Irc Bot Warning!

If it does not fit any where else, then post it here.
SPAM is not allowed, here or any other forums

Postby Thasaidon » Thu Apr 10, 2008 7:20 am

On my home pc I noticed some strange behaviour when trying to surf the net.
At first I thought it was Freesco acting up, but then my firewall also alarmed me of some prog trying to access the internet.

The prog was called “winslecil.exe” and is located in the “C:\windows\system32” folder. It was running in the background on my winXP machine, but was visible in my "running processes list"

It tried to connect to IP 66.154.86.86 on port 6667 (which is an IRC server port).
So I immediately assumed an IRC bot at work here.

I killed the process and renamed the file.

Then I did a search on the internet on this file, but there were only 3 results (all 3 in Dutch). The search didn’t give me any new information about the file, but “people" thought it could be an IRC bot prog (which I already figured).

So I surfed to virustotal.com and uploaded the renamed file for analysis.
They gave me the following result:

<a href='http://www.virustotal.com/analisis/733b2dd614e3d1e81e8a7bc69603055f' target='_blank'>http://www.virustotal.com/analisis/733b2dd...e8a7bc69603055f</a>

As you can see, this “malware” is detected by some anti virus scanners,
But not all!
My anti virus scanner didn't detect the prog :(
I also scanned my pc with an online scanner from Kaspersky, but that didn’t detect the prog either
(contrary to the site that says Kaspersky should have detected it)

<a href='http://www.kaspersky.com/virusscanner' target='_blank'>http://www.kaspersky.com/virusscanner</a>

So I would hereby like to warn you for this IRC bot, since it's relatively new and thus not detected by all anti virus scanners.
Thank god for my paranoia :D and my firewall on my system blocking the bot.
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby old_dog » Sun Apr 20, 2008 7:54 pm

I'm a little slow on reading this post but thanks for the heads up.

Things have been running ok on my systems but I gave everything the once over just in case.

OD
<a href='http://chu65nang67.us/nam/vietnam.html' target='_blank'>http://chu65nang67.us/nam/vietnam.html</a><br><br>
User avatar
old_dog
Newbie
 
Posts: 23
Joined: Thu Apr 18, 2002 10:49 pm
Location: Smoky Mountains TN


Return to Other Discussions

Who is online

Users browsing this forum: No registered users and 1 guest

cron