Troj/IRCBot-ABY

(sorry for the bad english)

I never fall into this, they are obvious but my sister on MSN send a link i knew it was weird and well i shouldn’t had click but i did since was my sister and well wanted to tell her if was something bad or not. Well this aplication downloaded claiming to be a JPG but it wasn’t. i knew the files wasn’t wasnt a picture really but again curiosity hit me and to see what kind of issue my sister will have if she click the program i click it.

avast didnt detect it, neither spybot or adaware. But i knew the virus was there.

the trojan tried to run this file at startup wksvcsc.exe, i used a tool to remove this trojan and it said its been remove but how can i be sure? The pc is running now normally and wksvcsc.exe isnt running at startup anymore.

i check google and apparently the trojan name is Troj/IRCBot-ABY. Is the first time since i buy the computer like 6 years ago i get in trouble with a virus, and for trying to warn my sister :-X

:slight_smile: Hi :

Since Spybot AND Ad-Aware are no longer top antiSPYWARE/antiTROJAN
programs, best to use either or both : 1) the FREE Version of
“SUPERAntiSpyware” from www.superantispyware.com ; 2) the “FREE” Ver of
“MalwareBytes’ Anti-Malware” from www.malwarebytes.org/mbam.php .

yea well i dont really like ad aware much it always mostly crash i don’t know why. Ill try those, even tho i removed the trojan it passed the AV without trouble. I know AV arent 100% secure so im scanning with anything i find to be sure. What most worry me now is my sis, gotta tell her when she get online.

Follow:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use the SUPERantispyware, MBAM like Spiritsongs said or even Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.