Mirc Virus/Trojan

Status
Not open for further replies.

pukgandi

Baseband Member
Messages
59
I looked at my dads computer because he said its running slow and seems to have a mirc script virus thing that i cant get off my self. I found a file in system32 called mirc.cfg that when i delete it remakes itself. Ive tried deleteing the program buti just puts it self back on. If i exit it it reopens itself i cant get it out of msconfig. It installed itself ont he computer in the begining im guessing. Ive also run Spybot Ad-Aware and Panda 2006.

here is the config file
[
n0=popups.ini
n1=popups.ini
n2=popups.ini
n3=popups.ini
n4=popups.ini
[warn]
fserve=on
dcc=on
[dirs]
logdir=logs\
waves=sounds\
midis=sounds\
mp3s=sounds\
wmas=sounds\
oggs=sounds\
[options]
n0=0,0,0,1,0,0,300,0,0,0,1,0,0,0,0,0,1,0,0,0,4096,0,1,0,0,0,1,1,0,50,0,0
n1=5,100,0,0,0,0,0,0,0,1,0,1,0,0,1,1,1,1,0,0,1,1,1,0,5,0,0,0,0,0,1,0,0
n2=0,0,0,1,1,1,1,1,0,60,120,0,0,1,0,0,1,1,0,120,20,10,0,1,1,0,0,1,0,0,0,0,0
n3=5000,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,3,1,0,1,0,0,0,0,1,1,0,15,0,0,1,3,180,0
n4=1,0,1,0,0,3,9999,0,0,0,1,0,1024,0,1,99,60,0,0,1,1,1,1,0,1,5000,1,5,0,0,3,0,1,1
n5=1,1,1,1,1,1,1,1,1,1,6667,0,0,0,1,0,1,0,300,30,10,0,1,26,0,0,1,8192,1,0,0,82,0
n6=0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,100,1,1,0,0,1,0,0,4,1,0,1
n7=0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,70,0,3,0,1,1,1,1,1,0,0,0,0,1,1,1,1
[about]
version=6.03
show=BR26354
[mirc]
anick=Kf5xNr2qD
[ports]
random=off
bind=off
[ident]
active=no
system=UNIX
port=113
[socks]
enabled=no
port=1080
method=4
dccs=no
useip=yes
[language]
sjis=0
multibyte=0
[clicks]
status=/lusers
query=/whois $$1
channel=/channel
nicklist=/query $$1
notify=/whois $$1
message=/whois $$1
[waves]
send=Event Beep
[dragdrop]
n0=*.wav:/sound $1 $2-
n1=*.*:/dcc send $1 $2-
s0=*.*:/dcc send $1 $2-
[dde]
ServerStatus=on
ServiceName=mIRC
CheckName=off
[marker]
show=off
size=3
colour=4
method=1
[text]
network=All
commandchar=/
linesep=-
timestamp=[HH:nn]
accept=*.jpg,*.gif,*.png,*.bmp,*.txt,*.log,*.wav,*.mid,*.mp3,*.wma,*.ogg,*.zip
ignore=*.exe,*.com,*.bat,*.dll,*.ini,*.mrc,*.vbs,*.js,*.pif,*.scr,*.lnk,*.pl,*.shs,*.htm,*.html
[fileserver]
warning=on
[dccserver]
n0=0,59,0,0,0,0
[extensions]
n0=defaultEXTDIR:download\
n1=*.wav,*.mid,*.mp3,*.wma,*.oggEXTDIR:sounds\
[agent]
enable=0,0,0
char=merlin.acs
options=1,1,1,100,0
speech=150,60,100,1,180,10,50,1,1,1,0,50,1
channel=1,1,1,1,1,1,1,1,1
private=1,1,1,1
other=1,1,1,1,1,1,1
pos=20,20
[files]
servers=servers.ini
finger=finger.txt
urls=urls.ini
addrbk=addrbk.ini
[styles]
thin=3
font=0
hide=0
color=default
size=2
buttons=0
[windows]
main=128,768,52,629,0,1,0
[colours]
n0=0,6,4,5,2,3,3,3,3,3,3,1,5,7,6,1,3,2,3,5,1,0,1,0,1,15,6,0
[afiles]
n0=aliases.ini
[rfiles]
n0=users.ini
n1=remote.ini
n2=script.ini
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Follow these instructions carefully

Download ALL 10 programs and update if needed.

Ad Aware SE Personal Free

Ad-aware Messenger Service Plugin

Ad-Aware VX2 Cleaner Plug-In 2.0

Spybot Search and Destroy Free

Windows Defender 2 Beta

HijackThis

Ewido

CCleaner

Cleanup!

Follow these steps

Delete the prefetch folder C:\WINDOWS\Prefetch, this folder will come back on next reboot.

Delete all cookies and temporary internet files in the control panel, Internet Options.

Go to Start, run, type msconfig, go to startup, disable everything except your antivirus, Firewall, click apply, don¡¦t reboot yet.

Download Msconfig Cleanup below

Msconfig Cleanup

Run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked.

Now run each Spyware program 1 by 1. Running all 3 at the same time will slow most systems down.

When each program has finished scanning, remove everything.

Now go to the recycle bin and delete everything that is in it.

Then run CCleaner „² make sure you run the Cleaner section of Windows and Applications and then the Registry Cleaner. Make a backup if you wish while running the Registry Cleaner when it asks you.

When finished with the scans, reboot, and go into Safe Mode and run these scans again, remove everything they find, and then reboot back into Windows in normal mode.

Then run HiJackthis!

Save the log, copy and paste the log on www.techist.com
Do not attach the log, copy and paste always. This will make things go much faster.
 
Status
Not open for further replies.
Top