-General Reply-
In an attempt to stop people asking if they're infected or not,
please read this before posting anymore!
- This is just a summary of everything I can think of, gathered from other people's good advice throughout this thread and some areas off this thread.
Question: What's this all about?
People are finding that, when using Trendmicro's Housecall virus scan they are experiencing a virus detection of malware.Bkdr_Ircflood.X. CtrlAltDel posted a link to more
technical information about this infection.
ParaBrat has pointed out before, there are two main issues with this situation:
1) Trendmicro virus scan is detecting that you are infected with malware.Bkdr_Ircflood.X. If this is the case, clean your system exactly as is told to you by Trendmicro.
2) Trendmicro virus scan is detecting that you are infected with malware.Bkdr_Ircflood.X and you have followed all of the instructions and you can't find any of the problems that it says you should have
OR you scanned before, and cleaned everything, and it still detects you as infected.
I suggest you use the resources in
this thread and choose an antivirus or trojan scanner
other than Trendmicro. I would personally recommend
AVG,
The Cleaner AND
Ad-Aware.
If ALL 3 of these programs say you are not infected with any backdoors (or at least not with malware.Bkdr_Ircflood.X) then I would say you are not infected and Trendmicro is wrongly detecting you as being infected. If they DO detect that you are infected then you may not have followed the instructions properly or Trendmicro may not have detected all strains (versions) of the virus on your computer - so use those programs to remove the program, reboot, and once again scan with those 3 programs to ensure non-infection.
If you are finding that Trendmicro is detecting this virus and NO other virus scanners are, then it is fairly safe to assume you are not infected.
Please remember,
we cannot tell you if you're infected or not, you must scan for yourself! We cannot tell if Trendmicro is or is not properly detecting the virus.
Question: How did I get infected?
This obviously only applies if there was actually an infection detected. Sparta made some good suggestions as to how people can get infected:
- You could have got this through an email attachment. It's a good idea never to open email attachments without scanning them with a virus scanner first, even if an email is from one of your friends (I have seen a lot of people say their "friends" have planted trojans on their computers for a bit of fun. It may be fun for them, but if they shut down your computer every 5 minutes, or accidentally delete an important system file because they don't know what they are doing, it might not be so fun for you!)
- You may have visited a website which has exploited you and planted this virus on your computer. It's best not to go to websites when you're not 100% certain of what's on them. You could visit a website and it automatically starts to download something - NO legitimate website on the entire Internet will do this, if you can, stop the download immediately.
- You may have installed a program recently that contains it. For your own security you should not install programs unless you know they are perfectly safe - this may include checking up on their security certificates and the company who has signed the download.
The above 3 ways could have happened even if you have not used IRC for a number of days, weeks, months of even years, and you are just coming back to using IRC. However, there are general computer safety guidelines you should follow, and also very IRC-specific guidelines you should follow to ensure you remain safe from viruses and you keep your private information private. Those may include:
- NEVER accepting files from people on IRC. Only accept files from trusted friends, 'trusted' meaning you've known them for months if not years, not because they've been nice to you for a few hours.
- NEVER typing suspicious things that people tell you to type, especially if they contain //write $decode or any other long form of what appears to be a jumble of letters and numbers.
- ALWAYS having an antivirus installed on your computer. If they have auto-protect features then have it enabled.
- ALWAYS having the latest updates from
www.windowsupdate.com.
- ALWAYS having the latest version of your software. mIRC is an important one to have updated to avoid any exploits that may be found. You can always get the most up to date version at
www.mirc.com/get.html.
The above should help you protect yourself from further infection. This does not mean it's
impossible for you to be infected, so don't disregard any warnings that Antivirus programs give you, but it gives you a good chance at not getting infected
Question: So what's being done about this?
Trendmicro emailed ytytyt and told him that their 'virus doctors' are looking into the situation. They also said to add mIRC.exe, for now, into your Exception List so that Trendmicro does not detect a virus in it. See
this page for details.
Until there is another reply from Trendmicro nobody can give a definite answer as to whether or not this is a 100% certain "false positive" in Trendmicro. There is also very little we can do, as IRC users, other than wait.
Question: Shall I stop using Trendmicro? Delete it?
No
- Let's not forget Trendmicro is still a good virus scanner and highly recommended by many websites, virus help channels and many IRC helpers. There does seem to be a slight glitch in how it scans mIRC, but other than that, it's good at picking up viruses and is a good addition to your computer!
That said, do remember as always, no ONE virus scanner can detect, protect and remove every virus threat - new viruses are released into the wild everyday, there are hundreds of different types of viruses, trojans, backdoors etc. You need at least 2-3 virus/trojan scanners on your computer for effective protection.
Conclusion:
1) Scan your computer with Trendmicro.
2) If malware.Bkdr_Ircflood.X is detected, clean it.
3) After a reboot and following instructions carefully, scan again.
4) If Trendmicro continues to detect 'malware.Bkdr_Ircflood.X' use 2-3 other programs to scan your computer
5) If they find nothing, you're probably not infected!
6) If they do find something, clean your machine with those programs, reboot and rescan with those programs.
After that, you should be clean (once and for all!)
I hope this helps those people who browse this thread and prevents them from needing further help until Trendmicro gets back to someone about this issue =) - I by no means want to discourage people from posting if they have an issue, please do if you have more questions, but I think this post and the other posts throughout this thread answer a lot of questions that have been repeated and repeated!
Stay safe!
Regards,