Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Supposedly infected with and IRC/Bot virus

  • Please log in to reply
No replies to this topic

#1 JEDi624


  • Members
  • 2 posts
  • Local time:04:53 AM

Posted 16 August 2010 - 07:49 PM


Similar to a previous poster, Jennbear, I have been told by my provider that I have been infected with and IRC/Bot virus, which is subsequently involved in spamming. I have since detatched my network cable for the computer that is an XP machine (which the email from my provider seems to intimate) to prevent contact with the internet. I have also updated both my Spybot & AVG anti Virus software and run full scans. The Spybot did detect 5 'issues' which I had it fix. 2 of them could not be fixed but neither of them had any variation of the text IRC in them.

It appears that Spybot will not remove these two, and I do not want to edit my registry or reformat my XP with all of its updates applied since 2004.

My question is would the method used by Jennbear - downloading Malwarebytes Maleware software actually do the trick as she has stated?

Is it that simple? Also, how do I prevent the re-acquisition of the IRC/Bot virus once removed? IT seems that AVG didn't stop it.

One more thing: I looked at my upload / download usage for the periods of time when Roger's says that I was abusing their system, and there is no conclusive or consistent anomalies in bandwidth usage. Although, I did go over the 60 gb threshold for the first time since I got the service in 1999.
Here is the email that my provider sent to me (Roger's):

Rogers is concerned about your personal security. We're writing you today to advise you that one or more of the computers in your home connected to the Rogers Internet service appears to be infected with an "IRC Bot/Virus"

A computer infected with an "IRC Bot/Virus" poses a security threat for both you and other customers connected to the Rogers Yahoo! Hi-Speed Internet service. This type of virus can run behind the scenes on your computer and send out large amounts of SPAM, attack Internet Websites, infect other computers and even access personal files on your computer which could lead to identity theft.

For both your security and others using our Internet service, it is critical that you remove this virus within the next 48 hours. If you are unable to do so, your Internet connection will be temporarily disabled to protect your computer and others connected to the service.

(some useless advice here - but not copied over)

IP seen acting as an HTTP Botnet Drone 2010-07-20 23:04:14.
Timestamp = 2010-07-20 23:04:14
IP =
ASN = 812
OS Guess = Windows
OS HTTP = 2000 SP4, XP SP1+
HTTP Call = GET /get2.php?c=EARADWJG&d=26606B67395A59585748434F53525150367C7B772966262529292A2C2C2B38704C457D564D411B154B1E1E4F15484A094558560E717075747D7F027D7F04067B74770707060173020A7F7A7E0A7C797E6068611772373F392E3C28666D686A7901050F5E554309141E0C185659435F490418111849454647494C424C45454A59F0F3EDE0B9C0FEF7E4E6F8EEFEA3CBD7D5B7FEF7E6CAF3AAA8BFF9F7F2E9C1FA9D9084D492919B978ECAC4CFC090E3CED9DF9FF7F6FEEEE3E88C8B95CCD5CBDDEEAFA7B7EAA6A7A5A4ACE4B9A3AAABBDA3FFB1BCB9F393988A HTTP/1.1

Edited by Orange Blossom, 16 August 2010 - 11:04 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users