mIRC worm (virus?)

T

Texas111

I have a worm/virus that my NAV has caught attempting to send personal info
out of the computer. It appears to be associated with a mIRC32 program that
I can not dispose of. I did not load mIRC intentionally.
Symptoms are:
I found & deleted 2 mIRC entries in Registry, but they are restored every
time I reboot the computer.
I found and deleted 2 .bat files with mIRC as text.
I found and deleted 3 .ini files with mIRC as text.
System is Win2kPro.
In addition, I found a 6 page .bat file that searches for passwords.
My NAV program does not find anything either.

I cannot find where they have hidden the main file. Can anyone help me with
a clue about what sort of file to look for?
 
N

null

I have a worm/virus that my NAV has caught attempting to send personal info
out of the computer. It appears to be associated with a mIRC32 program that
I can not dispose of. I did not load mIRC intentionally.
Symptoms are:
I found & deleted 2 mIRC entries in Registry, but they are restored every
time I reboot the computer.
I found and deleted 2 .bat files with mIRC as text.
I found and deleted 3 .ini files with mIRC as text.
System is Win2kPro.
In addition, I found a 6 page .bat file that searches for passwords.
My NAV program does not find anything either.

I cannot find where they have hidden the main file. Can anyone help me with
a clue about what sort of file to look for?
Click to expand...

You post as if you believe there is just one MIRC Trojan. You ask for
a clue without giving us any .... such as the names of files you've
deleted and the names of the folders they were in. You don't say what
ports your NAV firewall found the Trojan making outgoing attempts ...
nor do you say which program file was caught making the attempt.

The easiest thing (for both you and us) to try is some Trojan specific
scanner(s) or a alternate up to date antivirus product good at Trojan
detection. You might try the Sys-Up d/l from my web site. With luck,
it might not only provide us with a Trojan name, but it might also be
able to clean it (in Safe mode).


Art
http://www.epix.net/~artnpeg
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

mIRC virus 4
virus/malware question 16
is this a virus,worm or trojan ?? 10
mIRC 1
Start up error message after Mirc hijacking 3
Weird one, or maybe not. IrcFlood 2
"mIRC Options" Dialog Box 1
Directory C:\winnt\system32\drivers found on XP - Trojan? 2

Top