# GBA TEMP IRC CHANNEL - FULL OF TROJANS



## Vanguarde (Dec 1, 2002)

Hello all! Some of you might know me 
	

	
	
		
		

		
			





 I am Vanguarde, from the IRC channel 
	

	
	
		
		

		
		
	


	



Hi Konny, Thuggy, Lappy, Aida, Angelica 1, Tekken, etc...

Well anyway the reason I am posting here is because I need to report this RIGHT AWAY. I used the channel for about 30 minutes yesterday, and guess what I found today. Seems during my random virus scans, I picked up 3 different 'Trojan Horse programs'. It took about an hour and the Noron Anti Virus website to fully remove these 'parasites', which 'bored' deep into my registry as well. All 3 were 'mini-irc' apps, so the person who hacked me could use my computer in a Ddos attack, and in fact know everything that was going on in my computer. I *do not* know who hacked me, or whos files are infected, but I suggest that the Ops in that channel get things in order, or at the least WARN people to check, etc. 
Whoever is planting trojans in the chat room is lame ass SHIT btw. 
For everyone who is 'techy' and want to know exactly which Trojan horse programs I was hacked and infected with, here are the links to the three worms I found on my computer after going to the IRC channel #GBAtemp

1: http://securityresponse.symantec.com/avcen....assasin.c.html

2: http://securityresponse.symantec.com/avcen...irccontact.html

3: http://securityresponse.symantec.com/avcen...ojan.iblis.html


So there we go. I myself will NOT be in the chatroom until I hear something from the people who run it, and after I beef up my protection from this CRAP. 

Thanks for your time and to all my fans - Holla if you hear me! 

/me starts to flex his biceps as he thinks of Aida


----------



## Peer (Dec 1, 2002)

viruses piss me off soooooo much.  thanks for the warning.  i've had some recent infections so i'm trying to be pretty careful


----------



## stivsama (Dec 1, 2002)

Hmm, even IRC can be unreliable, huh?.. 
	

	
	
		
		

		
		
	


	



Hey waitasec! Don't all roms (more or less) come from IRC? Does this mean trojans are in my roms right now??  
	

	
	
		
		

		
		
	


	



Here's hoping to survive..


----------



## KyleRXZero (Dec 1, 2002)

Yeah, trojans suck. My girlfriend just uses birth control. It works alot better.


----------



## Gianz19 (Dec 1, 2002)

lol


----------



## KiVan (Dec 2, 2002)

many many people use mirc and irc in general, but i can assure you it's not a vehicle for viruses.. unless you accept certain infected files, which most likely *ARE NOT* .gba files...

are you sure you got the virus from mirc??


----------



## neocat (Dec 2, 2002)

IRC is the BEST way to get any sorts of viruses, or trojans, but every channel has them, all it takes is someone entering the channel and start spreading them. If you're so afraid all you have to do is not accepting unrequested files, use an anti-virus, get a defensive script, or else don't go there


----------



## shaunj66 (Dec 2, 2002)

Come on people, stop being so paranoid. IRC is relativity safe as long as you know what you are doing.
Sure your IP address is advertised throughout the channels you join, and people can use that to try and hack your PC, and dump back door trojans on you, just make sure you have a decent enough firewall to prevent this. I use Norton Personal Firewall and it works fine, it picks up any sort of trojan activity on your ports.
Also obviously DCC transfers can be risky because you never know for sure what is being sent to you, but as long as you don't accept files from people you don't know and you run a virus check on any files you have downloaded before running them then you should be okay.
Just remember to keep your antivirus product up to date by using the live or web update frequently or setting it on auto update.

Oh and Vanguarde, I'd check to see the source of those supposed Trojans you have on your system before scaring off people from our channel. I suspect you got them through an e-mail attatchment or through a website. Unless you accept all file transfers on IRC and download unknown files then I doubt you got them through IRC.


----------



## neocat (Dec 2, 2002)

QUOTE(shaunj66 @ Dec 2 2002 said:


> Sure your IP address is advertised throughout the channels you join


If you're not an OP, you see a fake IP


----------



## shaunj66 (Dec 2, 2002)

QUOTE(coolcat @ Dec 2 2002 said:


> QUOTE(shaunj66 @ Dec 2 2002 said:
> 
> 
> > Sure your IP address is advertised throughout the channels you join
> ...


Learn IRC a bit more before saying that, there are numerous ways to find someones IP address within IRC very easily.


----------



## neocat (Dec 2, 2002)

QUOTE(shaunj66 @ Dec 2 2002 said:


> QUOTE(coolcat @ Dec 2 2002 said:
> 
> 
> > QUOTE(shaunj66 @ Dec 2 2002 said:
> ...


HELLO! you said *when you join* and when you join all the others see is a fake IP. Sure you can use a special program but I wasn't talking about that


----------



## Ap0cAl1pS3 (Dec 2, 2002)

u can only install a trojan on your computer if u open a exe file u got.......

and the most files from gbatemp channel are or in .zip or .gba so u must got those files from other channels or sites..........


----------



## Angelical_1 (Dec 2, 2002)

I've used irc everyday (give or take a few) for the past 5 years + .... as already stated ... if all you are downloading are .zip files with a .gba a .nfo and maybe a couple of .txt files in you have no worries. Simple as that.

I would advise though that one uses a firewall... Zone Alarm is free. (www.zonelabs.com)

Regards Angelical_1


----------



## Saria (Dec 2, 2002)

doesnt have too even be called a trojan.... a virus can come from anywhere
Trojans are mostly *.exes but have known to reside in IRC scripts (specially addons) and *.bat (batch files)

Viruses can infect anything and everything.... and any upto date Virus Scanner should detect them....

If your worried and you know about the registry just goto 
hkey local machine / software / microsoft / windows / current version / run
If there is a proggie in there that you dont remember having or whatever ... just highlight it and delete... 
thats more then likely a trojan...
or get Lockdown and let it remove it for you.....


----------



## Fenriz (Dec 2, 2002)

Trojans CAN be got without a DCC transfer in IRC, but they only work if they are remotely executed or executed by the user....
*i need to learn english*

You should open a Direct Connect HUB or something... IRC is old, and lack features for file spreeding...


----------



## neocat (Dec 2, 2002)

In DC you can't chat... IRC is better if you get a good script


----------



## xBla (Dec 2, 2002)

Just use WhoIs on any User in IRC and youll have his IP. But anyways, i dont believe you got it through IRC  unless you have auto-accept turned on and execute every File you get, even if you dont know the source. And if your doin so, youre a bit dumb, eh?  
	

	
	
		
		

		
		
	


	




btw: Im using IRC for three years now.


----------



## Fenriz (Dec 2, 2002)

QUOTE(coolcat @ Dec 2 2002 said:


> In DC you can't chat... IRC is better if you get a good script


Ok, so plz tell me a script who can manage my DCC downloads for me, so i can have multiple files from multiple users at my queue and dont let them begin all at once, only one download at a time....


----------



## KyleRXZero (Dec 2, 2002)

I chat in Direct Connect.


----------



## Vanguarde (Dec 2, 2002)

Hi ! Thanks for all the replies to this concern. And I am SO glad that no flames happened in this thread. 
	

	
	
		
		

		
		
	


	



First of all, I am not a 'dim' computer user, I know what is going on with my computer, how it should act, why it acts when it acts, etc. I also run a Firewall, and in fact 2 Anti-Virus Scanners, and 1 Trojan horse program detector. ( Norton, Affe, and Sentinel )
There was NO trojans on my computer before I went into the channel the other day - and I in fact used the channel several times before, with no problems. Just this day I went, after I logged off, and turned my computer off, the next day when I boot up, my scanner pops up and says it has detected a trojan. Shocked, I quickly run the trojan horse scanner, and find 2 more trojans, which have 'dug' into my registry, etc. I try to 'repair' them with Norton, but it fails, so I quarintine them, and then manually hunt down every file it put on my computer. I won't go into the files, but if you are interested the links will take you to detailed descritpions of the trojans, in my first post on this thread to get the links to that. 
I am not saying at all that #GBAtemp is the *only* place where this can happen, I am saying it did happen, and happens every day on many, many IRC channels. I just felt the need to report this, because I can see tons of 'rom newbies' who go to the channel just for roms, and hardly know IRC to be mass infected with this Trojans, which have Ddos abilites, and the 'hacker' ( probably a script kiddie at best ) could use his mass amount of computers and bandwith from his trojan horse programs he/she spread on the channel to help attack a website, and the people who are affected would not even know, besides having his/her internet/internet games run slow. ( I.E. :laggy )
For the record, I downloaded 4 roms that night on IRC, 2 from "Ko", and 2 from "Serp".  All were ROMS, no .exe's, etc. I don't see how these files could execute a trojan - and in fact I have used both Ko's and Serp's wonderful sharing service in the past with no problems. Who knows, maybe they don't even know they might be infected? All it takes is one person who does not scan for the damned things to spread. 8(
So in the end, I have not aquired software that will protect me when I go back to GBAtemp, and I encourage everyone to go to GBAtemp - it's a GREAT place to find erhm.. Demos 
	

	
	
		
		

		
		
	


	




 AND you know what? If you talk to the people there, they are pretty cool and talk to you back! 
	

	
	
		
		

		
		
	


	




 I have some friends there myself. Just be SAFE, GET AND USE a firewall, GET AND USE a virus scanner, GET AND USE ADAWARE. Just getting the software is not enough - take the time to set it up ! 
	

	
	
		
		

		
		
	


	



I myself go into the channel with a 'pro' edition firewall, ( Zonealarm ) Norton on with full script scanning and real time virus/trojan protection, ( Slows computer down, so I only turn it on when I go into the channel! You can turn it off after you go offline and stop downloading stuff, like when playing games ^^ ) and since I like to not just 'take' attacks, I also run black ice - which can trace and ( if you know it's secrets) counter-attack to a degree. 
Kewl stuff ;0

Well anyway, thanks for your time everyone, and again be safe! (

- Mike


----------



## Vanguarde (Dec 1, 2002)

Hello all! Some of you might know me 
	

	
	
		
		

		
			





 I am Vanguarde, from the IRC channel 
	

	
	
		
		

		
		
	


	



Hi Konny, Thuggy, Lappy, Aida, Angelica 1, Tekken, etc...

Well anyway the reason I am posting here is because I need to report this RIGHT AWAY. I used the channel for about 30 minutes yesterday, and guess what I found today. Seems during my random virus scans, I picked up 3 different 'Trojan Horse programs'. It took about an hour and the Noron Anti Virus website to fully remove these 'parasites', which 'bored' deep into my registry as well. All 3 were 'mini-irc' apps, so the person who hacked me could use my computer in a Ddos attack, and in fact know everything that was going on in my computer. I *do not* know who hacked me, or whos files are infected, but I suggest that the Ops in that channel get things in order, or at the least WARN people to check, etc. 
Whoever is planting trojans in the chat room is lame ass SHIT btw. 
For everyone who is 'techy' and want to know exactly which Trojan horse programs I was hacked and infected with, here are the links to the three worms I found on my computer after going to the IRC channel #GBAtemp

1: http://securityresponse.symantec.com/avcen....assasin.c.html

2: http://securityresponse.symantec.com/avcen...irccontact.html

3: http://securityresponse.symantec.com/avcen...ojan.iblis.html


So there we go. I myself will NOT be in the chatroom until I hear something from the people who run it, and after I beef up my protection from this CRAP. 

Thanks for your time and to all my fans - Holla if you hear me! 

/me starts to flex his biceps as he thinks of Aida


----------



## fluffykiwi (Dec 8, 2002)

I've used mIRC for years without getting infected, you cant get infected unless you execute a program with the virus in it, or maybe copy and paste one of those lame text virus messages.
You should have a virus scanner running ALL the time anyway, even when outwith the chatrooms, it's more likely to be when you install your games that you activate a virus,it'll tell you if the file you're about to download/execute has any infection, i'm using norton, you also need to do a full system scan regularly to make sure existing files dont get infected.
how were you so sure you werent infected before the chatroom visit, had you just done a full system scan includig zipped files?  Had you just ran the trojan detector, never used one myself as antivirus does fine. Had you not ran or downloaded any programs since doing so?
how long was it since you had turned off the computer?
I didnt understand the bit you posted about manually removing the files it infected, your virus program should be able to do that for you, i also dont get how there was a lot of infected files as you antivirus should have stopped any spread.  Running two antivirus progs isnt a good idea usually, but neither reported this trojan being spread around your comp and only found trojans in your registry?
Where the files you downloaded from the channel reported as being virus infected, because as you say there is no way they could have spread a trojan, unless they included an exe file that you ran, if they were not reported as having a virus then , quite simply you got the virus elsewhere.
Was there any other files in you mirc download directory?
do you have auto accept DCC files turned off?
You will get scanned when on mIRC by the script kiddies looking for trojans already on your system, they dont spread the virus just look for people who are infected, you should be running a firewall, if you want to see their attempts, but as long as you keep yourself virus free through proper use of virus protection, they'll never find a virus and never be able to use any backdoors.
There is no need to take special precautions while on mIRC as everytime you are connected to the internet, downloading any programs and running any program you are open to virus attack, just take the same precautions all the time and you'll be ok.
One person not scanning wont spread a virus as everyone else would be scanning and stopping the spread 
	

	
	
		
		

		
		
	


	




oh and not just taking the attack is the stupidest thing you can do, these scans are usually random, with whole ranges being scanned at once, but if you attempt any retailiation, you are pointing a big finger at yourself saying please attack here I'll give you a good response, plus any hacker would either be using some infected persons comp to scan from or fake details.
You need to learn not to take it personally, there is no conspiracy, they are not out to get you.


----------



## LoGic_KiLLa (Dec 12, 2002)

Holy crap! Life was sure alot more easy with direct linking.  
	

	
	
		
		

		
		
	


	



Oh well, what can ya do?


----------



## AnTi-WaR (Dec 12, 2002)

I doubt you got it from gbatemp channel I havent got shit and nobody sends me trojans or have i got hacked up in the channel its safe if you know what your doing but if your gonna accept .exe files from people then you deserved to get hacked


----------



## bobbull65 (Dec 14, 2002)

I use IRC must of the time and i scan for virus once week and never got it there.and yes most virus come from .exe file i learn from that
once. wnen i down load a iso file it was a .exe.
so only zip file.and i scan it first before i open it.


----------



## Saria (Dec 14, 2002)

I dont see how one can accuse IRC of 'being the source of Trojans/Viruses'

Yes granted those that don't know or are unfamilar with the concept of how a virus spreads will be none the wiser

#GBATemp is and always will be safe because it's primary purpose is file sharing.... and its ludicrous to suggest otherwise...
You seriously think KiVan is gonna run a virus infested channel ... pullleeeeaseeee 
	

	
	
		
		

		
		
	


	




As an IT Teacher... first rule when using the Internet is too get as much info as you can about the different methods of file retrieval/sending....
Statistics show that 75% of Internet users use some form of Peer to Peer
Connection...whether it's DCC or via web based or ftp based protocol..

If your worried your PC will be at risk.... then dont give others the satisfaction of remotely trying to sniff your ports or sending you virii and other crap to you...
It's down to you to protect yourself....As long as that's the case then you have nothing to worry about...

And these popups that occasionally occur during surfing that say your broadcasting sensitive information - so what... as long as your Windows updates are in tact and you have the latest dat files theres nothing to worry about.... 

And if you can postively pinpoint the source should a virus slip thru the net... direct your frustration at the source and not at the GBA Community....


----------



## ReyVGM (Dec 14, 2002)

Just set you DCC options to IGNORE *.exe files

Besides, MIRC by default has *.exe and other virus files ignored, so you wouldn't ever get a file like that unless you would have disabled the ignore option.


----------



## ReyVGM (Dec 14, 2002)

Also, stop being wankers and don't put AUTO ACCEPT files, there is NO way you could have downloaded a virus without you accepting it first, unless you have auto accept on.

Also, configure it so you have auto accept for trusted users, just select how you want to have auto accept (trusted fservs, for example)


----------



## T-hug (Dec 14, 2002)

Heh no virus in #gbatemp while I'm there........


----------



## Astral_ (Dec 17, 2002)

Something few people (ie IRC newbies 
	

	
	
		
		

		
		
	


	




 are aware of is the possibilities
of mIRC to access the filesystem... mIRC does much more than plain IRC connectivity...
You just have to type (or copy/paste) some text and your script.ini gets modified, you can also delete system files !!!

This goes beyond standard protection measures during surfing/downloading. On IRC it is essential to NOT TYPE WHAT SOMEONE TELL YOU TO TYPE. And the consequences go far beyond IRC.

Oh and using a non-admin account does help too... Every UNIX user knows that "thou shalt not surf when logged as root". This DOES apply to W2K/XP ; use a non-admin user while on the Internet and you'll be much safer.

I'm sure some of you are aware of this, but even MORE sure most of
you think IRC is safe. It's NOT. Sircam was one of the top-ten viruses
for so long... Guess how it spreads ?


----------

