Close

Page 1 of 2 12 LastLast
Results 1 to 20 of 30
  1. #1
    DF Member pete_gas's Avatar
    Join Date
    May 2000
    Posts
    32
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default Something 'MiRC' starting with my computer . . .?

    Now I know what MIRC is, but I don't have it, or any other IRC client installed. What is happening is that during my startup sequence in windows, this very small bar (like a window dragged as small as you can) appears very briefly at the top of my screen, with the MIRC logo in the titlebar, then it is gone.

    I'm not sure if it is leaving any lingering processes behind, or if it is doing anything, but it is bugging me obviously - is there anything else that MiRC owns or something? It is the exact little MiRC logo in the bar.

    I've done all the usual stuff like check the registry for strange startup items, virus scan, etc.

    Any ideas?

  2. #2
    DF MaSter sauce's Avatar
    Join Date
    Oct 2001
    Posts
    79
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    I bet its a trojan trying to run an fserve. Do you see it running when you view task manager ?

  3. #3
    DF Probation p i m p's Avatar
    Join Date
    Sep 2001
    Posts
    190
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    ya its a trojan reboot into safe mode and do a virus scan, also search the registry for irc

  4. #4
    DF Member pete_gas's Avatar
    Join Date
    May 2000
    Posts
    32
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    I think you may be on to something. After doing a bit more checking, I found it was a program being started in my registry, with a key and .exe name very close to system files (Taskmngr.exe instead of taskmgr.exe in my system32 folder) - this is very suspicious -

    although the latest norton patterns don't recognize it as a virus - and when I view the properties of the .exe it says it is published by MiRC, and is an 'internet relay chat client'.

    What would be the process name in task manager to look for ?
    I've obviously disabled it in the startup routine but am curious what and really how it got there. I don't download many .exes, scan em all, and definitely never run anything suspicious - very strange.

    (i'm not running a firewall, stopped doing it long ago as I found it more a pain in the ass then it was worth, so I can't see if its trying to connect somewhere)

  5. #5
    DF MaSter sauce's Avatar
    Join Date
    Oct 2001
    Posts
    79
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    you really need a firewall dude, especially if you "preview" software. If i were you I would run one of these
    http://download.com.com/3120-20-0.ht...jan&tg=dl-2001

    because Norton may be missing it. Or install a firewall and reboot and see if anything fishy is trying to connect. You can always uninstall the firewall after you sort the problem out.

  6. #6
    DF Rookie illmatic36's Avatar
    Join Date
    Aug 2001
    Posts
    2
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Probably sub7. Close all the possible windows you can, like i mean anything connected to or that uses the internet. (Like aim MSN any shit like that) Then go to start>run. Type command then hit enter. After a black screen will come up, type netstat, it will give you all you current connections. Reply with what netstat gave you back.


    PS: To copy from a dos window in 2k/xp first right click anywhere on the command window, hit mark, highlight wat you want to copy then just right click and it will be on the clipboard.

    PPS: With this info I'll further inform you on what you got.


    Edit:

    It is definatly a trojan, I've had to remove it on a friends computer long time ago.

  7. #7
    DF Member hitdank's Avatar
    Join Date
    Jan 2002
    Posts
    28
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    why would this trojan be so obvious about itself?

  8. #8
    DF Member j0e_90's Avatar
    Join Date
    Jun 2000
    Posts
    48
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    i have a simular problem if anyone knows how to solve.

    my misses managed to install about 10 shite spyware things in about 20 mins surfing for mp3's. ABout the only time she used the damn computer she fucked it..

    anyway my taskmanager in w2k now only shows the Applications tab and not the processes or menus.. anyone know how to change it back. i have removed all the software..

  9. #9
    DF Rookie jack_black's Avatar
    Join Date
    Jul 2002
    Posts
    14
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    format c:

  10. #10
    DF Rookie skazz's Avatar
    Join Date
    Sep 2001
    Posts
    7
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Run msconfig.exe in Sart>Run click on the 'Startup' tab. If there is anything suspicious listed in that window, or somthing you dont want to run at startup, just untick the item you wont want, Click apply and exit. It may ask you to restart windows sometimes.

  11. #11
    DF Rookie Nintendo4's Avatar
    Join Date
    Apr 2002
    Posts
    4
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default h

    i had the same problem. its a bot that uses your bandwidth to serve in a channel. and whoever put it on your computer would be uploading warez to you , so u can serve it. look in the windows folder or system folders and look for a file named BNC and delete it there is more to delete but i forgot the name. o and there would probably be a program called HIDeWINDOW. that hides the irc bot. delete it and u can see the client running.

  12. #12
    DF Rookie gord's Avatar
    Join Date
    Oct 2000
    Posts
    19
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Originally posted by joe_90
    anyway my taskmanager in w2k now only shows the Applications tab and not the processes or menus.. anyone know how to change it back. i have removed all the software..
    I have the same issue - anybody know how to fix this?

  13. #13
    DF Rookie NOOBD00D's Avatar
    Join Date
    Jun 2002
    Posts
    6
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Originally posted by hitdank
    why would this trojan be so obvious about itself?
    because it was written by a 4 year old

  14. #14
    DF Rookie AlexN's Avatar
    Join Date
    Jan 2002
    Posts
    8
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    I had something like this way back - I think "The Cleaner" took care of it.

  15. #15
    DF Rookie Dimzin's Avatar
    Join Date
    Feb 2001
    Posts
    12
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    use a 3rd party task manager that gives you ALL running processes/programs and unregister the offending processes.

    Another Task Manager will work

    http://download.com.com/3001-2094-6771750.html

  16. #16
    DF Member j0e_90's Avatar
    Join Date
    Jun 2000
    Posts
    48
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Originally posted by jack_black
    format c:
    well done, you cock.

  17. #17
    DF Member pete_gas's Avatar
    Join Date
    May 2000
    Posts
    32
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    I've read all the replies - I'm not worried about it - I mean I deleted the reg key right away when I found it, so I'm not worried about it starting - I just want to know how the hell it got there, and why norton av skips it over -

    illmatic36: if it was sub7, it would be picked up by norton av. Also, thanks for the netstat command, I didn't know about that.

    Nintendo4: The thing is I don't have a server where unknown ppl can up me warez - I only run a private server and its barely used. Nothing would have come from there. Most software I 'preview' are regular releases from good sources. Any cracks, etc I do download, I always scan first -

    More info:

    If I copy the .exe out of the system32 directory and run it, it just opens a regular MiRC client window, so there is obviously something else involved.

    ----

    Even more info:

    Only when I copy back into my system32 folder and run it, does it not run a regular mirC client. I noticed that it invokes a program called 'secedit.exe' - no Idea what that is - some kind of security editer (what is it trying to do?)

    anyway - here is the result of the netstat after manually 'starting' the trojan again (I've blanked out my work ip - that is my pc anwhere connection):

    So it has established a connection to 216.127.67.188:6667

    more info: When i started pinging and tracerouting this address, it went offline!

    Proto Local Address Foreign Address State
    TCP peter:1223 216.127.67.188:6667 ESTABLISHED

    TCP peter:5631 (MY WORK ADDRESS) ESTABLISHED

  18. #18
    DF Member D3r3d3v1L's Avatar
    Join Date
    May 2002
    Posts
    49
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    either its a gay zombie which is commonly used for DDoSing (thats how they DDoSed grc.com ) or a trojan and its almost for sure the first one
    check your registry as 2MCM said better install a firewall and try scanning ur pc with Ad-Aware (its for spyware)

  19. #19
    DF MaSter aiyo's Avatar
    Join Date
    Feb 2001
    Posts
    96
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    norton wont detect even the most obvious trojans if you pack/encrypt the exe.

    how fast is the connection on the infected computer?

  20. #20
    DF Member D3r3d3v1L's Avatar
    Join Date
    May 2002
    Posts
    49
    Thanks
    0
    Thanked:        0
    Karma Level
    0

    Default

    Get AVP from www.kaspersky.com

Page 1 of 2 12 LastLast

Similar Threads

  1. wanted cheap computer for the kids for x-mas
    By squig in forum Buy, Sell and Trade
    Replies: 1
    Last Post: 19th October 2002, 12:27 AM
  2. Man dies playing computer games
    By marcode in forum The Dog and Duck
    Replies: 1
    Last Post: 10th October 2002, 09:59 PM
  3. mIRC @ Work
    By BFG in forum The Dog and Duck
    Replies: 12
    Last Post: 10th October 2002, 05:16 PM
  4. Computer busted and I know fuk all
    By whitesteel in forum PC Problems
    Replies: 4
    Last Post: 9th October 2002, 05:37 PM
  5. Mirc /list problem
    By coogy in forum PC Problems
    Replies: 8
    Last Post: 8th October 2002, 09:54 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •