctools.com/spyware-doctor/

related
Microsoft FREE CD of Updates for Windows 98/98SE/ME/2000/XP at http://www.microsoft.com/security/protect/cd/order.asp This Cd is free, MS will ship it to you at no charge and includes a full years free use of eTrusts EZ Armor (firewall plus AV)
eTrust free 30 day trial downloads:
EZ Armor: http://www.my-etrust.com/products/productpage.cfm?productName=Armor
EZ AntiVirus: http://www.my-etrust.com/products/productpage.cfm?productName=Antivirus
Always keep up with the latest updates at www.windowsupdate.com

The following is not a general computer virus scanner, but it does detect quite a few current IRC related backdoors. There is a "Live Update" feature in the addon, and good documentation with it. Be aware that the link is a direct download link. http://www.dejhantulip.net/nohack/files/spam_remover.zip

Info and resources:
Symantec, Security Response: http://www.sarc.com/
#NoHack's website: http://www.nohack.net/index2.htm
mIRC.net tutorial on IRC dangers: http://www.mirc.net/newbie/dangers.php

FIREWALLS
You can also get infected as a result of open and exploitable ports. "Hackers" search for those open ports to gain access to drop trojans. Firewalls can help protect you by blocking access to those ports. Essentially you use firewalls to limit what ports you want to be open. When you look thru a firewall log, its amazing how often you are port scanned every day without knowing it. You can find a better explanation about firewalls at http://computer.howstuffworks.com/firewall.htm

Because they block ports, firewalls can cause problems with DCC and/or IdentD until you configure the firewall to suit your needs. IdentD needs to use port 113, and you can set the ports you want to allow DCC to use (and set those same ports in mIRC's options), and the applications you want to allow through (like mIRC). IRC servers (which you use to connect to a network) use a range of ports, generally 6660-6669, 7000-7002. You may want to look thru the Cant DCC thread and Enable IdentD thread

There are lots of firewalls available, and everyone has their personal favorite. Some you can download and others you can buy at your local stores. WindowsXP has a built in firewall, see http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp and http://channels.dal.net/mirc/xpdcc/default.htm. If you have installed XP Service Pack 2 then see www.mirc.org/xpdccsp2 and http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx . Keep in mind that its not a good idea to try to run two
firewalls at the same time. You'll only confuse them. The following are just a few suggestions:

Firewalls (free)
ZoneAlarm: http://www.zonelabs.com/
Kerio Personal Firewall: http://www.kerio.com/us/kpf_home.html
Sygate Personal Firewall: http://smb.sygate.com/products/spf_standard.htm
Agnitum Outpost Free: http://www.agnitum.com/download/outpost1.html

Firewalls (Shareware)
EZ Firewall: http://www.my-etrust.com/products/productpage.cfm?productName=Firewall
Sygate Pro: http://smb.sygate.com/products/spf_pro.htm
Agnitum Outpost: http://www.agnitum.com/download/outpostpro.html
Tiny Firewall: http://www.tinysoftware.com/

Also:
Norton Personal Firewall (free 30 day trial) http://www.symantec.com/sabu/nis/npf/
McAfee Personal Firewall: http://us.mcafee.com/root/package.asp?pk...ov_firewall.asp
Kaspersky (has a trial version): http://www.kaspersky.com


Thanks to tidy_trax for the following resources:

Trojan hunter found at http://www.trojanhunter.com is a pretty effective trojan scanner

Hijackthis found at http://www.spywareinfo.com/~merijn/downloads.html There's also an excellent forum that deal especially with HijackThis logs at http://forums.net-integration.net/index.php?showforum=32 , they will review the logs and help you remove the bad things in the log.

CWShredder found at http://www.spywareinfo.com/ was made especially to remove coolwebsearch, one of the most annoying spyware/adware/malware known to man.

Spywareblaster found at http://www.allsecpros.com/#sb31 will help prevent known spyware from getting onto your system in the first place

There are various resources listed on this post
http://forums.net-integration.net/index.php?showtopic=3051&hl=how+did+i+get+infected
including a helpful browser security test


Edited by Mentality (02/04/06 09:16 PM)