this is not a hoax, nor is it necessarily a false positive. also, it is not limited to mIRC. I'm using xp pro and mirc 6.01 and keep having the same crap as everyone else. no serious problems, just keep having it detected.
I checked my wife's computer, and she has it too. the funny thing there is that she doesn't have mIRC and never has. she goes into yahoo chat sometimes, and it seems to spread through yahoo as well. one interesting difference on her computer is this: people on yahoo were using a variety of things to knock others offline. the majority of them wouldn't keep a person offline, and usually a reboot was the most extreme measure needed to fix the problem. however, one user kicked her so hard that she was entirely unable to sign back in to yahoo.
scanned, found, and removed bkdr_ircflood.x
rebooted, scanned again, and it wasn't there. after that, I was able to sign her back into yahoo. scanned again, still nothing. went into a different chat for about an hour, scanned, still nothing. went into the room she got booted from, found that same jackass user, harassed him, got booted, couldn't sign into yahoo, scanned again and there it was. until it's removed, she can't sign into yahoo at all.
this makes me think of 2 things: either there are variants of it, or it's not specifically designed to do much for mIRC. apparently it is shared on mIRC, but I think the malicious intent behind it might be more about yahoo.
from talking to other yahoo users, it doesn't seem to spread through yahoo as rampantly as with mIRC. info I've gathered from some good nerds on yahoo say that it's given to one user or a group/room at a time, intentionally, and that those who make use of it are able to modify it in such a way that they can have it keep you offline (from yahoo) or not. when not, then they are able to read all of your private messages and email, among other things. they can hijack all your yahoo/geocities stuff as well. one thing that trendmicro says that 7 different people I talked to seem to disagree with trendmicro on is the ddos attacks. my friends say that what they've learned so far seems to indicate that this isn't yet a possibility with this trojan.
1 more detail: my wife's computer connects separately. we are not on a lan or sharing a hub or anything. her computer sees mine in the same way it would see anyone else's, so it's not possible that she got it from me.
if anyone else has an extra computer that does not have mIRC and they could try to duplicate what I've done, your input would be appreciated.