1. What is the Trojan.IRCBot
Trojan.IRCBot is a malicious back door Trojan which makes use of the popular IRC(Internet Related Chat)program, to cause you many unwanted computer problems.
Trojan.IRCBot.Gen can open a backdoor on your computer that allow a remote attacker to use Internet Relay Chat (IRC) to remotely control your system, send the worm to other IRC channels, update the Trojan, download and execute additional malware to your PC, perform Denial of Service (DoS) attacks against a specific target and send spam email messages, using the Internet connection of your computer.
This network-aware worm uses known exploits in order to replicate across vulnerable networks. In order to replicate itself through the network, Trojan.IRCBot.Gen can use common TCP ports used by some other worms: 135,139,445 or 593. This capability makes him a real threat for the company networks and servers. Using it like a backdoor, a remote attacker can compromise sensitive company data.
The most common ways to get infected with this worm are of three types:
- by visiting Warez sites,
- downloading pirated software from P2P networks,
- or by opening an infected email attachment.
2. How to detect the Trojan.IRCBot with Sax2 IDS
Please update the policy basic knowledge of sax2 in time, we have add some polices for sax2 to detect the Trojan.IRCBot, once sax2 detects that the Trojan IRCBot attempt to establish a connection with the remote hosts, it will break the connection immediately to ensure your network & business security.
Sax2 detected that the Trojan IRCBot attempt to establish a connection with the remote hosts
The connection was breaked by Sax2 IDS
3. How to manually remove Trojan.IRCBot
- Files associated with Trojan.IRCBot infection:
svchost.exe
1clickpcfix.exe
takod.exe
WindowsLive.exe
system32.exe
egun.exe - Trojan.IRCBot processes to kill:
svchost.exe
1clickpcfix.exe
takod.exe
WindowsLive.exe
system32.exe
egun.exe - Remove Trojan.IRCBot registry entries:
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN svchost
HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN 1 Click PC Fix – 3.5
HKEY_LOCAL_MACHINESystemCurrentControlSetServices akod
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ svchost
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ 1 Click PC Fix – 3.5
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\takod
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Live
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System32 Monitor
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows System Guard
4. How to Remove these trojans Instantly?
Malwarebytes’ Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit https://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes’ Anti-Malware to help you.