How to detect and remove the Trojan.IRCBot
Date: Oct 3rd, 2010 10:40:11 pm - Subscribe
1. What is the Trojan.IRCBot
Trojan.IRCBot is a malicious back door Trojan which makes use of the popular IRC(Internet Related Chat)program, to cause you many unwanted computer problems.
Trojan.IRCBot.Gen can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks. In order to replicate itself through the network, Trojan.IRCBot.Gen can use common TCP ports used by some other worms: 135,139,445 or 593. This capability makes him a real threat for the company networks and servers. Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types:
by visiting Warez sites,
downloading pirated software from P2P networks,
or by opening an infected email attachment.
2. How to detect the Trojan.IRCBot with Sax2
Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
(Sax2 detected that the Trojan IRCBot attempt to establish a connection with the remote hosts)
(Sax2 breaked the connection successfully)
3. How to manually remove Trojan.IRCBot
Files associated with Trojan.IRCBot infection:
* Trojan.IRCBot processes to kill:
Remove Trojan.IRCBot registry entries:
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.5
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.5
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Live
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard
4. How to Remove these trojans Instantly?
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.
Free Blog Hosting Join Today
Content Copyrighted devidhuang at Aeonity Blog