I am asking for help. About a month ago I was hacked into and everytime I reboot secedit runs with MIRC running on top of that. I know I was hacked as I watched the dos window pop up and ipconfig running with a few other things. Why would soomeone want to use MIRC for that? I noticed every 30 secs or so a new user name would log in..Anyone have any Ideas? Thanks, Sniper801

WHY would they? i have no clue...but sadly, they do. You were most likely infected from an url you clicked on or something you downloaded. There are a few that do this, so its hard for me to give you an easy fix. But, fix it you have to.
You will need to do a virus scan (be sure you have updated your virus scanner). Since not all scanners will find IRC type trojans, try one of the free online scanners as well http://www.antivirus.com/free_tools/ is a good one, altho it was down when i checked a couple days ago. http://zine.dal.net/previousissues/issue19/letter-from-the-editor.php gives other resources. On DALnet, the nice ops in #nohack can help you, as well as their website, www.nohack.net
Altho for some wierd reason i cant get it to open, others can, so check http://www.mirc.co.uk/help/virus.html

/me is just an electronics bermuda triangle *sigh*

Using an antivirus will not solve your problem entirely since mIRC will keep running on startup. You need to remove mIRC from your startup, and to do this with no risk of removing something else, you need to run msconfig.exe and then go to the Startup tab and uncheck the line that belongs to mIRC.

If you want to permanently remove that line from msconfig.exe, you'll need to find where mIRC is being executed from at startup. There's several possibilites, but the most commonly used by "hackers" (though they are not) is win.ini. All you need to do is find the line that starts with "run=" or "load=" and then remove the name that belongs to the mIRC exe file. They can also make it run from your registry, but editing your registry manually isn't recommended unless you really know what you're doing. But anyway, the keys from which it can run are:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

I hope that helps.

Sounds like you are infected with what's called GtBot, or Global Threat. Due to the rather low quality of modern virus prevention systems, it's easy for this virus to bypass the scanners. Additionally, different versions of the virus installl itself in different ways, but 99% of the time, it's installed by running a downloaded program. It could be from downloading a "Channel Password Hacker", or Appster, or something similar. It's not a fast spreading virus, but it can do quite some damage. On the other hand, there's the nospam virus, which is spreading twice as fast as Melissa did.

Goto http://www.nohack.net/gtbots.htm for the GTBot removal.

agreed anti viral scanners do a pretty crappy job with mirc scripts
I believe it was either norton or mcaffe that notified me I had a virus in a script I wrote. turned out just to be the run command. the interesting thing is that it didn't care about my socket script which could have just as easily been a backdoor or virus. I imagine with very little creativity one could easily script circles around an anti viral definition.

Just a word of caution, before you muck about in your registry, do a back up!

I have the same problem I think I was hacked also. I want to know how to uninstall this Mirc. I found out that I do have a GTbot and a Network Crack Wizard 99 on my computer. I used Swat It, but does this mean they can still hack my computer with the original method they used???

people get these trojans/viriis by downloading/opening infected files/scripts or clicking on urls that infect you. Read the other threads on this here, (like https://forums.mirc.com/showflat.php?Cat=...amp;amp;fpart=1 and check out the urls mentioned for good info on how to help stop this from happening, like http://zine.dal.net/previousissues/issue19/letter-from-the-editor.php

Hopefully SwatIt cleaned out everything and your machine is now ok..but if you are still having the FAKE mIRC open, then it didnt take care of everything.