IRC worm found!

Discussion in 'malware problems & news' started by Comp01, Sep 19, 2003.

Thread Status:
Not open for further replies.
  1. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Ok, I installed mIRCclean (Anti mIRC worm prog I got off this site!) and AVG AntVirus found:
    C:\Program Files\mIRC\TEST.EXE
    IRC-Worm/Testworm

    AVG removed it, but still, I scanned the friggin installer! and didnt find a trace of anything! :mad:
     
  2. Comp01

    Comp01 Registered Member

    Joined:
    Sep 4, 2003
    Posts:
    638
    Also, I was wonderig if this file could be related to it, I found running with process explorer:
    Name:
    WINOA386.MOD
    Path:
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    Command Line:
    C:\Delme.bat
    Description:
    Non-Windows application component for 386 enhanced mode.
    Properties say its by Microsoft..
    Version 4.10.0000.2222

    :doubt:
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Ho Comp01,

    As said in the file explanation, it is a TEST worm, so you can test your system and know it is actually working, not any reason to remove it, it belongs in the software, although the scan will run as good when you deleted it. But please read the explanation and the site.
    Most developers know in the meantime it is a harmless testworm, and they have updated their detection for it.
    It's been around for a few years now, so they had plenty of time to get actualized with their detection as the test has been sent to developers for that purpose.
    Most users are happy having it so their scanners will have anything harmless to jump over and you know the software is actually working, for if never anything is found you'll doubt if your scanners are that good and if you're really clean.
    It's a little different from the eicar test file, same purpose.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.