1.
What is the Trojan.
IRCBot Trojan.
IRCBot is a malicious back door Trojan which makes use of the popular IRC (Internet Related Chat) program, to cause you many unwanted computer problems.
The trojan can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks.
In order to replicate itself through the network, Trojan.
IRCBot.
Gen can use common TCP ports used by some other worms: 135,139,445 or 593.
This capability makes him a real threat for the company networks and servers.
Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types: * by visiting Warez sites, * downloading pirated software from P2P networks, * or by opening an infected email attachment.
2.
How to detect the Trojan.
IRCBot with Sax2 Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.
IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
3.
How to manually remove the trojan * Files associated with Trojan.
IRCBot infection: svchost.
exe 1clickpcfix.
exe takod.
exe WindowsLive.
exe system32.
exe egun.
exe * Trojan.
IRCBot processes to kill: svchost.
exe 1clickpcfix.
exe takod.
exe WindowsLive.
exe system32.
exe egun.
exe *Remove the Trojan registry entries: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchost HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.
5 HKEY_LOCAL_MACHINESystemCurrentControlSetServices akod HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchost HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.
5 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takod HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Live HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 Monitor HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard 4.
How to Remove these trojans Instantly? Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware.
It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
visit http://www.
ids-sax2.
com/Malwarebytes-Anti-Malware.
htm and download Malwarebytes' Anti-Malware to help you.
What is the Trojan.
IRCBot Trojan.
IRCBot is a malicious back door Trojan which makes use of the popular IRC (Internet Related Chat) program, to cause you many unwanted computer problems.
The trojan can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks.
In order to replicate itself through the network, Trojan.
IRCBot.
Gen can use common TCP ports used by some other worms: 135,139,445 or 593.
This capability makes him a real threat for the company networks and servers.
Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types: * by visiting Warez sites, * downloading pirated software from P2P networks, * or by opening an infected email attachment.
2.
How to detect the Trojan.
IRCBot with Sax2 Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.
IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
3.
How to manually remove the trojan * Files associated with Trojan.
IRCBot infection: svchost.
exe 1clickpcfix.
exe takod.
exe WindowsLive.
exe system32.
exe egun.
exe * Trojan.
IRCBot processes to kill: svchost.
exe 1clickpcfix.
exe takod.
exe WindowsLive.
exe system32.
exe egun.
exe *Remove the Trojan registry entries: HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchost HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.
5 HKEY_LOCAL_MACHINESystemCurrentControlSetServices akod HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchost HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.
5 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takod HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Live HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 Monitor HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard 4.
How to Remove these trojans Instantly? Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware.
It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
visit http://www.
ids-sax2.
com/Malwarebytes-Anti-Malware.
htm and download Malwarebytes' Anti-Malware to help you.
SHARE
