Win32:IRC-Flood [Drp]

I’m a mIRC UPP user. Since I installed avast! I’ve been facing problems. mIRC UPP uses moo.dll file to display some popups. Everytime I try to display particular popups, avast! displays an alert saying: Win32:IRC-Flood [Drp]. As far as I know the file is not a virus and does not contain any harmful code. avast! eventually removes or modifies the file. Even adding the file to the exclusion list didn’t help.

What did you add to the exclusions lists, there are two Program Settings, Exclusions (on-demand scans) and Standard Shield, Customize, Advanced ?

What Operating System are you using ? is it up to date ?
What avast! version and VPS file (virus database) number, e.g. 0630-2 (see about avast!) ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see (Mini Sticky) False Positives, how to report and what to do to exclude them until the problem is corrected.

Problem resolved! Thanks! The file was only on Exclusions (on-demand scans) list. I added the proper path to the Standard Shield, Customize, Advanced list. avast! once displayed an alert but it’s ok now. The popups are working.

Just for completion:
WinXP Home SP2 - up-to-date
avast! 4.7
VPS: 0662-1
Infected file name: C:\Program Files\upp\system\dlls\moo.dll

Virus Total: avast! bitdefender, catquickheal, fortinet, ikarus, mcafee, panda, subnbelt - by those the file was said to be a virus (different results). The rest was ok.

Jotti: avast!, antivir, bitdefender, dr. web, fortinet - by those the file was also recognized as a virus (results differ). The rest was ok, too.

For I’ve been using mIRC UPP for over two years and haven’t really been infected by a virus ever, especially an IRC one, I’ll leave the file as it is.

Thanks for fast help :slight_smile:

No problem, if you are happy to accept the possible risk, but based on what it is being detected as [drp] = dropper seems a little strange, however its actions may look like it is downloading something. You could send it to avast for further analysis, see the false positive link.

Welcome to the forums.