virus/malware question

  • Thread starter Thread starter Steve T
  • Start date Start date
S

Steve T

Doing my bi-monthly system scan with Computer Associates AV program there
were 7 items detected. Two were deleted but these 5 remain:

mIRC/IRCflood.c
mIRC/Backdoor!generic
mIRC/IRCFlood
win32/IRCFlood
mIRC/IRCFlood

What are these? Are they spyware or viruses? The AV says "infected" . I ran
Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds
nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is
updated daily and the others checked every couple of days. Would appreciate
any advice. Thank you, Steve T.
 
http://www.google.com/search?hl=en&q=mIRC/IRCFlood&btnG=Google+Search

Sypware Cleaners that WORK!

Line 393 - Right Hand Side: http://www.kellys-korner-xp.com/xp_tweaks.htm

Or see: http://www.kellys-korner-xp.com/xp_s.htm#spy

*Note: Update all (except HijackThis) before using.

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm


"Steve T" <stumas@NOBINGOcharter.net> wrote in message
news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...
> Doing my bi-monthly system scan with Computer Associates AV program there
> were 7 items detected. Two were deleted but these 5 remain:
>
> mIRC/IRCflood.c
> mIRC/Backdoor!generic
> mIRC/IRCFlood
> win32/IRCFlood
> mIRC/IRCFlood
>
> What are these? Are they spyware or viruses? The AV says "infected" . I
> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
> AV is updated daily and the others checked every couple of days. Would
> appreciate any advice. Thank you, Steve T.
>
 
Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin; DTS-L.org

Steve T wrote:
> Doing my bi-monthly system scan with Computer Associates AV program there
> were 7 items detected. Two were deleted but these 5 remain:
>
> mIRC/IRCflood.c
> mIRC/Backdoor!generic
> mIRC/IRCFlood
> win32/IRCFlood
> mIRC/IRCFlood
>
> What are these? Are they spyware or viruses? The AV says "infected" . I
> ran
> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds
> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is
> updated daily and the others checked every couple of days. Would
> appreciate
> any advice. Thank you, Steve T.
 
"Steve T" <stumas@NOBINGOcharter.net> wrote in message
news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...
> Doing my bi-monthly system scan with Computer Associates AV program there
> were 7 items detected. Two were deleted but these 5 remain:
>
> mIRC/IRCflood.c
> mIRC/Backdoor!generic
> mIRC/IRCFlood
> win32/IRCFlood
> mIRC/IRCFlood
>
> What are these? Are they spyware or viruses? The AV says "infected" . I
> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
> AV is updated daily and the others checked every couple of days. Would
> appreciate any advice. Thank you, Steve T.


Search Google / the CA web site for detailed info on these threats. Best to
post to a security / malware web site for these kinds of issues.

microsoft.public.security.homeusers
microsoft.public.security.virus

--
Rock [MS-MVP User/Shell]
 
@Rock: Congrats! <w>

Rock wrote:
> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
> news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...
>> Doing my bi-monthly system scan with Computer Associates AV program there
>> were 7 items detected. Two were deleted but these 5 remain:
>>
>> mIRC/IRCflood.c
>> mIRC/Backdoor!generic
>> mIRC/IRCFlood
>> win32/IRCFlood
>> mIRC/IRCFlood
>>
>> What are these? Are they spyware or viruses? The AV says "infected" . I
>> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
>> AV is updated daily and the others checked every couple of days. Would
>> appreciate any advice. Thank you, Steve T.
>
>
> Search Google / the CA web site for detailed info on these threats. Best
> to
> post to a security / malware web site for these kinds of issues.
>
> microsoft.public.security.homeusers
> microsoft.public.security.virus
 
"PA Bear" <PABearMVP@gmail.com> wrote
> @Rock: Congrats! <w>

Lol, thanks.

--
Rock [MS-MVP User/Shell]

> Rock wrote:
>> "Steve T" <stumas@NOBINGOcharter.net> wrote

>>> Doing my bi-monthly system scan with Computer Associates AV program
>>> there
>>> were 7 items detected. Two were deleted but these 5 remain:
>>>
>>> mIRC/IRCflood.c
>>> mIRC/Backdoor!generic
>>> mIRC/IRCFlood
>>> win32/IRCFlood
>>> mIRC/IRCFlood
>>>
>>> What are these? Are they spyware or viruses? The AV says "infected" . I
>>> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing.
>>> The
>>> AV is updated daily and the others checked every couple of days. Would
>>> appreciate any advice. Thank you, Steve T.
>>
>>
>> Search Google / the CA web site for detailed info on these threats. Best
>> to
>> post to a security / malware web site for these kinds of issues.
>>
>> microsoft.public.security.homeusers
>> microsoft.public.security.virus
 
Anti-spyware and antivirus apps may use "pattern" files to recognise the
malware they scan for. Some other antivirus scanners can report false
positives when they detect the virus patterns within those files.

If those particular malwares are actually on your computer then you could
suspect that someone is or has used your computer as part of a DDOS attack
network. Backdoor would be the remote control software used to access and
control your PC, the others are Denial of Service attack components (mostly
chat related)used against other victims.

"Steve T" <stumas@NOBINGOcharter.net> wrote in message
news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...
> Doing my bi-monthly system scan with Computer Associates AV program there
> were 7 items detected. Two were deleted but these 5 remain:
>
> mIRC/IRCflood.c
> mIRC/Backdoor!generic
> mIRC/IRCFlood
> win32/IRCFlood
> mIRC/IRCFlood
>
> What are these? Are they spyware or viruses? The AV says "infected" . I
> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
> AV is updated daily and the others checked every couple of days. Would
> appreciate any advice. Thank you, Steve T.
>
 
You have all the IRC related trojans in your system. These are more of
trojans, which do the activity without your knowledge. You can
download a compact and effective antivirus called Protector Plus.
Download and install a 30 day evaluation copy from:

http://www.protectorplus.com

and check.

On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
> Doing my bi-monthly system scan with Computer Associates AV program there
> were 7 items detected. Two were deleted but these 5 remain:
>
> mIRC/IRCflood.c
> mIRC/Backdoor!generic
> mIRC/IRCFlood
> win32/IRCFlood
> mIRC/IRCFlood
>
> What are these? Are they spyware or viruses? The AV says "infected" . I ran
> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds
> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is
> updated daily and the others checked every couple of days. Would appreciate
> any advice. Thank you, Steve T.
 
If these are all viruses, don't I have to remove them prior to installing
any other AV programs? CA's website is a nightmare to navigate but I will go
there and try to resolve this mess with them as Rock suggested in the prior
post. Also went to a couple of sites that PA recommended and am going
through the prep work before posting Hijack log at ahuma. Thanks, Steve T.
"Vat" <vatsasri@gmail.com> wrote in message
news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>
> You have all the IRC related trojans in your system. These are more of
> trojans, which do the activity without your knowledge. You can
> download a compact and effective antivirus called Protector Plus.
> Download and install a 30 day evaluation copy from:
>
> http://www.protectorplus.com
>
> and check.
>
> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>> Doing my bi-monthly system scan with Computer Associates AV program there
>> were 7 items detected. Two were deleted but these 5 remain:
>>
>> mIRC/IRCflood.c
>> mIRC/Backdoor!generic
>> mIRC/IRCFlood
>> win32/IRCFlood
>> mIRC/IRCFlood
>>
>> What are these? Are they spyware or viruses? The AV says "infected" . I
>> ran
>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds
>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is
>> updated daily and the others checked every couple of days. Would
>> appreciate
>> any advice. Thank you, Steve T.
>
>
 
"Steve T" wrote

> If these are all viruses, don't I have to remove them prior to installing
> any other AV programs? CA's website is a nightmare to navigate but I will
> go there and try to resolve this mess with them as Rock suggested in the
> prior post. Also went to a couple of sites that PA recommended and am
> going through the prep work before posting Hijack log at ahuma. Thanks,
> Steve T.
> "Vat" <vatsasri@gmail.com> wrote in message
> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>
>> You have all the IRC related trojans in your system. These are more of
>> trojans, which do the activity without your knowledge. You can
>> download a compact and effective antivirus called Protector Plus.
>> Download and install a 30 day evaluation copy from:
>>
>> http://www.protectorplus.com
>>
>> and check.
>>
>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>> Doing my bi-monthly system scan with Computer Associates AV program
>>> there
>>> were 7 items detected. Two were deleted but these 5 remain:
>>>
>>> mIRC/IRCflood.c
>>> mIRC/Backdoor!generic
>>> mIRC/IRCFlood
>>> win32/IRCFlood
>>> mIRC/IRCFlood
>>>
>>> What are these? Are they spyware or viruses? The AV says "infected" . I
>>> ran
>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>> finds
>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV
>>> is
>>> updated daily and the others checked every couple of days. Would
>>> appreciate
>>> any advice. Thank you, Steve T.


Just Google for these names. I Googled the first one and the first hit was
a link to the CA site. I have always found it easy to search the CA site
for threats.

--
Rock [MS-MVP User/Shell]
 
Your AV log should give you some indication of which files are infected. If
for example these infections are all within the same file in something like
"c:\Program Files\My AV program\config\definitions.bin" then there's a good
chance you aren't infected at all and the scan was producing a false
positive.

There are some online anti-virus scanners (free) you could also try:

http://housecall.trendmicro.com/

http://www.pandasoftware.es/com/ca/ (look for the ActiveScan link)


"Steve T" <stumas@NOBINGOcharter.net> wrote in message
news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
> If these are all viruses, don't I have to remove them prior to installing
> any other AV programs? CA's website is a nightmare to navigate but I will
> go there and try to resolve this mess with them as Rock suggested in the
> prior post. Also went to a couple of sites that PA recommended and am
> going through the prep work before posting Hijack log at ahuma. Thanks,
> Steve T.
> "Vat" <vatsasri@gmail.com> wrote in message
> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>
>> You have all the IRC related trojans in your system. These are more of
>> trojans, which do the activity without your knowledge. You can
>> download a compact and effective antivirus called Protector Plus.
>> Download and install a 30 day evaluation copy from:
>>
>> http://www.protectorplus.com
>>
>> and check.
>>
>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>> Doing my bi-monthly system scan with Computer Associates AV program
>>> there
>>> were 7 items detected. Two were deleted but these 5 remain:
>>>
>>> mIRC/IRCflood.c
>>> mIRC/Backdoor!generic
>>> mIRC/IRCFlood
>>> win32/IRCFlood
>>> mIRC/IRCFlood
>>>
>>> What are these? Are they spyware or viruses? The AV says "infected" . I
>>> ran
>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>> finds
>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV
>>> is
>>> updated daily and the others checked every couple of days. Would
>>> appreciate
>>> any advice. Thank you, Steve T.
>>
>>
>
>
 
Well I scanned with Trend Micro and found a trojan and a couple of cookies.
Nothing else. Tried Panda 5-6 times but it would get to Windows/System32 and
crash. I won't be buying Panda.
The still original remaining 5 infected files are all in:
C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
this implies a false positive or what but I'm done messing with it for the
time being. My PC does not seem affected by them. Thanks, Steve T


"RalfG" <itsnotme@bin-wieder-da.de> wrote in message
news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
> Your AV log should give you some indication of which files are infected.
> If for example these infections are all within the same file in something
> like "c:\Program Files\My AV program\config\definitions.bin" then there's
> a good chance you aren't infected at all and the scan was producing a
> false positive.
>
> There are some online anti-virus scanners (free) you could also try:
>
> http://housecall.trendmicro.com/
>
> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
> link)
>
>
> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>> If these are all viruses, don't I have to remove them prior to
>> installing any other AV programs? CA's website is a nightmare to navigate
>> but I will go there and try to resolve this mess with them as Rock
>> suggested in the prior post. Also went to a couple of sites that PA
>> recommended and am going through the prep work before posting Hijack log
>> at ahuma. Thanks, Steve T.
>> "Vat" <vatsasri@gmail.com> wrote in message
>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>
>>> You have all the IRC related trojans in your system. These are more of
>>> trojans, which do the activity without your knowledge. You can
>>> download a compact and effective antivirus called Protector Plus.
>>> Download and install a 30 day evaluation copy from:
>>>
>>> http://www.protectorplus.com
>>>
>>> and check.
>>>
>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>> there
>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>
>>>> mIRC/IRCflood.c
>>>> mIRC/Backdoor!generic
>>>> mIRC/IRCFlood
>>>> win32/IRCFlood
>>>> mIRC/IRCFlood
>>>>
>>>> What are these? Are they spyware or viruses? The AV says "infected" . I
>>>> ran
>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>> finds
>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV
>>>> is
>>>> updated daily and the others checked every couple of days. Would
>>>> appreciate
>>>> any advice. Thank you, Steve T.
>>>
>>>
>>
>>
>
>
 
I don't want everybody that contributed to think I won't pursue this further
until it is resolved. Just through with it for now, and my PC IS WORKING. I
truly appreciate the help and advice that everyone submitted. Thanks to all,
Steve T.
"Steve T" <stumasNOBINGO@charter.net> wrote in message
news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...
> Well I scanned with Trend Micro and found a trojan and a couple of
> cookies. Nothing else. Tried Panda 5-6 times but it would get to
> Windows/System32 and crash. I won't be buying Panda.
> The still original remaining 5 infected files are all in:
> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
> this implies a false positive or what but I'm done messing with it for the
> time being. My PC does not seem affected by them. Thanks, Steve T
>
>
> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message
> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
>> Your AV log should give you some indication of which files are infected.
>> If for example these infections are all within the same file in something
>> like "c:\Program Files\My AV program\config\definitions.bin" then
>> there's a good chance you aren't infected at all and the scan was
>> producing a false positive.
>>
>> There are some online anti-virus scanners (free) you could also try:
>>
>> http://housecall.trendmicro.com/
>>
>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
>> link)
>>
>>
>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>>> If these are all viruses, don't I have to remove them prior to
>>> installing any other AV programs? CA's website is a nightmare to
>>> navigate but I will go there and try to resolve this mess with them as
>>> Rock suggested in the prior post. Also went to a couple of sites that PA
>>> recommended and am going through the prep work before posting Hijack log
>>> at ahuma. Thanks, Steve T.
>>> "Vat" <vatsasri@gmail.com> wrote in message
>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>>
>>>> You have all the IRC related trojans in your system. These are more of
>>>> trojans, which do the activity without your knowledge. You can
>>>> download a compact and effective antivirus called Protector Plus.
>>>> Download and install a 30 day evaluation copy from:
>>>>
>>>> http://www.protectorplus.com
>>>>
>>>> and check.
>>>>
>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>>> there
>>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>>
>>>>> mIRC/IRCflood.c
>>>>> mIRC/Backdoor!generic
>>>>> mIRC/IRCFlood
>>>>> win32/IRCFlood
>>>>> mIRC/IRCFlood
>>>>>
>>>>> What are these? Are they spyware or viruses? The AV says "infected" .
>>>>> I ran
>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>>> finds
>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV
>>>>> is
>>>>> updated daily and the others checked every couple of days. Would
>>>>> appreciate
>>>>> any advice. Thank you, Steve T.
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
Hi Steve,

As a rule of thumb, system restore should be turned off before doing a deep
clean. In lieu of, you could go to Disk Cleanup/More Options/System
Restore - ok. Either way, it isn't a false positive and consider removing
_restore.

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm


"Steve T" <stumasNOBINGO@charter.net> wrote in message
news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...
> Well I scanned with Trend Micro and found a trojan and a couple of
> cookies. Nothing else. Tried Panda 5-6 times but it would get to
> Windows/System32 and crash. I won't be buying Panda.
> The still original remaining 5 infected files are all in:
> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
> this implies a false positive or what but I'm done messing with it for the
> time being. My PC does not seem affected by them. Thanks, Steve T
>
>
> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message
> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
>> Your AV log should give you some indication of which files are infected.
>> If for example these infections are all within the same file in something
>> like "c:\Program Files\My AV program\config\definitions.bin" then
>> there's a good chance you aren't infected at all and the scan was
>> producing a false positive.
>>
>> There are some online anti-virus scanners (free) you could also try:
>>
>> http://housecall.trendmicro.com/
>>
>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
>> link)
>>
>>
>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>>> If these are all viruses, don't I have to remove them prior to
>>> installing any other AV programs? CA's website is a nightmare to
>>> navigate but I will go there and try to resolve this mess with them as
>>> Rock suggested in the prior post. Also went to a couple of sites that PA
>>> recommended and am going through the prep work before posting Hijack log
>>> at ahuma. Thanks, Steve T.
>>> "Vat" <vatsasri@gmail.com> wrote in message
>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>>
>>>> You have all the IRC related trojans in your system. These are more of
>>>> trojans, which do the activity without your knowledge. You can
>>>> download a compact and effective antivirus called Protector Plus.
>>>> Download and install a 30 day evaluation copy from:
>>>>
>>>> http://www.protectorplus.com
>>>>
>>>> and check.
>>>>
>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>>> there
>>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>>
>>>>> mIRC/IRCflood.c
>>>>> mIRC/Backdoor!generic
>>>>> mIRC/IRCFlood
>>>>> win32/IRCFlood
>>>>> mIRC/IRCFlood
>>>>>
>>>>> What are these? Are they spyware or viruses? The AV says "infected" .
>>>>> I ran
>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>>> finds
>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV
>>>>> is
>>>>> updated daily and the others checked every couple of days. Would
>>>>> appreciate
>>>>> any advice. Thank you, Steve T.
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
Thanks Kelly. I followed your advice and now after a scan with Trend Micro
and my CA, I no longer have infected files show up. Thanks again, Steve T.
"Kelly" <kelly@mvps.org> wrote in message
news:OPSpDJpvHHA.3720@TK2MSFTNGP02.phx.gbl...
> Hi Steve,
>
> As a rule of thumb, system restore should be turned off before doing a
> deep clean. In lieu of, you could go to Disk Cleanup/More Options/System
> Restore - ok. Either way, it isn't a false positive and consider removing
> _restore.
>
> --
>
> All the Best,
> Kelly (MS-MVP/DTS&XP)
>
> Taskbar Repair Tool Plus!
> http://www.kellys-korner-xp.com/taskbarplus!.htm
>
>
> "Steve T" <stumasNOBINGO@charter.net> wrote in message
> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...
>> Well I scanned with Trend Micro and found a trojan and a couple of
>> cookies. Nothing else. Tried Panda 5-6 times but it would get to
>> Windows/System32 and crash. I won't be buying Panda.
>> The still original remaining 5 infected files are all in:
>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
>> this implies a false positive or what but I'm done messing with it for
>> the time being. My PC does not seem affected by them. Thanks, Steve T
>>
>>
>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message
>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
>>> Your AV log should give you some indication of which files are infected.
>>> If for example these infections are all within the same file in
>>> something like "c:\Program Files\My AV program\config\definitions.bin"
>>> then there's a good chance you aren't infected at all and the scan was
>>> producing a false positive.
>>>
>>> There are some online anti-virus scanners (free) you could also try:
>>>
>>> http://housecall.trendmicro.com/
>>>
>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
>>> link)
>>>
>>>
>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>>>> If these are all viruses, don't I have to remove them prior to
>>>> installing any other AV programs? CA's website is a nightmare to
>>>> navigate but I will go there and try to resolve this mess with them as
>>>> Rock suggested in the prior post. Also went to a couple of sites that
>>>> PA recommended and am going through the prep work before posting Hijack
>>>> log at ahuma. Thanks, Steve T.
>>>> "Vat" <vatsasri@gmail.com> wrote in message
>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>>>
>>>>> You have all the IRC related trojans in your system. These are more of
>>>>> trojans, which do the activity without your knowledge. You can
>>>>> download a compact and effective antivirus called Protector Plus.
>>>>> Download and install a 30 day evaluation copy from:
>>>>>
>>>>> http://www.protectorplus.com
>>>>>
>>>>> and check.
>>>>>
>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>>>> there
>>>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>>>
>>>>>> mIRC/IRCflood.c
>>>>>> mIRC/Backdoor!generic
>>>>>> mIRC/IRCFlood
>>>>>> win32/IRCFlood
>>>>>> mIRC/IRCFlood
>>>>>>
>>>>>> What are these? Are they spyware or viruses? The AV says "infected" .
>>>>>> I ran
>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>>>> finds
>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
>>>>>> AV is
>>>>>> updated daily and the others checked every couple of days. Would
>>>>>> appreciate
>>>>>> any advice. Thank you, Steve T.
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
You are most welcome, Steve. Thanks for the feedback and good luck with XP!
:o)

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm


"Steve T" <stumasNOBINGO@charter.net> wrote in message
news:%23ARFI6qvHHA.4364@TK2MSFTNGP06.phx.gbl...
> Thanks Kelly. I followed your advice and now after a scan with Trend Micro
> and my CA, I no longer have infected files show up. Thanks again, Steve T.
> "Kelly" <kelly@mvps.org> wrote in message
> news:OPSpDJpvHHA.3720@TK2MSFTNGP02.phx.gbl...
>> Hi Steve,
>>
>> As a rule of thumb, system restore should be turned off before doing a
>> deep clean. In lieu of, you could go to Disk Cleanup/More Options/System
>> Restore - ok. Either way, it isn't a false positive and consider
>> removing _restore.
>>
>> --
>>
>> All the Best,
>> Kelly (MS-MVP/DTS&XP)
>>
>> Taskbar Repair Tool Plus!
>> http://www.kellys-korner-xp.com/taskbarplus!.htm
>>
>>
>> "Steve T" <stumasNOBINGO@charter.net> wrote in message
>> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...
>>> Well I scanned with Trend Micro and found a trojan and a couple of
>>> cookies. Nothing else. Tried Panda 5-6 times but it would get to
>>> Windows/System32 and crash. I won't be buying Panda.
>>> The still original remaining 5 infected files are all in:
>>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know
>>> if this implies a false positive or what but I'm done messing with it
>>> for the time being. My PC does not seem affected by them. Thanks, Steve
>>> T
>>>
>>>
>>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message
>>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
>>>> Your AV log should give you some indication of which files are
>>>> infected. If for example these infections are all within the same file
>>>> in something like "c:\Program Files\My AV
>>>> program\config\definitions.bin" then there's a good chance you aren't
>>>> infected at all and the scan was producing a false positive.
>>>>
>>>> There are some online anti-virus scanners (free) you could also try:
>>>>
>>>> http://housecall.trendmicro.com/
>>>>
>>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
>>>> link)
>>>>
>>>>
>>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
>>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>>>>> If these are all viruses, don't I have to remove them prior to
>>>>> installing any other AV programs? CA's website is a nightmare to
>>>>> navigate but I will go there and try to resolve this mess with them as
>>>>> Rock suggested in the prior post. Also went to a couple of sites that
>>>>> PA recommended and am going through the prep work before posting
>>>>> Hijack log at ahuma. Thanks, Steve T.
>>>>> "Vat" <vatsasri@gmail.com> wrote in message
>>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>>>>
>>>>>> You have all the IRC related trojans in your system. These are more
>>>>>> of
>>>>>> trojans, which do the activity without your knowledge. You can
>>>>>> download a compact and effective antivirus called Protector Plus.
>>>>>> Download and install a 30 day evaluation copy from:
>>>>>>
>>>>>> http://www.protectorplus.com
>>>>>>
>>>>>> and check.
>>>>>>
>>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>>>>> there
>>>>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>>>>
>>>>>>> mIRC/IRCflood.c
>>>>>>> mIRC/Backdoor!generic
>>>>>>> mIRC/IRCFlood
>>>>>>> win32/IRCFlood
>>>>>>> mIRC/IRCFlood
>>>>>>>
>>>>>>> What are these? Are they spyware or viruses? The AV says "infected"
>>>>>>> . I ran
>>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>>>>> finds
>>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
>>>>>>> AV is
>>>>>>> updated daily and the others checked every couple of days. Would
>>>>>>> appreciate
>>>>>>> any advice. Thank you, Steve T.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 
Counterpoint: Leave System Restore enabled until you've got the machine
clean, then disable it, reboot & re-enable it. Better a leaky lifeboat than
no lifeboat at all.
--
~PA Bear

Kelly wrote:
> Hi Steve,
>
> As a rule of thumb, system restore should be turned off before doing a
> deep
> clean. In lieu of, you could go to Disk Cleanup/More Options/System
> Restore - ok. Either way, it isn't a false positive and consider removing
> _restore.
>
>
> "Steve T" <stumasNOBINGO@charter.net> wrote in message
> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...
>> Well I scanned with Trend Micro and found a trojan and a couple of
>> cookies. Nothing else. Tried Panda 5-6 times but it would get to
>> Windows/System32 and crash. I won't be buying Panda.
>> The still original remaining 5 infected files are all in:
>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if
>> this implies a false positive or what but I'm done messing with it for
>> the
>> time being. My PC does not seem affected by them. Thanks, Steve T
>>
>>
>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message
>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...
>>> Your AV log should give you some indication of which files are infected.
>>> If for example these infections are all within the same file in
>>> something
>>> like "c:\Program Files\My AV program\config\definitions.bin" then
>>> there's a good chance you aren't infected at all and the scan was
>>> producing a false positive.
>>>
>>> There are some online anti-virus scanners (free) you could also try:
>>>
>>> http://housecall.trendmicro.com/
>>>
>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan
>>> link)
>>>
>>>
>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message
>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...
>>>> If these are all viruses, don't I have to remove them prior to
>>>> installing any other AV programs? CA's website is a nightmare to
>>>> navigate but I will go there and try to resolve this mess with them as
>>>> Rock suggested in the prior post. Also went to a couple of sites that
>>>> PA
>>>> recommended and am going through the prep work before posting Hijack
>>>> log
>>>> at ahuma. Thanks, Steve T.
>>>> "Vat" <vatsasri@gmail.com> wrote in message
>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...
>>>>>
>>>>> You have all the IRC related trojans in your system. These are more of
>>>>> trojans, which do the activity without your knowledge. You can
>>>>> download a compact and effective antivirus called Protector Plus.
>>>>> Download and install a 30 day evaluation copy from:
>>>>>
>>>>> http://www.protectorplus.com
>>>>>
>>>>> and check.
>>>>>
>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:
>>>>>> Doing my bi-monthly system scan with Computer Associates AV program
>>>>>> there
>>>>>> were 7 items detected. Two were deleted but these 5 remain:
>>>>>>
>>>>>> mIRC/IRCflood.c
>>>>>> mIRC/Backdoor!generic
>>>>>> mIRC/IRCFlood
>>>>>> win32/IRCFlood
>>>>>> mIRC/IRCFlood
>>>>>>
>>>>>> What are these? Are they spyware or viruses? The AV says "infected" .
>>>>>> I ran
>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot
>>>>>> finds
>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The
>>>>>> AV
>>>>>> is
>>>>>> updated daily and the others checked every couple of days. Would
>>>>>> appreciate
>>>>>> any advice. Thank you, Steve T.
 
Back
Top