Computer ForumsComputers  

Go Back   Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection
Mirc Virus/Trojan Mirc Virus/Trojan
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 07-02-2006, 12:46 PM   #1 (permalink)
Junior Techie
 
Join Date: Apr 2006
Posts: 56
Send a message via AIM to pukgandi
Default Mirc Virus/Trojan
I looked at my dads computer because he said its running slow and seems to have a mirc script virus thing that i cant get off my self. I found a file in system32 called mirc.cfg that when i delete it remakes itself. Ive tried deleteing the program buti just puts it self back on. If i exit it it reopens itself i cant get it out of msconfig. It installed itself ont he computer in the begining im guessing. Ive also run Spybot Ad-Aware and Panda 2006.

here is the config file
Quote:
[
n0=popups.ini
n1=popups.ini
n2=popups.ini
n3=popups.ini
n4=popups.ini
[warn]
fserve=on
dcc=on
[dirs]
logdir=logs\
waves=sounds\
midis=sounds\
mp3s=sounds\
wmas=sounds\
oggs=sounds\
[options]
n0=0,0,0,1,0,0,300,0,0,0,1,0,0,0,0,0,1,0,0,0,4096, 0,1,0,0,0,1,1,0,50,0,0
n1=5,100,0,0,0,0,0,0,0,1,0,1,0,0,1,1,1,1,0,0,1,1,1 ,0,5,0,0,0,0,0,1,0,0
n2=0,0,0,1,1,1,1,1,0,60,120,0,0,1,0,0,1,1,0,120,20 ,10,0,1,1,0,0,1,0,0,0,0,0
n3=5000,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,3,1,0,1,0,0, 0,0,1,1,0,15,0,0,1,3,180,0
n4=1,0,1,0,0,3,9999,0,0,0,1,0,1024,0,1,99,60,0,0,1 ,1,1,1,0,1,5000,1,5,0,0,3,0,1,1
n5=1,1,1,1,1,1,1,1,1,1,6667,0,0,0,1,0,1,0,300,30,1 0,0,1,26,0,0,1,8192,1,0,0,82,0
n6=0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,100 ,1,1,0,0,1,0,0,4,1,0,1
n7=0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,70,0,3,0,1,1, 1,1,1,0,0,0,0,1,1,1,1
[about]
version=6.03
show=BR26354
[mirc]
anick=Kf5xNr2qD
[ports]
random=off
bind=off
[ident]
active=no
system=UNIX
port=113
[socks]
enabled=no
port=1080
method=4
dccs=no
useip=yes
[language]
sjis=0
multibyte=0
[clicks]
status=/lusers
query=/whois $$1
channel=/channel
nicklist=/query $$1
notify=/whois $$1
message=/whois $$1
[waves]
send=Event Beep
[dragdrop]
n0=*.wav:/sound $1 $2-
n1=*.*:/dcc send $1 $2-
s0=*.*:/dcc send $1 $2-
[dde]
ServerStatus=on
ServiceName=mIRC
CheckName=off
[marker]
show=off
size=3
colour=4
method=1
[text]
network=All
commandchar=/
linesep=-
timestamp=[HH:nn]
accept=*.jpg,*.gif,*.png,*.bmp,*.txt,*.log,*.wav,* .mid,*.mp3,*.wma,*.ogg,*.zip
ignore=*.exe,*.com,*.bat,*.dll,*.ini,*.mrc,*.vbs,* .js,*.pif,*.scr,*.lnk,*.pl,*.shs,*.htm,*.html
[fileserver]
warning=on
[dccserver]
n0=0,59,0,0,0,0
[extensions]
n0=defaultEXTDIR:download\
n1=*.wav,*.mid,*.mp3,*.wma,*.oggEXTDIR:sounds\
[agent]
enable=0,0,0
char=merlin.acs
options=1,1,1,100,0
speech=150,60,100,1,180,10,50,1,1,1,0,50,1
channel=1,1,1,1,1,1,1,1,1
private=1,1,1,1
other=1,1,1,1,1,1,1
pos=20,20
[files]
servers=servers.ini
finger=finger.txt
urls=urls.ini
addrbk=addrbk.ini
[styles]
thin=3
font=0
hide=0
color=default
size=2
buttons=0
[windows]
main=128,768,52,629,0,1,0
[colours]
n0=0,6,4,5,2,3,3,3,3,3,3,1,5,7,6,1,3,2,3,5,1,0,1,0 ,1,15,6,0
[afiles]
n0=aliases.ini
[rfiles]
n0=users.ini
n1=remote.ini
n2=script.ini

__________________
Eatz teh Homophobes
pukgandi is offline   Reply With Quote
Old 07-06-2006, 09:52 PM   #2 (permalink)
Security/Hacking Mod
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: USA
Posts: 23,861
Default
Follow these instructions carefully

Download ALL 10 programs and update if needed.

Ad Aware SE Personal Free

Ad-aware Messenger Service Plugin

Ad-Aware VX2 Cleaner Plug-In 2.0

Spybot Search and Destroy Free

Windows Defender 2 Beta

HijackThis

Ewido

CCleaner

Cleanup!

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel, Internet Options.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, Firewall, click apply, don¡¦t reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked.

Now run each Spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

Now go to the recycle bin and delete everything that is in it.

Then run CCleaner „² make sure you run the Cleaner section of Windows and Applications and then the Registry Cleaner. Make a backup if you wish while running the Registry Cleaner when it asks you.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode.

Then run HiJackthis!

Save the log, copy and paste the log on www.tech-forums.net
Do not attach the log, copy and paste always. This will make things go much faster.
__________________
Osiris is offline   Reply With Quote
Reply

« Need some virus help | trojan zblog virus »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 07:42 PM.

Contact Us - Computer Technology Forums - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0

Contact Management Software and AAOutlook