Results 1 to 9 of 9

Thread: IRC Trojan

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    7

    IRC Trojan

    I have the latest update of Norton Anti-virus definitions, which has caught an IRC Trojan. However, I ran a system scan with Norton, which said to quarantine and delete the infected file (which I did), but it still said the computer was infected with the virus. How do I fully remove the IRC Trojan?

  2. #2
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    STEP 1: Is to identify the name to the forum. There are hundreds of thousands of trojans. What is the name being reported as the trojan?
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #3
    Junior Member
    Join Date
    Aug 2003
    Posts
    7
    The name that shows is "IRC Trojan". This is what the norton pop up says:

    "Norton Antivirus Has Detected A Virus On Your Computer

    Object name: C:\WINNT\system32\system.exe

    Virus Name: IRC Trojan

    Action Taken: Unable To Repair This File"

  4. #4
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Hmm that's pretty vague, I use McAfee so I don't know how Norton works but McAfee pops up a vague category of the virus and in another window it shows that name associated with a more descriptive name like w32.Randex.E (a IRC Trojan). You have to click on the pop up or go to the console and initiate a scan for a more descriptive signature.

    Could be reporting a false positive if it's not identifying a detailed signature?

    I tried to find a list of viri on Symantec’s site and got bored. Here is a link with a search at McAfee. “IRC” comes up with a few hundred. http://us.mcafee.com/virusInfo/default.asp?id=alphar
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  5. #5
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    Being on Irc you should follow a few simple rules
    1. Never accept files from other users
    2. never run a script if you don't know what it does
    3.Never type in a command if you don't know what it does
    4.Don't use any type of Dos (denial of service) program they don't work and show up as trojans
    And telling us what the file name is will give the members the much needed information to help you fix the problem and get rid of the trojan

  6. #6
    Junior Member
    Join Date
    Aug 2003
    Posts
    7
    Well the only chat that I use is MSN Messenger 5.0, and I haven't downloaded or accepted any files from anyone, so I have no idea how I got it. The only way I think I might have gotten it is through my dad using Outlook Express or something.....

  7. #7
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Do you use Usenet, or your dad. Outlook express has a usenet viewer and I see dozens of usenet viruses daily that have an irc tag on them.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    The name that shows is "IRC Trojan". This is what the norton pop up says:

    "Norton Antivirus Has Detected A Virus On Your Computer

    Object name: C:\WINNT\system32\system.exe
    First things I would do...

    Disable system restore via Start, Run , services.msc
    find and disable then stop system restore until you have removed the trojan.

    Remove any startup entries regarding this trojan.

    start, run, msconfig and then uncheck any/all references to this trojan

    This will keep it from starting up.

    You should also browse to each of these places and remove them.

    Kill the service if it is already running. If it won't let you kill it... reboot after you have removed all startup instances. Then browse to the location of the trojan and delete it.

    After you are sure your system is clean, then enable system restore again.

    Make sure to check all your ports for rogue programs.

    Tcpview or fport will map the applications/services to ports for you.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Or I typed IRC Trojan into the Symantec Knowledge Base and got the following with general removal instructions at the bottom....

    http://securityresponse.symantec.com...rc.trojan.html
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •