Sorry irc idlers! (mIRC Virus)

**acidrainy** · 26-05-2004, 04:15 PM

Just a quick post to apologise for contracting one of those silly irc viruses that spam messages to everyone

I seem to have found a way to fix the problem and I appear to be "clean" again

This may help others as well, but I found the last step to be the one that got rid of the damn thing for me!

Run AV system scan (I used Panda and House-call)
Deleted mIRC and any other irc based things from computer and reinstalled
Deleted ALL temp Internet files

As I said, sorry about the annoyances. Can I please be unbanned from #HEXUS.net, I promise to be good!

**acidrainy** · 26-05-2004, 11:56 PM

*Bump*

**directhex** · 27-05-2004, 12:34 AM

**directhex** · 27-05-2004, 12:34 AM

thought someone had already done it - forgot to click refresh on the ban list

**acidrainy** · 27-05-2004, 12:53 AM

Originally Posted by directhex

thought someone had already done it - forgot to click refresh on the ban list

No probs, thanks for that!

**acidrainy** · 30-05-2004, 07:40 PM

Sorry again!

Apparently leaving for the weekend has re-infected me :/
If anyone knows of a solution can someone please share your knowledge

I fear I may have to start typing >FORMAT c: /s /u

**acidrainy** · 30-05-2004, 07:44 PM

Apparently the line I'm pasting is like this, although I cannot see this:

"get a 1 dollar slut! ;p http://blah.blah" (link removed for safety)

**këö¬t** · 30-05-2004, 07:44 PM

quite a few mirc worms/viruses i've seen use internet explorer to get in via activex scripts. give firefox a whirl if you haven't already.

**directhex** · 30-05-2004, 09:02 PM

i disassembled what you were doing.

the virus is a worryingly tiringly common one.

the link you were pasting was to "cgi.ebay.da.ru", where .da.ru is a redirect system based in russia. the page opened some random ebay thing in a frame (homo-erotic tea towels, something like that), and tried to open a compressed help file in another frame. IE will automatically open and execute all compiled help files without question, and the payload is contained within the chm

at this point i got bored, as the html within the chm file contained ANOTHER "download this file" exploit, known as JS/Psyme.

i'm guessing eventually it would get to the IRC spammer virus part, usually titled IRC/SDbot. but I got bored & didn't keep checking that far

**acidrainy** · 30-05-2004, 10:29 PM

Originally Posted by këö¬t

quite a few mirc worms/viruses i've seen use internet explorer to get in via activex scripts. give firefox a whirl if you haven't already.

The annoying thing is.... I use firefox....

**Grey M@a** · 01-06-2004, 09:08 AM

well the only thing i did last time my mirc borked itself was uninstall it, clean out all reg keys, temp files, links to mirc, install again, added no name script which you can get at http://www.nnscript.de then sat and made sure that i limited the ports mirc could use to a range of 3 (these can be whatever you like) after this I made sure that everything that required a connection (e.g. dcc's, server connections etc etc) gave a message to ask if it was ok to connect. It may be annoying this way but if you don't know the person sending you the files then you don't accept it. Setup your DCC options so that it will accept the files you want except the usual suspects, exe's, .js, com etc etc and you should stay mirc worm free

**directhex** · 01-06-2004, 10:03 AM

or use xchat

**acidrainy** · 01-06-2004, 10:19 AM

I'm guessing it may mean a format comming up :/
Oh well, I when suppose running windows its not an if but a when

Now only if linux would install without crashing, I could be totally safe!

Thread: Sorry irc idlers! (mIRC Virus)

LinkBack

Thread Tools

Sorry irc idlers! (mIRC Virus)

Thread Information

Users Browsing this Thread

Similar Threads

Is anti virus software worth it?

Netskyb virus...

The AOL virus :D

Svchostc problems – possible virus

Free IRC client for Macs?

Posting Permissions