Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Riskware:W32/mIRC


Aliases:


Client-irc.win32.mirc

Riskware
Riskware
W32

Summary

Useful, legitimate software which could possibly be misused for malicious purposes.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Riskware:W32/mIRC is an Internet Relay Chat (IRC) client that can be silently subverted by malware to become a backdoor. By itself, the program is not malicious.


Activity

Malware such asBackdoor:W32/Zapchast and its variants can use malicious configuration files to turn the mIRC-client into a backdoor. The malicious configuration files are detected as Backdoor.IRC.Zapchast.

In addition to subverting the mIRC client, these files will also contain the name of an IRC channel which the mIRC-client will automatically try to join on each startup.

Sometimes, Zapchast variants will use additional batch files which provide added functionality, such as performing registry changes to create a launchpoint for the backdoor. These auxiliary batch files are detected as Trojan.BAT.Zapchast.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.