Results 1 to 13 of 13

Thread: Sorry irc idlers! (mIRC Virus)

  1. #1
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts

    Sorry irc idlers! (mIRC Virus)

    Just a quick post to apologise for contracting one of those silly irc viruses that spam messages to everyone

    I seem to have found a way to fix the problem and I appear to be "clean" again
    This may help others as well, but I found the last step to be the one that got rid of the damn thing for me!
    1. Run AV system scan (I used Panda and House-call)
    2. Deleted mIRC and any other irc based things from computer and reinstalled
    3. Deleted ALL temp Internet files

    As I said, sorry about the annoyances. Can I please be unbanned from #HEXUS.net, I promise to be good!

  2. #2
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    *Bump*

  3. #3
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS

  4. #4
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    thought someone had already done it - forgot to click refresh on the ban list

  5. #5
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    Quote Originally Posted by directhex
    thought someone had already done it - forgot to click refresh on the ban list
    No probs, thanks for that!

  6. #6
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    Sorry again!

    Apparently leaving for the weekend has re-infected me :/
    If anyone knows of a solution can someone please share your knowledge


    I fear I may have to start typing >FORMAT c: /s /u

  7. #7
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    Apparently the line I'm pasting is like this, although I cannot see this:

    "get a 1 dollar slut! ;p http://blah.blah" (link removed for safety)

  8. #8
    Senior Member
    Join Date
    Nov 2003
    Location
    central london
    Posts
    215
    Thanks
    0
    Thanked
    0 times in 0 posts
    quite a few mirc worms/viruses i've seen use internet explorer to get in via activex scripts. give firefox a whirl if you haven't already.



  9. #9
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    i disassembled what you were doing.

    the virus is a worryingly tiringly common one.

    the link you were pasting was to "cgi.ebay.da.ru", where .da.ru is a redirect system based in russia. the page opened some random ebay thing in a frame (homo-erotic tea towels, something like that), and tried to open a compressed help file in another frame. IE will automatically open and execute all compiled help files without question, and the payload is contained within the chm

    at this point i got bored, as the html within the chm file contained ANOTHER "download this file" exploit, known as JS/Psyme.

    i'm guessing eventually it would get to the IRC spammer virus part, usually titled IRC/SDbot. but I got bored & didn't keep checking that far

  10. #10
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    Quote Originally Posted by këö¬t
    quite a few mirc worms/viruses i've seen use internet explorer to get in via activex scripts. give firefox a whirl if you haven't already.
    The annoying thing is.... I use firefox....

  11. #11
    Real Ultimate Power! Grey M@a's Avatar
    Join Date
    Oct 2003
    Location
    Newcastle
    Posts
    4,625
    Thanks
    52
    Thanked
    156 times in 139 posts
    • Grey M@a's system
      • Motherboard:
      • Gigabyte Z97X Gaming 7
      • CPU:
      • i7 4790K (With H100i cooling)
      • Memory:
      • Corsair Vengeance Pro 16GB DDR3 (2 x 8GB)
      • Storage:
      • Samsung 840 Pro 128GB SSD, 1TB Cavier Black WD HD, 4TB Cavier Black WD HD
      • Graphics card(s):
      • MSI R9 390X Gaming Edition 8GB
      • PSU:
      • SuperFlower Leadex GOLD 850W Fully Modular
      • Case:
      • Corsair 650D
      • Operating System:
      • Windows 8.1 Pro x64
      • Monitor(s):
      • 24" LG 24GM77-B 144Hz
      • Internet:
      • 100MB Virgin Media Cable
    well the only thing i did last time my mirc borked itself was uninstall it, clean out all reg keys, temp files, links to mirc, install again, added no name script which you can get at http://www.nnscript.de then sat and made sure that i limited the ports mirc could use to a range of 3 (these can be whatever you like) after this I made sure that everything that required a connection (e.g. dcc's, server connections etc etc) gave a message to ask if it was ok to connect. It may be annoying this way but if you don't know the person sending you the files then you don't accept it. Setup your DCC options so that it will accept the files you want except the usual suspects, exe's, .js, com etc etc and you should stay mirc worm free

  12. #12
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    or use xchat

  13. #13
    You are feeling sleepy... acidrainy's Avatar
    Join Date
    Jul 2003
    Location
    Glasgow
    Posts
    1,518
    Thanks
    4
    Thanked
    2 times in 2 posts
    I'm guessing it may mean a format comming up :/
    Oh well, I when suppose running windows its not an if but a when


    Now only if linux would install without crashing, I could be totally safe!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Is anti virus software worth it?
    By ives in forum Software
    Replies: 70
    Last Post: 17-08-2005, 06:43 PM
  2. Netskyb virus...
    By streetster in forum General Discussion
    Replies: 18
    Last Post: 10-03-2004, 04:00 PM
  3. The AOL virus :D
    By Alex in forum General Discussion
    Replies: 2
    Last Post: 07-02-2004, 04:10 AM
  4. Svchostc problems – possible virus
    By Jimmy Little in forum Software
    Replies: 10
    Last Post: 10-12-2003, 10:27 AM
  5. Free IRC client for Macs?
    By Trash Man in forum Apple Mac
    Replies: 0
    Last Post: 13-11-2003, 05:44 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •