Chachazz posted this already in the Update Forum section, but I think it is important enough for BOClean users to give it its own thread, so it will not be removed after a next BOClean update. Mods and Chachazz: I hope that is OK with you. Quoting the full update notice. (FILEDATE: 08/16/05 - 13:40:19 (US EDT) (17:40:19 GMT/UTC)) ==================== IMPORTANT BOClean 4.12 update notice AND WARNING - SEVENTY-ONE NEW! IMPORTANT CHANGE in BOClean engine as of this update. Many previous "pseudo-rootkits" have used a popular "chat program" called "MIRC" as the core of their "botnet" core. In almost every case, these rogue usages of the popular MIRC program have had unique factors which allowed us to detect those without interfering with legitimately-used MIRC chat software. As of today, in order to elude antiviruses and other anti-malware software which identified the widely-used MIRC software, several new "bots" have been released which actually use the SAME constructions of MIRC as regular people use, and therefore reluctantly, MIRC itself has had to be classified as a trojan and any legitimate copies of MIRC *will* result in a trojan detection by BOClean. IF YOU DO NOT USE MIRC SOFTWARE: Then this is an actual attack and the trojan should be removed when prompted! If you DO use MIRC and you receive a trojan alert, carefully examine where YOUR copy of MIRC is installed. It is normally in a MIRC or MIRC32 folder. If it appears under an incorrect, or "system" folder, then it will be a trojan. If the location of the MIRC reported by BOClean DOES match the location where your proper copy of MIRC is located, then you will need to right click on the BOClean traybar icon, and when the button bar comes up, select "Excluder." When the "Excluder" screen appears, locate your copy of MIRC32.EXE and drag the icon to the Excluder screen. The icon should appear there if successful. Then hit "Finished," then "Exit menu" on BOClean. THEN REBOOT. If you exclude your LEGITIMATE copy of MIRC, then BOClean will no longer alarm on that and will still be prepared to deal with an attack if necessary, while ignoring your legitimate copy unless it is somehow changed in the future. An alarm from BOClean on versions of MIRC used in today's rootkittings though is absolutely necessary, and we apologize for any inconveniences to anyone who is using a legitimately-installed MIRC. This will NOT be a "false alarm" though if you aren't using MIRC. FILEDATE: 08/16/05 - 13:40:19 (US EDT) (17:40:19 GMT/UTC) A RECORD SEVENTY-ONE new nasties today for a total of 8000 UNIQUE trojans (49,296 trojans, worms, rootkits, adware, spyware, keyloggers, "dialers" and other malware in total, including all variants) covered in today's update for BOClean 4.12. To UPDATE your BOClean 4.12, doubleclick on your BOClean traybar icon and select "check for update" to have BOClean 4.12 automatically collect and install your update for you. BOClean 4.12 is designed to perform an autoupdate if left configured to do so. If you have problems with the autoupdate program, check your firewall settings - we use passive FTP download instead of the more conventional HTTP method and some firewalls may refuse to allow the program to connect unless you set rules to permit the BOClean autoupdate program to collect them. Please consult your firewall's instructions on how to do this if the update program is stopped or crashed by your firewall. You can also click down below to download directly from this email if your security settings permit by using the link below: ftp://ftp.nsclean.com/pub/boc412.xvu or http://www.nsclean.com/boc412.xvu Click the above to download if you MUST collect the file from our site instead of allowing BOClean 4.12 to do it for you. You will need to know ahead of time where your existing BOC412.XVU file is located - you can either use the "search for files/folders" on the start menu to determine the location where the file you need to overwrite is, or you can look for the location in BOClean's configuration screen where it lists "Location of BOClean database." We recommend that you use the updater within BOClean 4..12 to avoid the torture. BOClean 4.12.002 was released on Friday, January 21, 2005 and is the "final build" - for more information on BOClean 4.12, visit the support page here: http://www.nsclean.com/supboc.html Please also note that if you ever miss an update (or several) the update you collect includes *ALL* previous update information. There is no need to go hunting down other updates. The current one is always complete.