W32.IRCBot.Gen - Virus

th0rn3 · 2008-12-14 21:13:50 UTC

W32.IRCBot.Gen, this sh*t attacks me every minute or every 30 seconds. It tries to send data to 5.231.10.56 port 445. It hides in WMwareService.exe. Can someone look into it or does anyone know anything else about this virus.
P.S. My antivirus sais Clean failed; Quarantine Failed; Access denied. I have a crappy old symantec

kamikazee · 2008-12-14 21:21:31 UTC

Are you running a virtual machine? Scanned the virtual machine for viruses?

th0rn3 · 2008-12-14 21:36:46 UTC

No, my computer is too crappy for virtual machine… I googled up a bit and found that its worm with backdoor capabilities. I have zone alarm, so I blocked the connection but that antivirus is p**sing me off… I had 2.6GB log with apache server, so I think it’ll be the same with symantec…
btw it tries another ip: 5.231.70.34:445

Berzerkr · 2008-12-14 21:53:08 UTC

Not much information available about the IP’s, both IP’s are reserved.

http://aruljohn.com/track.pl?host=5.231.10.56
http://aruljohn.com/track.pl?host=5.231.70.34

I would change the hosts-file on my computer.
C:/windows/system32/drivers/etc/hosts

And then add the following to the hosts:

127.0.0.1        5.231.*.*

Does not remove the crap, but prevents sending of information to a IP wich begins with 5.231.

I also suggest that you try to clean up your system with Spybot: Search & Destroy. (Freeware, search for updates after installing)

Good Luck!

stealth6 · 2008-12-14 22:05:36 UTC

http://housecall.trendmicro.com/
free online virus scanner
according to my teacher the best because it’s not even on your computer

Nail · 2008-12-14 23:20:04 UTC

do scans in safe mode

nUllSkillZ · 2008-12-15 11:49:30 UTC

You could try to take a look at another OS.
Malware made me change to Linux.
Haven’t had any problems since then.
Might be an alternative.

Pegazus · 2008-12-15 14:37:53 UTC

Mac is quite safe, but we all know the support of programs Mac has.

Try NOD32 scanner, it is good and has never let me down.

ailmanki · 2008-12-16 00:09:36 UTC

http://www.symantec.com/security_response/writeup.jsp?docid=2002-071518-2036-99&tabid=3

th0rn3 · 2008-12-16 17:02:17 UTC

AAAAAHH, I have installed zone alarm and firewall blocks 2 attemps per second every 2 seconds. HELP! WHAT TO DO? WHAT TO DOOObooohoohoo . Im gonna cry

Berzerkr · 2008-12-16 18:20:41 UTC

Do you did what we suggested?

If nothing helps,

backup your needed files
reinstall the whole system
patch windows
install security software (I suggest “Spybot: Search & Destroy” and “Avira AntiVir”, both are for free and don’t f*ck up your system)
check if you backups are infected
update your security software daily!

EgaL · 2008-12-16 18:55:59 UTC

or ZoenAlarm Pro with Avira AntiVir after System Restore