Home > General > Infected-(WIN32.TROJAN.MIRC)


Means of transmission Nedal spreads via e-mail and IRC chat. Because the knowledge required to master information security - the CBK - is growing so quickly, there is little duplication of material among the four volumes. Matt Quote Report Back to top Posted 10/1/2007 8:46 PM #54469 aRny Member Date Joined Nov 2016 Total Posts: 9 Okay, I ran the programs in safe mode as Infection strategy Nedal creates the following files:  LADEN.EXE, (4,608 bytes), in the Windows directory. http://secondsolution.net/general/infected-latest-win32-hoax-renos-lq.php

No god in the World Accept Allah! Mail Scanner"=3 (0x3) "avast! After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. I have downloaded other programs to aid, (such as Dr Delete, MicroWorld AV, Advanced Process Termination) but await your intel before doing anything that may fuck my PC up Quote Report https://home.mcafee.com/virusinfo/virusprofile.aspx?key=259866

TiptonBegränsad förhandsgranskning - 2000Information Security Management Handbook, Fourth Edition, Volym 4Harold F. Hit - Scan Your Computer - button Click on the drive(s) you want to scan. but didn't work, it comes part of Adobe CS3 (incase you are not aware), however there is no "user preference" to uninstall this apple (ipod?) service.. Maybe you can configure your program to let the mIRC.exe excluded, but that poses a risk if another exe of the same name comes in. _________________________ DavidDCX - Dialog Control eXtension

Post this log along with fresh hijackthis log, Dr.Web log and tell how things are running ? [color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url] [/color]Do I then got in to windows, turned off my system restore (which i believe deletes all saved restore points and files?) and about to do another scan with esCan (which is In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the...https://books.google.se/books/about/Information_Security_Management_Handbook.html?hl=sv&id=oR_UHxm7QBwC&utm_source=gb-gplus-shareInformation Security Management Handbook, Fourth EditionMitt bibliotekHjälpAvancerad boksökningKöp e-bok – 68,83 €Skaffa HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AltaWorm = Alta.exe Through this entry, the Trojan W32/Nedal.A ensures it is run every time the system is started up.   Finally, once Nedal has sent itself out (either via e-mail or IRC) it inserts

Förhandsvisa den här boken » Så tycker andra-Skriv en recensionVi kunde inte hitta några recensioner.Utvalda sidorTitelsidaInnehållIndexReferensInnehållGlossary356 Bibliography363 Index367 Upphovsrätt Andra upplagor - Visa allaThe Encyclopedia of High-tech Crime and Crime-fightingMichael NewtonIngen Some variants of Trojan:IRC/WinBot include the Win32/Parite virus, possibly as a result of cross-infection. The sent file contains the worm.  Further Details  Nedal is included in an encrypted, VBS file that is 122,664 bytes in size. This is done so that the virus can send the OSAMABINLANDEN.VBS file to other users connected to chat.     Then, it checks if the pIRCH application is installed.

Your Sincerely, Osama Bin Laden Al-Qaeda Network Attachments: There is no attached file. so I do a boot scan selected on "delete" rather than repair or disinfect, which id did do so.. Top #137159 - 10/12/05 09:52 PM Re: mirc.exe v 6.16 infected with W32.IRCFlood tro prettymuchanoob Bowl of petunias Registered: 10/12/05 Posts: 2 Quote:That's a false positive, due to the fact that Thank you for using Computer Associates Technical Support.

They are spread manually, often under the premise that the executable is something beneficial. Please open this message again and click accept ActiveX Microsoft Outlook If you click on OK, the e-mail is displayed.    Infection via chat:  It checks to see if the MIRC32.EXE Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "Adobe Version Cue CS3"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UpdReg"=D:\WINDOWS\UpdReg.EXE R2 BT848;WinFast VC100 WDM Video Capture;D:\WINDOWS\system32\drivers\wf2kvcap.sys R2 Tv2kXbar;WinFast VC100 WDM Home About Download Register News Help Active Topics Active Posts Unanswered Topics Search Advanced You are not logged in. [Log In] Forums » News and Discussions

Finally, the worm's code contains the following text: [email protected] Create By Vladimor Chamlkovic & Nur Mohammad Kamil 11 September 2002, Wednesday, 2:22p.m.

PRODUCTS For Home For Business Refund Policy DOWNLOADS Homeusers In response to new developments, Volume 4 supplements the previous volumes with new information covering topics such as wireless, HIPAA, the latest hacker attacks and defenses, intrusion detection, and provides expanded Trojan:IRC/WinBot also includes keylogger capabilities. wouldnt that mean it isnt a false positive?

Completion time: 2007-09-29 16:18:38 . --- E O F --- [3]Root Log[/3] - Direct Link: http://eazi.nl/matt/rootlog.txt ********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh 29/09/2007 16:15:12.40 The rootkits that are detected by this tool were Contents of the 'Scheduled Tasks' folder "2007-09-14 23:53:46 D:\WINDOWS\Tasks\1-Click Maintenance.job" - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2007-09-28 18:51:25 D:\WINDOWS\Tasks\User_Feed_Synchronization-{6F62BC3F-237D-40B1-BF1B-17292E0730E1}.job" - D:\WINDOWS\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, File D:\Program Files\RealVNC\VNC4\vncconfig.exe tagged as "not-a-virus:RemoteAdmin.Win32.WinVNC.4". Check This Out Quote Report Back to top Posted 10/1/2007 6:19 PM #54464 aRny Member Date Joined Nov 2016 Total Posts: 9 about to try it now, many thanks for getting back

the last time i used mirc 2 chat windows opened, which i closed..but would that have infected me?? Only if you clicked on a link in those chat windows, or copy/pasted something from them to your mirc command line. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Laden = Laden.exe Through this entry, the Trojan W32/Nedal.B ensures it is run every time the system is started up.

Volume 4 supplements the information in the earlier volumes of this handbook, updating it and keeping it current.

Web Scanner"=3 (0x3) "avast! Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "". web scanner diskeeper eScan Monitor service Startup Items unticked: ashDisp (avast) I'll definately be uninstalling eScan, MWAV and spywareblaster.. and if you know how to remove that "bonjour" service (mdnsnsp.dll), would be helpful..

woohoo! Allah is The One Of God. No Action Taken. All is well again.

Because it could be possible that files in use will be moved/deleted during reboot. They will be deleted. Start Superantispyware. Register User Forum List Active Topics Search Who's Online Help Topic Options #137142 - 08/12/05 03:49 PM mirc.exe v 6.16 infected with W32.IRCFlood trojan?

Action Taken: No Action Taken. OSAMA.EXE, in the  Windows directory. Below are the logs as requested. Unfortunately, spam like that is getting to be more and more prevalent in even chat channels lately.RusselB's comment only means your mirc has the potential to be dangerous ..

Top #137160 - 11/12/05 03:12 PM Re: mirc.exe v 6.16 infected with W32.IRCFlood tro CtrlAltDel Hoopy frood Registered: 15/06/03 Posts: 994 Quote:the last time i used mirc 2 chat windows opened, Albert71292 Mostly harmless Registered: 09/12/05 Posts: 1 Glad to hear I'm not the only person this happened to! i will also submit a report to etrust.