McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Zcrew

Characteristics

There are multiple versions of this threat. Some versions are detected since 4192DATs (03/2002) as "New IRC/Backdoor" if heuristics are turned on. Users are advised to use the latest DATs for detection of later variants.

The trojan is likely to be received via a self-extracting archive (dropper). When run, various files are extracted and installed on the victim machine (eg. IRC client, trojan IRC scripts etc.).

This is a IRC trojan inside of a script, that is used by mIRC - an 'Internet Chat Relay' client. Machines with mIRC clients running this script, can be remotely controled and missused by an attacker.

The script offers the following functions:

• Receive systeminformation
• Up/Download files
• Execute files
• Kill processes in memory
• Update the script
• ICMP packetflood
• UDP packetflood
• BNC proxy
  
  

Infected machines should be carefully examined, since it is possible that an attacker has installed further Backdoors.

The trojan does not add, remove or change any Registry keys, although it's possible that keys have been altered by an attacker.

Symptoms

Suspicious outgoing and incoming network traffic.

Method of Infection

A self-extracting executable file drops this trojan, along with other threats. Trojans do not self-replicate.

Removal

All Users :
Use specified engine and DAT files for detection and removal. Delete files which contain this detection.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• Zcrew

Characteristics

Characteristics -

There are multiple versions of this threat. Some versions are detected since 4192DATs (03/2002) as "New IRC/Backdoor" if heuristics are turned on. Users are advised to use the latest DATs for detection of later variants.

The trojan is likely to be received via a self-extracting archive (dropper). When run, various files are extracted and installed on the victim machine (eg. IRC client, trojan IRC scripts etc.).

This is a IRC trojan inside of a script, that is used by mIRC - an 'Internet Chat Relay' client. Machines with mIRC clients running this script, can be remotely controled and missused by an attacker.

The script offers the following functions:

• Receive systeminformation
• Up/Download files
• Execute files
• Kill processes in memory
• Update the script
• ICMP packetflood
• UDP packetflood
• BNC proxy
  
  

Infected machines should be carefully examined, since it is possible that an attacker has installed further Backdoors.

The trojan does not add, remove or change any Registry keys, although it's possible that keys have been altered by an attacker.

Symptoms

Symptoms -

Suspicious outgoing and incoming network traffic.

Method of Infection

Method of Infection -

A self-extracting executable file drops this trojan, along with other threats. Trojans do not self-replicate.

Removal -

Removal -

All Users :
Use specified engine and DAT files for detection and removal. Delete files which contain this detection.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A