1. What is the Trojan.IRCBot
Trojan.IRCBot is a malicious back door Trojan which makes use of the popular IRC(Internet Related Chat)program, to cause you many unwanted computer problems.
Trojan.IRCBot.Gen can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks. In order to replicate itself through the network, Trojan.IRCBot.Gen can use common TCP ports used by some other worms: 135,139,445 or 593. This capability makes him a real threat for the company networks and servers. Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types:
by visiting Warez sites,
downloading pirated software from P2P networks,
or by opening an infected email attachment.
2. How to detect the Trojan.IRCBot with Sax2
Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
(Sax2 detected that the Trojan IRCBot attempt to establish a connection with the remote hosts)
(Sax2 breaked the connection successfully)
3. How to manually remove Trojan.IRCBot
Files associated with Trojan.IRCBot infection:svchost.exe1clickpcfix.exetakod.exeWindowsLive.exesystem32.exeegun.exe
Trojan.IRCBot processes to kill:svchost.exe1clickpcfix.exetakod.exeWindowsLive.exesystem32.exeegun.exe
Remove Trojan.IRCBot registry entries:HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchostHKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.5HKEY_LOCAL_MACHINESystemCurrentControlSetServices akodHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchostHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.5HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takodHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows LiveHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 MonitorHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard
4. How to Remove these trojans Instantly?
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit https://store.malwarebytes.org/342/cookie?affiliate=13249&redirectto=Malwarebytes-Anti-Malware.htm&product=29945 and download Malwarebytes' Anti-Malware to help you.
Trojan.IRCBot is a malicious back door Trojan which makes use of the popular IRC(Internet Related Chat)program, to cause you many unwanted computer problems.
Trojan.IRCBot.Gen can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks. In order to replicate itself through the network, Trojan.IRCBot.Gen can use common TCP ports used by some other worms: 135,139,445 or 593. This capability makes him a real threat for the company networks and servers. Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types:
by visiting Warez sites,
downloading pirated software from P2P networks,
or by opening an infected email attachment.
2. How to detect the Trojan.IRCBot with Sax2
Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
(Sax2 detected that the Trojan IRCBot attempt to establish a connection with the remote hosts)
(Sax2 breaked the connection successfully)
3. How to manually remove Trojan.IRCBot
Files associated with Trojan.IRCBot infection:svchost.exe1clickpcfix.exetakod.exeWindowsLive.exesystem32.exeegun.exe
Trojan.IRCBot processes to kill:svchost.exe1clickpcfix.exetakod.exeWindowsLive.exesystem32.exeegun.exe
Remove Trojan.IRCBot registry entries:HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchostHKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.5HKEY_LOCAL_MACHINESystemCurrentControlSetServices akodHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchostHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.5HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takodHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows LiveHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 MonitorHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard
4. How to Remove these trojans Instantly?
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit https://store.malwarebytes.org/342/cookie?affiliate=13249&redirectto=Malwarebytes-Anti-Malware.htm&product=29945 and download Malwarebytes' Anti-Malware to help you.
没有评论:
发表评论