I started MIRC 6.17 today, and received a warning from AVAST (definition file 0613-0 - 28/03/06) that two files servers.ini and mirc3.tm_ in the c:\program Files\mirc directory were infected with Win32:Ircbot-ws.
I have never downloaded any files from IRC, run any scripts or done ANYTHING apart from chat.
I read a previous post similar to this one on the AVAST forum.
Is this a real virus?
A full system scan found 29 other infected files in c:\system volume information_restore named A0005327.ini to A0006999.ini
When I searched the avast website, I was unable to find any specific information about the Win32:Ircbot-ws virus.
I moved all infected files mentioned above to the virus chest.
Another full system scan afterwards turned up nothing - ie. no more infected files.
PLEASE PLEASE PLEASE HELP WITH THE FOLLOWING QUESTIONS:
Can you please provide specific information on this virus? (eg. what it does, etc.)
I moved all infected files mentioned above to the virus chest, should I delete them?
Is it ok to delete the files from system volume information_restore directory? what are these files?
Do I need to do anything else? Is the system registry infected or anything else?
Please help, I would be forever grateful for ANY assistance! I am panicing.
Thanks very much for your reply, it is really much appreciated.
Yes, that is the one I read, but I am still unsure what to do as I am new to computers and don’t know what false positive is or what the system restore folder is. . . . .
PLEASE, PLEASE, PLEASE could someone please help me with the following questions?
Can you please provide specific information on this virus? (eg. what it does, etc.)
I moved all infected files mentioned above to the virus chest, should I delete them?
Is it ok to delete the files from system volume information_restore directory? what are these files?
Do I need to do anything else? Is the system registry infected or anything else?
Thank you so much, words can’t express how much I would appreciate your guidance.
Thanks very much for your reply, it is really much appreciated.
Yes, that is the one I read, but I am still unsure what to do as I am new to computers and don’t know what false positive is or what the system restore folder is. . . . .
PLEASE, PLEASE, PLEASE could someone please help me with the following questions?
Can you please provide specific information on this virus? (eg. what it does, etc.)
I moved all infected files mentioned above to the virus chest, should I delete them?
Is it ok to delete the files from system volume information_restore directory? what are these files?
Do I need to do anything else? Is the system registry infected or anything else?
Thank you so much, words can’t express how much I would appreciate your guidance.
Well I can’t provide you information about the virus, but since it may be a false Positive you won’t have to worry about it - False Positive (FP) means that the scanner is giving you a wrong alarm (false alarm) the file is not dangerous (but this is ONLY WHEN THE FILE IS FALSE POSITIVE) Here’s some info how to deal with False positives : http://forum.avast.com/index.php?topic=7779.0
System Restore is something like a backup of your whole system. System Restore creates restore points from where you can restore your system in cases when your system is heavy damaged. So these files are just backups of the original files. Maybe you can find some more info on Microsoft web page (I can’t find the link right now)
Since you are new to computers, a good start to an
"education" in this area would be the info at :
http://aumha.org/a/health.htm .
If you ever have technical questions about your computer,
the aumha.net forums has many Microsoft Most Valuable
Professionals and all their answers are FREE .
will trigger the virus warning again, so something is up, dunno what MIRC3.tm_ is tho, how can i get it out of the chest to have a look and see what it is?
Also see this avast thread, it could well be related as this also relates to MIRC 6.17 http://forum.avast.com/index.php?topic=20181.0. So it may well be a false positive but best to confirm at Jotti, and sent to avast if an FP.
Is there something else needs to be done in order to make the server.ini files be ignored by standard shield? Simply adding the path\filename to the advanced\exclusions box does not not keep the scanner from alerting each time I connect to a server using mirc.
I did notice the sensitivity slider will not stay set on Custom, keeps returning to High. Is there a reason for this?
→ 