Author Topic: irc trojan  (Read 7143 times)

0 Members and 1 Guest are viewing this topic.

Offline mihail

  • Newbie
  • *
  • Posts: 4
irc trojan
« on: September 13, 2003, 04:06:01 PM »
A certain file my friend gave me is identified as IRC Trojan by Norton AV on my friends computer. That same file according to my avast home edition  is clean. The same result gives F-prot and NOD32. How can I check if this file really contains a virus.  ???

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:irc trojan
« Reply #1 on: September 13, 2003, 04:20:22 PM »
Try this link: http://www.kaspersky.com/remoteviruschk.html
and say what it reports.

MfG Ralf

Offline mihail

  • Newbie
  • *
  • Posts: 4
Re:irc trojan
« Reply #2 on: September 13, 2003, 05:09:59 PM »
I could not load the file install.exe to kaspersky.
Norton on-line scan found this:
C:\Documents and Settings\Mile\Local Settings\Temporary Internet Files\Content.IE5\O1EFOXMB\Count[1].class is infected with Trojan.ByteVerify  
C:\Documents and Settings\Mile\Local Settings\Temporary Internet Files\Content.IE5\O1EFOXMB\Count[1].htm is infected with Java.Nocheat  
C:\Documents and Settings\Mile\Local Settings\Temporary Internet Files\Content.IE5\AQJNYUG2\easydates[1].exe is infected with Downloader.Trojan  
D:\Kompilacija 9-snimeni\Razno\eicar.com is infected with EICAR Test String  
D:\My Downloads\install.exe\install.exe is infected with IRC Trojan  

My avast! home did not foun any of this but did found this:
Win32:Trojan-gen. {Other}  for C:\Recycled\Dc1.dll (istbar[1].dll)

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:irc trojan
« Reply #3 on: September 13, 2003, 07:46:03 PM »
One thing you can do is to send it to virus@asw.cz and ask if it is a Virus or not. I do not mention an Email of Kaspersky, because we are here at  the Avast Forum and they will be able to tell you too! ;)

(Duck und weg) or (run and cover) LOL
MfG Ralf

Offline mihail

  • Newbie
  • *
  • Posts: 4
Re:irc trojan
« Reply #4 on: September 15, 2003, 06:05:43 PM »
Kaspersky's on-line virus scanner said it is not a virus. So did Trend's on-line scan. Why does only Nortron finds a virus inside? Is it something wrong with their antivirus program or what.
I've send the sample to the e-mail mentioned above. Waiting for answer. Thank you.

P.S I really want to know to whom should I trust!

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:irc trojan
« Reply #5 on: September 15, 2003, 06:42:49 PM »
Please  say us what the Avast guy answer you!

BTW: You can delete all folders and files inside the Content.IE5 folder.
MfG Ralf

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11765
    • AVAST Software
Re:irc trojan
« Reply #6 on: September 15, 2003, 08:34:09 PM »
mihail: Any antivirus program can give you a false alarm sometimes... (I'm not saying it is one, maybe it's just a rare file the other AV companies don't have or don't consider dangerous... but it's possible).

Offline YaBB

  • Jr. Member
  • **
  • Posts: 28
  • Your a Lama!
Re:irc trojan
« Reply #7 on: September 16, 2003, 05:14:19 PM »
So you have scanned it with trendmicro, kaspersky and avast and found nothing? Have you noticed an abnormal behaviour from your computer? Sounds like a false alarm but good job sending it in.

Offline mihail

  • Newbie
  • *
  • Posts: 4
Re:irc trojan
« Reply #8 on: September 18, 2003, 03:28:25 PM »
Thank you everybody for your help.
I've sent the file to Kaspersky's lab and they answered me that it is far from being a virus.
I think this file is mistakenly taken as a virus by the Norton's AV. Since no other AV scanner did  recognized it as a virus I would suggest everyone to use additional check like the on-line scanners from kaspersky and trend to be certain that something is a virus if nothing weird is happening on your computer.
Thanks again.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:irc trojan
« Reply #9 on: September 18, 2003, 03:59:28 PM »
then you should send it in to norton with an explanation of the false alarm hypothesis