mirc.exe v 6.16 infected with W32.IRCFlood trojan?

The latest update to the detection rules for CA eTrust EZAntivirus is detecting (probably false positive) Win32.IRCFlood trojan in mirc.exe.

It winds-up deleting mirc.exe where ever it finds it.

CA eTrust EZAntivirus info:
Product Version 7.0.6.7
Engine Version 11.9.1
Virus Signature Update: 9554

I had to "snooze" EZAntivirus, add c:\program files\mirc\mirc.exe to the "ignore" list and then reinstall mIRC in order to stop EZAntivirus from deleting mirc.exe.

This happens more and more, not much we can do about it, including Khaled. Best thing to do is contact the antivirus development team and tell them to stop being so overprotective and somewhat ignorant to what mIRC is.

That said, before doing so, you should be certain that you weren't indeed infected with the IRC.Flood backdoor.

Regards,

Thanks, I just submitted a request to CA to fix their detection signatures (no virus/trojan found using other manufacturer's scanning software).

Annorax64

i have also had problems in the past with AdAware calling mirc.exe a potential security risk. i just knew to look for it and exclude it whenever i ran the anti-spyware.

I have got the same trojan...and I also have eTrust anti-virus but I dont know what you mean by "snooze" eTrust.....could you please tell me how to do that? Thanks

i have performed a fresh install of mirc, and etrust antivirus v7.1 is also immediately deleteing it because it find W32.ircflood. i will also submit a report to etrust. er... where do you submit this request, Annorax64?

((( Sorry I just discovered it was my Rogers Internet Online Protection That has been deleting the mirc )))...I deleted that shiz now all is fine ....

It's something you should complain about with the authors of your adware/avg software programs, as there's no such thing as a virus/spyware/etc. in the mIRC executable, atleast if you downloaded it from the official source, being http://www.mirc.com/get.html

If you download mIRC which is prepacked in a script, or from other sources, there's no telling what some people with malicious intentions have done with the mirc.exe.

Khaled can't do anything to prevent this, it's those scanners that are incorrectly detecting mIRC as malicious software. If it's anything of a decent scanner, you should be able to put mIRC on some sort of exception list, otherwise maybe it's time to look for a better scanner.

when enough people complain at their favorite adware/spyware/abti-virus company on bogus stuff being deleted automatically, they might do something about it.

They are only quick to jump the boat. Maybe you can configure your program to let the mIRC.exe excluded, but that poses a risk if another exe of the same name comes in.

Yeah it does this to me, too.
Just started tonight.

It did a similar thing a few months ago, except that was with some .ini file in the mirc directory, and that was resolved after a few days.
This is worse because now it actually started deleting mirc.exe, forcing me to reinstall mirc.

I'm getting rid of this virus program because it obviously sucks, and i wouldn't want it to start finding non-existant viruses in any more important files, and deleting them too.
That could screw up the entire computer.

I'm using the most up-to-date version of Symantec's Norton Anti-virus, and have been using it (updating as updates have become available) since 2002.

I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.

could someone please tell me how to put mirc on ignore list in eTrust...I don't see any ignore list...Thanks in advance

OK, I heard back from CA. They have fixed their mistake.

Follow the these instructions and EZAntivirus should stop deleting mirc.exe:

Quote:

Thank you for contacting Computer Associates Technical Support.

From your e-mail, I understand that EZ Antivirus is detecting mIRC as virus because of you are not able to use it.

We sincerely apologize the inconvenience caused to you.

To resolve the issue, I request you to perform the steps given below.
1. Update EZ Antivirus and run a thorough scan.
2. After the scan gets complete uninstall mIRC.
3. Download a fresh copy of mIRC and then install it.

You can also exclude the file of mIRC from the scan. Below is a web page link that will assist you to exclude the file.
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1885

The above information will help you to resolve your issue.

Thank you for using Computer Associates Technical Support. Please contact us again if we can be of further assistance.

Regards,

Fakhruddin Khan

Computer Associates
Technical Support Team

Thanks,

Annorax64

Quote:

I'm pleased to say that mIRC has never been identified as having a virus in it in the time that I've been using both...roughly 2 years now.

yet...

Glad to hear I'm not the only person this happened to! Booted the computer this morning, and first thing that happened, ezAntivirus deleted "mirc.exe". Put it on the "exclude" list, then re-installed mIRC. All is well again.

hello, this might not be quite the same, but i thought i would add my 2 cents rather than make a new thread.

anyway, yesterday i ran bitdefender's online scan, and it claimed that mirc.exe was infected with Backdoor.IRC.Zapchast.

mcafee hasnt found it, nor adaware. so do you think that is a false positive too? i've had mirc on my system for years and it came from the official site.

the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me??

That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.

Quote:

That's a false positive, due to the fact that it's possible (although not supported on any forum that I'm aware of) to code a script into mIRC which would allow backdoor access to someone else's computer.

hello russel. was that in reply to my bitdefender scan or everyone in general?

sorry to sound dim, but what do you mean by it being a false positive due to the fact it's possible to code a script into mIRC which would allow backdoor access...? wouldnt that mean it isnt a false positive?

Quote:

the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me??

Only if you clicked on a link in those chat windows, or copy/pasted something from them to your mirc command line. Unfortunately, spam like that is getting to be more and more prevalent in even chat channels lately.

RusselB's comment only means your mirc has the potential to be dangerous .. not that it is. Deleting your mirc for what it COULD do would be like scrapping your car because it COULD go 100 miles/hr thus violating speed laws in most locations.

Dammit... this is terribly aggravating.

I am simply going to remove Bit Defender.

I am sick of moving mirc.exe and moo.dll out of quarantine after every scan.