Detection Names :	Client-IRC.Win32.mIRC
Aliases :	CD_Swizzor_A (Other)
Category:	Riskware
Type:	Riskware
Platform:	W32

Useful, legitimate software which could possibly be misused for malicious purposes.

If the user is aware of the security risks involved and wishes to proceed with installing and using this program, there is no reason not to do so.

The user may then elect to exclude (whitelist) the application's folder from subsequent scanning.

Note

For instructions on excluding files from scanning, please see:

Product documentation for various versions of F-Secure products are available on the Documentation section of the website.

Riskware:W32/mIRC is an Internet Relay Chat (IRC) client that can be silently subverted by malware to become a backdoor. By itself, the program is not malicious.

Activity

Malware such as Backdoor:W32/Zapchast and its variants can use malicious configuration files to turn the mIRC-client into a backdoor. The malicious configuration files are detected as Backdoor.IRC.Zapchast.

In addition to subverting the mIRC client, these files will also contain the name of an IRC channel which the mIRC-client will automatically try to join on each startup.

Sometimes, Zapchast variants will use additional batch files which provide added functionality, such as performing registry changes to create a launchpoint for the backdoor. These auxiliary batch files are detected as Trojan.BAT.Zapchast.