mirc virus?

[thatguy]

Hello all ..

Norton AV 2002 recently found IRC Trojan and IRC.Mimic on my machine (when trying to listen to a sports radio broadcast!). The two files were quarantined and things seem to be running normally, but since then on every bootup a mirc client starts up and repeatedly tries to connect to [jave.linsucks.net:6667]. I found two .ini files in the system dir called dll16 and nt32 that reference that web address, but I can't find the mirc program or where it's launched from. I'm running Win2k Prof. Has anyone else come across this or have an idea of how to get rid of it?

Thanks in advance..
-- michael~

 

[cmapp]

Yes. I have recently come across this. First, I don't know where to locate the MIRC (Microsoft Internet Relay Chat) program...it seems that its name and save location may have been changed. The nt32 file is malicious code that opens many ports on you machine using your machine as a chat server. I actually printed out the NT32.ini file which automatically configures your machine at boot.

I eventually had to reinstall the OS and programs running. What a mess!
Sorry I couldn't be of more assistance.

 

[Kento]

Symantec says to restart the computer and run another scan after finding 'irc mimic' and quarantining the infected files. Do that if you didn't already.

Read these:

http://securityresponse.symantec.com/avcenter/venc/data/irc.mimic.html

http://securityresponse.symantec.com/avcenter/venc/data/irc.trojan.html

After restarting and running another scan do you find any other infected files? What's listed when you press ctrl + alt + del? Go below and get msconfig. After installing it click start--run--type msconfig--ok. What all is checked under the startup tab?

http://www2.whidbey.com/djdenham/Msconfig.htm