Renoroc
03-06-2003, 09:17 PM
I *think* it is a false positive, but I recently downloaded mIRC 6.01 from oldversion for an older script I was using, and scanned the directory using the free trojan/bot scanner Swatit from http://www.lockdowncorp.com/
The program showed my mirc.exe file infected by one of the GT bot variants - which are used in DDOS attacks. I thought perhaps the script might be bad, so after cleaning up everything completely. I re-installed the oldversion.com copy of 6.01 and rescanned the directory after a default install. Swatit still shows the exe as a GT Bot. I re-installed 6.03 and the script, since it was still mostly functional on newer mIRC, and a Swatit scan shows no infection. If anyone is running 6.01, they might like to see if their version shows infected as well. My regular trojan scanner and anti-virus programs miss it completely. Swatit is supposedly decent at finding IRC bots/worms, so I am not entirely discounting what it says yet.
The program showed my mirc.exe file infected by one of the GT bot variants - which are used in DDOS attacks. I thought perhaps the script might be bad, so after cleaning up everything completely. I re-installed the oldversion.com copy of 6.01 and rescanned the directory after a default install. Swatit still shows the exe as a GT Bot. I re-installed 6.03 and the script, since it was still mostly functional on newer mIRC, and a Swatit scan shows no infection. If anyone is running 6.01, they might like to see if their version shows infected as well. My regular trojan scanner and anti-virus programs miss it completely. Swatit is supposedly decent at finding IRC bots/worms, so I am not entirely discounting what it says yet.