virus/malware question

[Steve T]

Doing my bi-monthly system scan with Computer Associates AV program there
were 7 items detected. Two were deleted but these 5 remain:

mIRC/IRCflood.c
mIRC/Backdoor!generic
mIRC/IRCFlood
win32/IRCFlood
mIRC/IRCFlood

What are these? Are they spyware or viruses? The AV says "infected" . I ran
Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds
nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is
updated daily and the others checked every couple of days. Would appreciate
any advice. Thank you, Steve T.

 

[Kelly]

http://www.google.com/search?hl=en&q=mIRC/IRCFlood&btnG=Google+Search

Sypware Cleaners that WORK!

Line 393 - Right Hand Side: http://www.kellys-korner-xp.com/xp_tweaks.htm

Or see: http://www.kellys-korner-xp.com/xp_s.htm#spy

*Note: Update all (except HijackThis) before using.

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[PA Bear]

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Rock]

Doing my bi-monthly system scan with Computer Associates AV program there
were 7 items detected. Two were deleted but these 5 remain:

mIRC/IRCflood.c
mIRC/Backdoor!generic
mIRC/IRCFlood
win32/IRCFlood
mIRC/IRCFlood

What are these? Are they spyware or viruses? The AV says "infected" . I
ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
AV is updated daily and the others checked every couple of days. Would
appreciate any advice. Thank you, Steve T.

Search Google / the CA web site for detailed info on these threats. Best to
post to a security / malware web site for these kinds of issues.

microsoft.public.security.homeusers
microsoft.public.security.virus

 

[PA Bear]

@Rock: Congrats! <w>

Search Google / the CA web site for detailed info on these threats. Best
to
post to a security / malware web site for these kinds of issues.

microsoft.public.security.homeusers
microsoft.public.security.virus

 

[Rock]

@Rock: Congrats! <w>

Lol, thanks.

 

[RalfG]

Anti-spyware and antivirus apps may use "pattern" files to recognise the
malware they scan for. Some other antivirus scanners can report false
positives when they detect the virus patterns within those files.

If those particular malwares are actually on your computer then you could
suspect that someone is or has used your computer as part of a DDOS attack
network. Backdoor would be the remote control software used to access and
control your PC, the others are Denial of Service attack components (mostly
chat related)used against other victims.

 

[Vat]

You have all the IRC related trojans in your system. These are more of
trojans, which do the activity without your knowledge. You can
download a compact and effective antivirus called Protector Plus.
Download and install a 30 day evaluation copy from:

http://www.protectorplus.com

and check.

 

[Steve T]

If these are all viruses, don't I have to remove them prior to installing
any other AV programs? CA's website is a nightmare to navigate but I will go
there and try to resolve this mess with them as Rock suggested in the prior
post. Also went to a couple of sites that PA recommended and am going
through the prep work before posting Hijack log at ahuma. Thanks, Steve T.

 

[Rock]

If these are all viruses, don't I have to remove them prior to installing
any other AV programs? CA's website is a nightmare to navigate but I will
go there and try to resolve this mess with them as Rock suggested in the
prior post. Also went to a couple of sites that PA recommended and am
going through the prep work before posting Hijack log at ahuma. Thanks,
Steve T.

Just Google for these names. I Googled the first one and the first hit was
a link to the CA site. I have always found it easy to search the CA site
for threats.

 

[RalfG]

Your AV log should give you some indication of which files are infected. If
for example these infections are all within the same file in something like
"c:\Program Files\My AV program\config\definitions.bin" then there's a good
chance you aren't infected at all and the scan was producing a false
positive.

There are some online anti-virus scanners (free) you could also try:

http://housecall.trendmicro.com/

http://www.pandasoftware.es/com/ca/ (look for the ActiveScan link)

 

[Steve T]

Well I scanned with Trend Micro and found a trojan and a couple of cookies.
Nothing else. Tried Panda 5-6 times but it would get to Windows/System32 and
crash. I won't be buying Panda.
The still original remaining 5 infected files are all in:
C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
this implies a false positive or what but I'm done messing with it for the
time being. My PC does not seem affected by them. Thanks, Steve T

 

[Steve T]

I don't want everybody that contributed to think I won't pursue this further
until it is resolved. Just through with it for now, and my PC IS WORKING. I
truly appreciate the help and advice that everyone submitted. Thanks to all,
Steve T.

 

[Kelly]

Hi Steve,

As a rule of thumb, system restore should be turned off before doing a deep
clean. In lieu of, you could go to Disk Cleanup/More Options/System
Restore - ok. Either way, it isn't a false positive and consider removing
_restore.

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[Steve T]

Thanks Kelly. I followed your advice and now after a scan with Trend Micro
and my CA, I no longer have infected files show up. Thanks again, Steve T.

 

[Kelly]

You are most welcome, Steve. Thanks for the feedback and good luck with XP!
)

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[PA Bear]

Counterpoint: Leave System Restore enabled until you've got the machine
clean, then disable it, reboot & re-enable it. Better a leaky lifeboat than
no lifeboat at all.