icq agent

I have downloaded and run aprogram called System Safety Monitor, this shows an entry HKCU\software\Mirabilis\ICQ\agent\apps is this normal?

 

Programs added here can be started when ICQ starts - so if ICQ is starting automatically when you reboot, then these programs are also autostarted.

 

Gavin, i wonder if i moved this one too quick to this services area and if this should not have stayed in our dear TDS environment:
I copied the HKEY in google and found this page
http://www.sophos.com/virusinfo/analyses/w32anaconc.html
Telling there is a trojan using this key:
W32-Anacon-C / I.Worm.Nocana.E
I hope there is everything not there like that trojan?
W32/Anacon-C is an internet worm with a backdoor component that attempts to spread via email, network shares and popular P2P networks.
W32/Anacon-C has a backdoor component that allows a malicious user remote access to the computer when the worm is active. It also allows a malicious user to steal passwords.
It might have tried to create this entry
HKLM\SYSTEM\ControlSet001\Services\lanmanserver\Shares\Hackerz

Tut, does TDS give any alarm of any kind on some file? If so, please submit to Gavin
submit@diamondcs.com.au
but i'm sure Gavin has thought about this already and would have warned for this if there was any circumstance to think so.

Please scan and keep us informed!

 

It would appear that this line HKCU\software\Mirabilis\ICQ\agent\apps comes with the program SSM, and is a "protected Key"
I have searched my registry and not found any folder with Mirabilis in it. My google search said that it could be a password stealing trojan, but TDS3 dos`nt show any thing suspicious. I have also run AVG6 fully updated still nothing suspicious.

 

Then i would keep to Gavin's reply in the first place.
You could take ICQ from the autostart and see if it still takes place with reboot. Or with starting SSM.
Did you contact the SSM people to to ask them if that HKEY could be theirs?

 

UPDATE
I have been in contact with Max at SSM site and asked the question about ICQ agenthis reply is:-
"There's nothing to worry about. This key was added to the list of
default-keys-to-be-monitored because (as you have noticed) there are
some
popular worms/trojans that use this key. In your case this key was
created
by SSM (this some kind of flaw -- if the key which should be monitored
is
absent, SSM creates it. This will be fixed in next versions), but it
represents absolutely no harm or danger, especially since you don't
even
have ICQ. For your convenience you can remove this key from the list of
monitored keys. This key itslef couldn't have any impact on your system
in
your case." I can rest easy now.

 

Thank you for the update. So there is nothing to worry about, but they could have mentioned something like that in the helpfile!
Glad it is ok after all!