GBA TEMP IRC CHANNEL - FULL OF TROJANS

[Vanguarde]

Hello all! Some of you might know me

I am Vanguarde, from the IRC channel

Hi Konny, Thuggy, Lappy, Aida, Angelica 1, Tekken, etc...

Well anyway the reason I am posting here is because I need to report this RIGHT AWAY. I used the channel for about 30 minutes yesterday, and guess what I found today. Seems during my random virus scans, I picked up 3 different 'Trojan Horse programs'. It took about an hour and the Noron Anti Virus website to fully remove these 'parasites', which 'bored' deep into my registry as well. All 3 were 'mini-irc' apps, so the person who hacked me could use my computer in a Ddos attack, and in fact know everything that was going on in my computer. I *do not* know who hacked me, or whos files are infected, but I suggest that the Ops in that channel get things in order, or at the least WARN people to check, etc.
Whoever is planting trojans in the chat room is lame ass SHIT btw.
For everyone who is 'techy' and want to know exactly which Trojan horse programs I was hacked and infected with, here are the links to the three worms I found on my computer after going to the IRC channel #GBAtemp

1: http://securityresponse.symantec.com/avcen....assasin.c.html

2: http://securityresponse.symantec.com/avcen...irccontact.html

3: http://securityresponse.symantec.com/avcen...ojan.iblis.html


So there we go. I myself will NOT be in the chatroom until I hear something from the people who run it, and after I beef up my protection from this CRAP.

Thanks for your time and to all my fans - Holla if you hear me!

/me starts to flex his biceps as he thinks of Aida

 

[fluffykiwi]

I've used mIRC for years without getting infected, you cant get infected unless you execute a program with the virus in it, or maybe copy and paste one of those lame text virus messages.
You should have a virus scanner running ALL the time anyway, even when outwith the chatrooms, it's more likely to be when you install your games that you activate a virus,it'll tell you if the file you're about to download/execute has any infection, i'm using norton, you also need to do a full system scan regularly to make sure existing files dont get infected.
how were you so sure you werent infected before the chatroom visit, had you just done a full system scan includig zipped files? Had you just ran the trojan detector, never used one myself as antivirus does fine. Had you not ran or downloaded any programs since doing so?
how long was it since you had turned off the computer?
I didnt understand the bit you posted about manually removing the files it infected, your virus program should be able to do that for you, i also dont get how there was a lot of infected files as you antivirus should have stopped any spread. Running two antivirus progs isnt a good idea usually, but neither reported this trojan being spread around your comp and only found trojans in your registry?
Where the files you downloaded from the channel reported as being virus infected, because as you say there is no way they could have spread a trojan, unless they included an exe file that you ran, if they were not reported as having a virus then , quite simply you got the virus elsewhere.
Was there any other files in you mirc download directory?
do you have auto accept DCC files turned off?
You will get scanned when on mIRC by the script kiddies looking for trojans already on your system, they dont spread the virus just look for people who are infected, you should be running a firewall, if you want to see their attempts, but as long as you keep yourself virus free through proper use of virus protection, they'll never find a virus and never be able to use any backdoors.
There is no need to take special precautions while on mIRC as everytime you are connected to the internet, downloading any programs and running any program you are open to virus attack, just take the same precautions all the time and you'll be ok.
One person not scanning wont spread a virus as everyone else would be scanning and stopping the spread

oh and not just taking the attack is the stupidest thing you can do, these scans are usually random, with whole ranges being scanned at once, but if you attempt any retailiation, you are pointing a big finger at yourself saying please attack here I'll give you a good response, plus any hacker would either be using some infected persons comp to scan from or fake details.
You need to learn not to take it personally, there is no conspiracy, they are not out to get you.

 

[LoGic_KiLLa]

Holy crap! Life was sure alot more easy with direct linking.

Oh well, what can ya do?

 

[AnTi-WaR]

I doubt you got it from gbatemp channel I havent got shit and nobody sends me trojans or have i got hacked up in the channel its safe if you know what your doing but if your gonna accept .exe files from people then you deserved to get hacked

 

[bobbull65]

I use IRC must of the time and i scan for virus once week and never got it there.and yes most virus come from .exe file i learn from that
once. wnen i down load a iso file it was a .exe.
so only zip file.and i scan it first before i open it.

 

[Saria]

I dont see how one can accuse IRC of 'being the source of Trojans/Viruses'

Yes granted those that don't know or are unfamilar with the concept of how a virus spreads will be none the wiser

#GBATemp is and always will be safe because it's primary purpose is file sharing.... and its ludicrous to suggest otherwise...
You seriously think KiVan is gonna run a virus infested channel ... pullleeeeaseeee

As an IT Teacher... first rule when using the Internet is too get as much info as you can about the different methods of file retrieval/sending....
Statistics show that 75% of Internet users use some form of Peer to Peer
Connection...whether it's DCC or via web based or ftp based protocol..

If your worried your PC will be at risk.... then dont give others the satisfaction of remotely trying to sniff your ports or sending you virii and other crap to you...
It's down to you to protect yourself....As long as that's the case then you have nothing to worry about...

And these popups that occasionally occur during surfing that say your broadcasting sensitive information - so what... as long as your Windows updates are in tact and you have the latest dat files theres nothing to worry about....

And if you can postively pinpoint the source should a virus slip thru the net... direct your frustration at the source and not at the GBA Community....

 

[ReyVGM]

Just set you DCC options to IGNORE *.exe files

Besides, MIRC by default has *.exe and other virus files ignored, so you wouldn't ever get a file like that unless you would have disabled the ignore option.

 

[ReyVGM]

Also, stop being wankers and don't put AUTO ACCEPT files, there is NO way you could have downloaded a virus without you accepting it first, unless you have auto accept on.

Also, configure it so you have auto accept for trusted users, just select how you want to have auto accept (trusted fservs, for example)

 

[T-hug]

Heh no virus in #gbatemp while I'm there........

 

[Astral_]

Something few people (ie IRC newbies

are aware of is the possibilities
of mIRC to access the filesystem... mIRC does much more than plain IRC connectivity...
You just have to type (or copy/paste) some text and your script.ini gets modified, you can also delete system files !!!

This goes beyond standard protection measures during surfing/downloading. On IRC it is essential to NOT TYPE WHAT SOMEONE TELL YOU TO TYPE. And the consequences go far beyond IRC.

Oh and using a non-admin account does help too... Every UNIX user knows that "thou shalt not surf when logged as root". This DOES apply to W2K/XP ; use a non-admin user while on the Internet and you'll be much safer.

I'm sure some of you are aware of this, but even MORE sure most of
you think IRC is safe. It's NOT. Sircam was one of the top-ten viruses
for so long... Guess how it spreads ?