Support
Polices
Knowledgebase
FAQ
Glossary
Products
Sax2 NIDS
Sax2 Screenshots
Buy Now
White Papers
Awards
Download
Contact Us

Consulting:

Technical Support:

Sales:

General Information:

 

 
 

How to detect and remove the Trojan.IRCBot
 

Bookmark and Share

 

1. What is the Trojan.IRCBot

Trojan.IRCBot is a malicious back door Trojan which makes use of the popular IRC(Internet Related Chat)program, to cause you many unwanted computer problems.

Trojan.IRCBot.Gen can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.

This network-aware worm uses known exploits in order to replicate across vulnerable networks. In order to replicate itself through the network, Trojan.IRCBot.Gen can use common TCP ports used by some other worms: 135,139,445 or 593. This capability makes him a real threat for the company networks and servers. Using it like a backdoor, a remote attacker can compromise sensitive company data.

The most common ways to get infected with this worm are of three types:

  • by visiting Warez sites,

  • downloading pirated software from P2P networks,

  • or by opening an infected email attachment.

 

2. How to detect the Trojan.IRCBot with Sax2

Please update the policy basic knowledge of sax2  in time, we have add some polices for sax2 to detect the Trojan.IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection  immediately to ensure your network & business security.

(Sax2 detected that the Trojan IRCBot attempt to establish a connection with the remote hosts)

(Sax2 breaked the connection successfully)

3. How to manually remove Trojan.IRCBot

  • Files associated with Trojan.IRCBot infection:
    svchost.exe
    1clickpcfix.exe
    takod.exe
    WindowsLive.exe
    system32.exe
    egun.exe

  • Trojan.IRCBot processes to kill:
    svchost.exe
    1clickpcfix.exe
    takod.exe
    WindowsLive.exe
    system32.exe
    egun.exe

  • Remove Trojan.IRCBot registry entries:
    HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchost
    HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix - 3.5
    HKEY_LOCAL_MACHINESystemCurrentControlSetServices akod
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchost
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix - 3.5
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takod
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Live
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 Monitor
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard

4. How to Remove these trojans Instantly?

Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.