Doing my bi-monthly system scan with Computer Associates AV program there

were 7 items detected. Two were deleted but these 5 remain:

 

mIRC/IRCflood.c

mIRC/Backdoor!generic

mIRC/IRCFlood

win32/IRCFlood

mIRC/IRCFlood

 

What are these? Are they spyware or viruses? The AV says "infected" . I ran

Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds

nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is

updated daily and the others checked every couple of days. Would appreciate

any advice. Thank you, Steve T.

http://www.google.com/search?hl=en&q=mIRC%2FIRCFlood&btnG=Google+Search

 

Sypware Cleaners that WORK!

 

Line 393 - Right Hand Side: http://www.kellys-korner-xp.com/xp_tweaks.htm

 

Or see: http://www.kellys-korner-xp.com/xp_s.htm#spy

 

*Note: Update all (except HijackThis) before using.

 

--

 

All the Best,

Kelly (MS-MVP/DTS&XP)

 

Taskbar Repair Tool Plus!

http://www.kellys-korner-xp.com/taskbarplus!.htm

 

 

"Steve T" <stumas@NOBINGOcharter.net> wrote in message

news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...

> Doing my bi-monthly system scan with Computer Associates AV program there

> were 7 items detected. Two were deleted but these 5 remain:

>

> mIRC/IRCflood.c

> mIRC/Backdoor!generic

> mIRC/IRCFlood

> win32/IRCFlood

> mIRC/IRCFlood

>

> What are these? Are they spyware or viruses? The AV says "infected" . I

> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

> AV is updated daily and the others checked every couple of days. Would

> appreciate any advice. Thank you, Steve T.

>

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v1.99.1

(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.

It will help you to both identify and remove any hijackware/spyware with

assistance from an expert. **Post your log to

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html,

http://forums.subratam.org/index.php?showforum=7,

http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert

analysis, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

--

~Robear Dyer (PA Bear)

MS MVP-Windows (IE, OE, Security, Shell/User)

AumHa VSOP & Admin; DTS-L.org

 

Steve T wrote:

> Doing my bi-monthly system scan with Computer Associates AV program there

> were 7 items detected. Two were deleted but these 5 remain:

>

> mIRC/IRCflood.c

> mIRC/Backdoor!generic

> mIRC/IRCFlood

> win32/IRCFlood

> mIRC/IRCFlood

>

> What are these? Are they spyware or viruses? The AV says "infected" . I

> ran

> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds

> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is

> updated daily and the others checked every couple of days. Would

> appreciate

> any advice. Thank you, Steve T.

"Steve T" <stumas@NOBINGOcharter.net> wrote in message

news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...

> Doing my bi-monthly system scan with Computer Associates AV program there

> were 7 items detected. Two were deleted but these 5 remain:

>

> mIRC/IRCflood.c

> mIRC/Backdoor!generic

> mIRC/IRCFlood

> win32/IRCFlood

> mIRC/IRCFlood

>

> What are these? Are they spyware or viruses? The AV says "infected" . I

> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

> AV is updated daily and the others checked every couple of days. Would

> appreciate any advice. Thank you, Steve T.

 

 

Search Google / the CA web site for detailed info on these threats. Best to

post to a security / malware web site for these kinds of issues.

 

microsoft.public.security.homeusers

microsoft.public.security.virus

 

--

Rock [MS-MVP User/Shell]

@Rock: Congrats! <w>

 

Rock wrote:

> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

> news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...

>> Doing my bi-monthly system scan with Computer Associates AV program there

>> were 7 items detected. Two were deleted but these 5 remain:

>>

>> mIRC/IRCflood.c

>> mIRC/Backdoor!generic

>> mIRC/IRCFlood

>> win32/IRCFlood

>> mIRC/IRCFlood

>>

>> What are these? Are they spyware or viruses? The AV says "infected" . I

>> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

>> AV is updated daily and the others checked every couple of days. Would

>> appreciate any advice. Thank you, Steve T.

>

>

> Search Google / the CA web site for detailed info on these threats. Best

> to

> post to a security / malware web site for these kinds of issues.

>

> microsoft.public.security.homeusers

> microsoft.public.security.virus

"PA Bear" <PABearMVP@gmail.com> wrote

> @Rock: Congrats! <w>

 

Lol, thanks.

 

--

Rock [MS-MVP User/Shell]

> Rock wrote:

>> "Steve T" <stumas@NOBINGOcharter.net> wrote

>>> Doing my bi-monthly system scan with Computer Associates AV program

>>> there

>>> were 7 items detected. Two were deleted but these 5 remain:

>>>

>>> mIRC/IRCflood.c

>>> mIRC/Backdoor!generic

>>> mIRC/IRCFlood

>>> win32/IRCFlood

>>> mIRC/IRCFlood

>>>

>>> What are these? Are they spyware or viruses? The AV says "infected" . I

>>> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing.

>>> The

>>> AV is updated daily and the others checked every couple of days. Would

>>> appreciate any advice. Thank you, Steve T.

>>

>>

>> Search Google / the CA web site for detailed info on these threats. Best

>> to

>> post to a security / malware web site for these kinds of issues.

>>

>> microsoft.public.security.homeusers

>> microsoft.public.security.virus

Anti-spyware and antivirus apps may use "pattern" files to recognise the

malware they scan for. Some other antivirus scanners can report false

positives when they detect the virus patterns within those files.

 

If those particular malwares are actually on your computer then you could

suspect that someone is or has used your computer as part of a DDOS attack

network. Backdoor would be the remote control software used to access and

control your PC, the others are Denial of Service attack components (mostly

chat related)used against other victims.

 

"Steve T" <stumas@NOBINGOcharter.net> wrote in message

news:%23qAsa4AvHHA.4504@TK2MSFTNGP05.phx.gbl...

> Doing my bi-monthly system scan with Computer Associates AV program there

> were 7 items detected. Two were deleted but these 5 remain:

>

> mIRC/IRCflood.c

> mIRC/Backdoor!generic

> mIRC/IRCFlood

> win32/IRCFlood

> mIRC/IRCFlood

>

> What are these? Are they spyware or viruses? The AV says "infected" . I

> ran Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

> finds nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

> AV is updated daily and the others checked every couple of days. Would

> appreciate any advice. Thank you, Steve T.

>

You have all the IRC related trojans in your system. These are more of

trojans, which do the activity without your knowledge. You can

download a compact and effective antivirus called Protector Plus.

Download and install a 30 day evaluation copy from:

 

http://www.protectorplus.com

 

and check.

 

On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

> Doing my bi-monthly system scan with Computer Associates AV program there

> were 7 items detected. Two were deleted but these 5 remain:

>

> mIRC/IRCflood.c

> mIRC/Backdoor!generic

> mIRC/IRCFlood

> win32/IRCFlood

> mIRC/IRCFlood

>

> What are these? Are they spyware or viruses? The AV says "infected" . I ran

> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds

> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is

> updated daily and the others checked every couple of days. Would appreciate

> any advice. Thank you, Steve T.

If these are all viruses, don't I have to remove them prior to installing

any other AV programs? CA's website is a nightmare to navigate but I will go

there and try to resolve this mess with them as Rock suggested in the prior

post. Also went to a couple of sites that PA recommended and am going

through the prep work before posting Hijack log at ahuma. Thanks, Steve T.

"Vat" <vatsasri@gmail.com> wrote in message

news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>

> You have all the IRC related trojans in your system. These are more of

> trojans, which do the activity without your knowledge. You can

> download a compact and effective antivirus called Protector Plus.

> Download and install a 30 day evaluation copy from:

>

> http://www.protectorplus.com

>

> and check.

>

> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>> Doing my bi-monthly system scan with Computer Associates AV program there

>> were 7 items detected. Two were deleted but these 5 remain:

>>

>> mIRC/IRCflood.c

>> mIRC/Backdoor!generic

>> mIRC/IRCFlood

>> win32/IRCFlood

>> mIRC/IRCFlood

>>

>> What are these? Are they spyware or viruses? The AV says "infected" . I

>> ran

>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot finds

>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV is

>> updated daily and the others checked every couple of days. Would

>> appreciate

>> any advice. Thank you, Steve T.

>

>

"Steve T" wrote

> If these are all viruses, don't I have to remove them prior to installing

> any other AV programs? CA's website is a nightmare to navigate but I will

> go there and try to resolve this mess with them as Rock suggested in the

> prior post. Also went to a couple of sites that PA recommended and am

> going through the prep work before posting Hijack log at ahuma. Thanks,

> Steve T.

> "Vat" <vatsasri@gmail.com> wrote in message

> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>

>> You have all the IRC related trojans in your system. These are more of

>> trojans, which do the activity without your knowledge. You can

>> download a compact and effective antivirus called Protector Plus.

>> Download and install a 30 day evaluation copy from:

>>

>> http://www.protectorplus.com

>>

>> and check.

>>

>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>> Doing my bi-monthly system scan with Computer Associates AV program

>>> there

>>> were 7 items detected. Two were deleted but these 5 remain:

>>>

>>> mIRC/IRCflood.c

>>> mIRC/Backdoor!generic

>>> mIRC/IRCFlood

>>> win32/IRCFlood

>>> mIRC/IRCFlood

>>>

>>> What are these? Are they spyware or viruses? The AV says "infected" . I

>>> ran

>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>> finds

>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV

>>> is

>>> updated daily and the others checked every couple of days. Would

>>> appreciate

>>> any advice. Thank you, Steve T.

 

 

Just Google for these names. I Googled the first one and the first hit was

a link to the CA site. I have always found it easy to search the CA site

for threats.

 

--

Rock [MS-MVP User/Shell]

Your AV log should give you some indication of which files are infected. If

for example these infections are all within the same file in something like

"c:\Program Files\My AV program\config\definitions.bin" then there's a good

chance you aren't infected at all and the scan was producing a false

positive.

 

There are some online anti-virus scanners (free) you could also try:

 

http://housecall.trendmicro.com/

 

http://www.pandasoftware.es/com/ca/ (look for the ActiveScan link)

 

 

"Steve T" <stumas@NOBINGOcharter.net> wrote in message

news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

> If these are all viruses, don't I have to remove them prior to installing

> any other AV programs? CA's website is a nightmare to navigate but I will

> go there and try to resolve this mess with them as Rock suggested in the

> prior post. Also went to a couple of sites that PA recommended and am

> going through the prep work before posting Hijack log at ahuma. Thanks,

> Steve T.

> "Vat" <vatsasri@gmail.com> wrote in message

> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>

>> You have all the IRC related trojans in your system. These are more of

>> trojans, which do the activity without your knowledge. You can

>> download a compact and effective antivirus called Protector Plus.

>> Download and install a 30 day evaluation copy from:

>>

>> http://www.protectorplus.com

>>

>> and check.

>>

>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>> Doing my bi-monthly system scan with Computer Associates AV program

>>> there

>>> were 7 items detected. Two were deleted but these 5 remain:

>>>

>>> mIRC/IRCflood.c

>>> mIRC/Backdoor!generic

>>> mIRC/IRCFlood

>>> win32/IRCFlood

>>> mIRC/IRCFlood

>>>

>>> What are these? Are they spyware or viruses? The AV says "infected" . I

>>> ran

>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>> finds

>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV

>>> is

>>> updated daily and the others checked every couple of days. Would

>>> appreciate

>>> any advice. Thank you, Steve T.

>>

>>

>

>

Well I scanned with Trend Micro and found a trojan and a couple of cookies.

Nothing else. Tried Panda 5-6 times but it would get to Windows/System32 and

crash. I won't be buying Panda.

The still original remaining 5 infected files are all in:

C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if

this implies a false positive or what but I'm done messing with it for the

time being. My PC does not seem affected by them. Thanks, Steve T

 

 

"RalfG" <itsnotme@bin-wieder-da.de> wrote in message

news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

> Your AV log should give you some indication of which files are infected.

> If for example these infections are all within the same file in something

> like "c:\Program Files\My AV program\config\definitions.bin" then there's

> a good chance you aren't infected at all and the scan was producing a

> false positive.

>

> There are some online anti-virus scanners (free) you could also try:

>

> http://housecall.trendmicro.com/

>

> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

> link)

>

>

> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>> If these are all viruses, don't I have to remove them prior to

>> installing any other AV programs? CA's website is a nightmare to navigate

>> but I will go there and try to resolve this mess with them as Rock

>> suggested in the prior post. Also went to a couple of sites that PA

>> recommended and am going through the prep work before posting Hijack log

>> at ahuma. Thanks, Steve T.

>> "Vat" <vatsasri@gmail.com> wrote in message

>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>

>>> You have all the IRC related trojans in your system. These are more of

>>> trojans, which do the activity without your knowledge. You can

>>> download a compact and effective antivirus called Protector Plus.

>>> Download and install a 30 day evaluation copy from:

>>>

>>> http://www.protectorplus.com

>>>

>>> and check.

>>>

>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>> there

>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>

>>>> mIRC/IRCflood.c

>>>> mIRC/Backdoor!generic

>>>> mIRC/IRCFlood

>>>> win32/IRCFlood

>>>> mIRC/IRCFlood

>>>>

>>>> What are these? Are they spyware or viruses? The AV says "infected" . I

>>>> ran

>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>> finds

>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV

>>>> is

>>>> updated daily and the others checked every couple of days. Would

>>>> appreciate

>>>> any advice. Thank you, Steve T.

>>>

>>>

>>

>>

>

>

I don't want everybody that contributed to think I won't pursue this further

until it is resolved. Just through with it for now, and my PC IS WORKING. I

truly appreciate the help and advice that everyone submitted. Thanks to all,

Steve T.

"Steve T" <stumasNOBINGO@charter.net> wrote in message

news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...

> Well I scanned with Trend Micro and found a trojan and a couple of

> cookies. Nothing else. Tried Panda 5-6 times but it would get to

> Windows/System32 and crash. I won't be buying Panda.

> The still original remaining 5 infected files are all in:

> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if

> this implies a false positive or what but I'm done messing with it for the

> time being. My PC does not seem affected by them. Thanks, Steve T

>

>

> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message

> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

>> Your AV log should give you some indication of which files are infected.

>> If for example these infections are all within the same file in something

>> like "c:\Program Files\My AV program\config\definitions.bin" then

>> there's a good chance you aren't infected at all and the scan was

>> producing a false positive.

>>

>> There are some online anti-virus scanners (free) you could also try:

>>

>> http://housecall.trendmicro.com/

>>

>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

>> link)

>>

>>

>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>>> If these are all viruses, don't I have to remove them prior to

>>> installing any other AV programs? CA's website is a nightmare to

>>> navigate but I will go there and try to resolve this mess with them as

>>> Rock suggested in the prior post. Also went to a couple of sites that PA

>>> recommended and am going through the prep work before posting Hijack log

>>> at ahuma. Thanks, Steve T.

>>> "Vat" <vatsasri@gmail.com> wrote in message

>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>>

>>>> You have all the IRC related trojans in your system. These are more of

>>>> trojans, which do the activity without your knowledge. You can

>>>> download a compact and effective antivirus called Protector Plus.

>>>> Download and install a 30 day evaluation copy from:

>>>>

>>>> http://www.protectorplus.com

>>>>

>>>> and check.

>>>>

>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>>> there

>>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>>

>>>>> mIRC/IRCflood.c

>>>>> mIRC/Backdoor!generic

>>>>> mIRC/IRCFlood

>>>>> win32/IRCFlood

>>>>> mIRC/IRCFlood

>>>>>

>>>>> What are these? Are they spyware or viruses? The AV says "infected" .

>>>>> I ran

>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>>> finds

>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV

>>>>> is

>>>>> updated daily and the others checked every couple of days. Would

>>>>> appreciate

>>>>> any advice. Thank you, Steve T.

>>>>

>>>>

>>>

>>>

>>

>>

>

>

Hi Steve,

 

As a rule of thumb, system restore should be turned off before doing a deep

clean. In lieu of, you could go to Disk Cleanup/More Options/System

Restore - ok. Either way, it isn't a false positive and consider removing

_restore.

 

--

 

All the Best,

Kelly (MS-MVP/DTS&XP)

 

Taskbar Repair Tool Plus!

http://www.kellys-korner-xp.com/taskbarplus!.htm

 

 

"Steve T" <stumasNOBINGO@charter.net> wrote in message

news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...

> Well I scanned with Trend Micro and found a trojan and a couple of

> cookies. Nothing else. Tried Panda 5-6 times but it would get to

> Windows/System32 and crash. I won't be buying Panda.

> The still original remaining 5 infected files are all in:

> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if

> this implies a false positive or what but I'm done messing with it for the

> time being. My PC does not seem affected by them. Thanks, Steve T

>

>

> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message

> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

>> Your AV log should give you some indication of which files are infected.

>> If for example these infections are all within the same file in something

>> like "c:\Program Files\My AV program\config\definitions.bin" then

>> there's a good chance you aren't infected at all and the scan was

>> producing a false positive.

>>

>> There are some online anti-virus scanners (free) you could also try:

>>

>> http://housecall.trendmicro.com/

>>

>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

>> link)

>>

>>

>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>>> If these are all viruses, don't I have to remove them prior to

>>> installing any other AV programs? CA's website is a nightmare to

>>> navigate but I will go there and try to resolve this mess with them as

>>> Rock suggested in the prior post. Also went to a couple of sites that PA

>>> recommended and am going through the prep work before posting Hijack log

>>> at ahuma. Thanks, Steve T.

>>> "Vat" <vatsasri@gmail.com> wrote in message

>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>>

>>>> You have all the IRC related trojans in your system. These are more of

>>>> trojans, which do the activity without your knowledge. You can

>>>> download a compact and effective antivirus called Protector Plus.

>>>> Download and install a 30 day evaluation copy from:

>>>>

>>>> http://www.protectorplus.com

>>>>

>>>> and check.

>>>>

>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>>> there

>>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>>

>>>>> mIRC/IRCflood.c

>>>>> mIRC/Backdoor!generic

>>>>> mIRC/IRCFlood

>>>>> win32/IRCFlood

>>>>> mIRC/IRCFlood

>>>>>

>>>>> What are these? Are they spyware or viruses? The AV says "infected" .

>>>>> I ran

>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>>> finds

>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The AV

>>>>> is

>>>>> updated daily and the others checked every couple of days. Would

>>>>> appreciate

>>>>> any advice. Thank you, Steve T.

>>>>

>>>>

>>>

>>>

>>

>>

>

>

Thanks Kelly. I followed your advice and now after a scan with Trend Micro

and my CA, I no longer have infected files show up. Thanks again, Steve T.

"Kelly" <kelly@mvps.org> wrote in message

news:OPSpDJpvHHA.3720@TK2MSFTNGP02.phx.gbl...

> Hi Steve,

>

> As a rule of thumb, system restore should be turned off before doing a

> deep clean. In lieu of, you could go to Disk Cleanup/More Options/System

> Restore - ok. Either way, it isn't a false positive and consider removing

> _restore.

>

> --

>

> All the Best,

> Kelly (MS-MVP/DTS&XP)

>

> Taskbar Repair Tool Plus!

> http://www.kellys-korner-xp.com/taskbarplus!.htm

>

>

> "Steve T" <stumasNOBINGO@charter.net> wrote in message

> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...

>> Well I scanned with Trend Micro and found a trojan and a couple of

>> cookies. Nothing else. Tried Panda 5-6 times but it would get to

>> Windows/System32 and crash. I won't be buying Panda.

>> The still original remaining 5 infected files are all in:

>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if

>> this implies a false positive or what but I'm done messing with it for

>> the time being. My PC does not seem affected by them. Thanks, Steve T

>>

>>

>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message

>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

>>> Your AV log should give you some indication of which files are infected.

>>> If for example these infections are all within the same file in

>>> something like "c:\Program Files\My AV program\config\definitions.bin"

>>> then there's a good chance you aren't infected at all and the scan was

>>> producing a false positive.

>>>

>>> There are some online anti-virus scanners (free) you could also try:

>>>

>>> http://housecall.trendmicro.com/

>>>

>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

>>> link)

>>>

>>>

>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>>>> If these are all viruses, don't I have to remove them prior to

>>>> installing any other AV programs? CA's website is a nightmare to

>>>> navigate but I will go there and try to resolve this mess with them as

>>>> Rock suggested in the prior post. Also went to a couple of sites that

>>>> PA recommended and am going through the prep work before posting Hijack

>>>> log at ahuma. Thanks, Steve T.

>>>> "Vat" <vatsasri@gmail.com> wrote in message

>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>>>

>>>>> You have all the IRC related trojans in your system. These are more of

>>>>> trojans, which do the activity without your knowledge. You can

>>>>> download a compact and effective antivirus called Protector Plus.

>>>>> Download and install a 30 day evaluation copy from:

>>>>>

>>>>> http://www.protectorplus.com

>>>>>

>>>>> and check.

>>>>>

>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>>>> there

>>>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>>>

>>>>>> mIRC/IRCflood.c

>>>>>> mIRC/Backdoor!generic

>>>>>> mIRC/IRCFlood

>>>>>> win32/IRCFlood

>>>>>> mIRC/IRCFlood

>>>>>>

>>>>>> What are these? Are they spyware or viruses? The AV says "infected" .

>>>>>> I ran

>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>>>> finds

>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

>>>>>> AV is

>>>>>> updated daily and the others checked every couple of days. Would

>>>>>> appreciate

>>>>>> any advice. Thank you, Steve T.

>>>>>

>>>>>

>>>>

>>>>

>>>

>>>

>>

>>

>

>

You are most welcome, Steve. Thanks for the feedback and good luck with XP!

:o)

 

--

 

All the Best,

Kelly (MS-MVP/DTS&XP)

 

Taskbar Repair Tool Plus!

http://www.kellys-korner-xp.com/taskbarplus!.htm

 

 

"Steve T" <stumasNOBINGO@charter.net> wrote in message

news:%23ARFI6qvHHA.4364@TK2MSFTNGP06.phx.gbl...

> Thanks Kelly. I followed your advice and now after a scan with Trend Micro

> and my CA, I no longer have infected files show up. Thanks again, Steve T.

> "Kelly" <kelly@mvps.org> wrote in message

> news:OPSpDJpvHHA.3720@TK2MSFTNGP02.phx.gbl...

>> Hi Steve,

>>

>> As a rule of thumb, system restore should be turned off before doing a

>> deep clean. In lieu of, you could go to Disk Cleanup/More Options/System

>> Restore - ok. Either way, it isn't a false positive and consider

>> removing _restore.

>>

>> --

>>

>> All the Best,

>> Kelly (MS-MVP/DTS&XP)

>>

>> Taskbar Repair Tool Plus!

>> http://www.kellys-korner-xp.com/taskbarplus!.htm

>>

>>

>> "Steve T" <stumasNOBINGO@charter.net> wrote in message

>> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...

>>> Well I scanned with Trend Micro and found a trojan and a couple of

>>> cookies. Nothing else. Tried Panda 5-6 times but it would get to

>>> Windows/System32 and crash. I won't be buying Panda.

>>> The still original remaining 5 infected files are all in:

>>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know

>>> if this implies a false positive or what but I'm done messing with it

>>> for the time being. My PC does not seem affected by them. Thanks, Steve

>>> T

>>>

>>>

>>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message

>>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

>>>> Your AV log should give you some indication of which files are

>>>> infected. If for example these infections are all within the same file

>>>> in something like "c:\Program Files\My AV

>>>> program\config\definitions.bin" then there's a good chance you aren't

>>>> infected at all and the scan was producing a false positive.

>>>>

>>>> There are some online anti-virus scanners (free) you could also try:

>>>>

>>>> http://housecall.trendmicro.com/

>>>>

>>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

>>>> link)

>>>>

>>>>

>>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

>>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>>>>> If these are all viruses, don't I have to remove them prior to

>>>>> installing any other AV programs? CA's website is a nightmare to

>>>>> navigate but I will go there and try to resolve this mess with them as

>>>>> Rock suggested in the prior post. Also went to a couple of sites that

>>>>> PA recommended and am going through the prep work before posting

>>>>> Hijack log at ahuma. Thanks, Steve T.

>>>>> "Vat" <vatsasri@gmail.com> wrote in message

>>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>>>>

>>>>>> You have all the IRC related trojans in your system. These are more

>>>>>> of

>>>>>> trojans, which do the activity without your knowledge. You can

>>>>>> download a compact and effective antivirus called Protector Plus.

>>>>>> Download and install a 30 day evaluation copy from:

>>>>>>

>>>>>> http://www.protectorplus.com

>>>>>>

>>>>>> and check.

>>>>>>

>>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>>>>> there

>>>>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>>>>

>>>>>>> mIRC/IRCflood.c

>>>>>>> mIRC/Backdoor!generic

>>>>>>> mIRC/IRCFlood

>>>>>>> win32/IRCFlood

>>>>>>> mIRC/IRCFlood

>>>>>>>

>>>>>>> What are these? Are they spyware or viruses? The AV says "infected"

>>>>>>> . I ran

>>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>>>>> finds

>>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

>>>>>>> AV is

>>>>>>> updated daily and the others checked every couple of days. Would

>>>>>>> appreciate

>>>>>>> any advice. Thank you, Steve T.

>>>>>>

>>>>>>

>>>>>

>>>>>

>>>>

>>>>

>>>

>>>

>>

>>

>

>

Counterpoint: Leave System Restore enabled until you've got the machine

clean, then disable it, reboot & re-enable it. Better a leaky lifeboat than

no lifeboat at all.

--

~PA Bear

 

Kelly wrote:

> Hi Steve,

>

> As a rule of thumb, system restore should be turned off before doing a

> deep

> clean. In lieu of, you could go to Disk Cleanup/More Options/System

> Restore - ok. Either way, it isn't a false positive and consider removing

> _restore.

>

>

> "Steve T" <stumasNOBINGO@charter.net> wrote in message

> news:uqIs7BovHHA.3476@TK2MSFTNGP02.phx.gbl...

>> Well I scanned with Trend Micro and found a trojan and a couple of

>> cookies. Nothing else. Tried Panda 5-6 times but it would get to

>> Windows/System32 and crash. I won't be buying Panda.

>> The still original remaining 5 infected files are all in:

>> C:\System Volume Information\_restore{4653E8F8-651.....etc. don't know if

>> this implies a false positive or what but I'm done messing with it for

>> the

>> time being. My PC does not seem affected by them. Thanks, Steve T

>>

>>

>> "RalfG" <itsnotme@bin-wieder-da.de> wrote in message

>> news:uWyc8vbvHHA.3444@TK2MSFTNGP04.phx.gbl...

>>> Your AV log should give you some indication of which files are infected.

>>> If for example these infections are all within the same file in

>>> something

>>> like "c:\Program Files\My AV program\config\definitions.bin" then

>>> there's a good chance you aren't infected at all and the scan was

>>> producing a false positive.

>>>

>>> There are some online anti-virus scanners (free) you could also try:

>>>

>>> http://housecall.trendmicro.com/

>>>

>>> http://www.pandasoftware.es/com/ca/ (look for the ActiveScan

>>> link)

>>>

>>>

>>> "Steve T" <stumas@NOBINGOcharter.net> wrote in message

>>> news:O2ayOsZvHHA.5104@TK2MSFTNGP04.phx.gbl...

>>>> If these are all viruses, don't I have to remove them prior to

>>>> installing any other AV programs? CA's website is a nightmare to

>>>> navigate but I will go there and try to resolve this mess with them as

>>>> Rock suggested in the prior post. Also went to a couple of sites that

>>>> PA

>>>> recommended and am going through the prep work before posting Hijack

>>>> log

>>>> at ahuma. Thanks, Steve T.

>>>> "Vat" <vatsasri@gmail.com> wrote in message

>>>> news:1183444608.540530.37060@j4g2000prf.googlegroups.com...

>>>>>

>>>>> You have all the IRC related trojans in your system. These are more of

>>>>> trojans, which do the activity without your knowledge. You can

>>>>> download a compact and effective antivirus called Protector Plus.

>>>>> Download and install a 30 day evaluation copy from:

>>>>>

>>>>> http://www.protectorplus.com

>>>>>

>>>>> and check.

>>>>>

>>>>> On Jul 1, 11:32 pm, "Steve T" <stu...@NOBINGOcharter.net> wrote:

>>>>>> Doing my bi-monthly system scan with Computer Associates AV program

>>>>>> there

>>>>>> were 7 items detected. Two were deleted but these 5 remain:

>>>>>>

>>>>>> mIRC/IRCflood.c

>>>>>> mIRC/Backdoor!generic

>>>>>> mIRC/IRCFlood

>>>>>> win32/IRCFlood

>>>>>> mIRC/IRCFlood

>>>>>>

>>>>>> What are these? Are they spyware or viruses? The AV says "infected" .

>>>>>> I ran

>>>>>> Ad-Aware 2007 and it crashes as soon as it gets to Inproc32. Spybot

>>>>>> finds

>>>>>> nothing. Swat-It finds nothing. Spywareblaster stopped nothing. The

>>>>>> AV

>>>>>> is

>>>>>> updated daily and the others checked every couple of days. Would

>>>>>> appreciate

>>>>>> any advice. Thank you, Steve T.