COMODO BOC thinks MIRC is a trojan?[Resolved]

[Guest]

[Toggie]

I just had a strange situation. When I launched MIRC, BOC popped up to state it was a Trojan. At that point Process Guard kicked in and terminated BOC, as it hasn't yet been given Terminate privileges.

Any thoughts?

Toggie

[Kevin McAleavey]

Yep ... that's correct. MIRC is *the* most frequently used core for what we call "pseudo-rootkits" to control bot networks because it's "legit" and therefore ignored by just about every anti-everything on the planet. Since you're deliberately using it, open BOClean's excluder and drag the icon for it to the excluder box (if you're not using Vista, you can drag a shortcut) and once it appears in there, close the excluder, close BOClean and restart it so it will pick up the fact that you want MIRC ignored and BOClean will leave you alone. Should *another* copy show up somewhere that you don't know about it, BOClean will let you know.

 But that, and a few other "legit tools" were included because of their frequent use as the core of many exploits and malwares. Sorry, but absolutely necessary to do that ...

[~cat~]

This is the default action of BOC, if you use Mirc you must exclude it.

Edit: Found the reference (needs to be included in the FAQ/support documents).

MIRC DETECTION INFO, for users of BOClean

Whoops, link is out of date.

IMPORTANT CHANGE in BOClean engine as of this update. Many previous "pseudo-rootkits" have used a popular "chat program" called "MIRC" as the core of their "botnet" core. In almost every case, these rogue usages of the popular MIRC program have had unique factors which allowed us to detect those without interfering with legitimately-used MIRC chat software.

[Toggie]

Thanks for the replies, I hadn't come across that before.

Toggie

[Toggie]

Unfortunately, adding MIRC to the 'exclude' list doesn't seem to be working.

I have the app listed in 'exclude' but BOC still wants to close the app when I launch it.

Toggie

[Bluesman]

Unfortunately, adding MIRC to the 'exclude' list doesn't seem to be working.

I have the app listed in 'exclude' but BOC still wants to close the app when I launch it.

Toggie

I had the same problem, but I just closed BOC and restarted it, and now everything works just fine.

[malva00]

When I opened up my mirc v6.21 for the first time after installing BOC, it worked fine and it's not in my excludes.

Is this normal?

[malva00]

is this the answer to my question?

"IMPORTANT CHANGE in BOClean engine as of this update. Many previous "pseudo-rootkits" have used a popular "chat program" called "MIRC" as the core of their "botnet" core. In almost every case, these rogue usages of the popular MIRC program have had unique factors which allowed us to detect those without interfering with legitimately-used MIRC chat software."

[Toggie]

I have to add MIRC to excludes, otherwise it's terminated...

[Scott B.]

Then you probably really do have a Trojan. Because MiRC works fine with BOClean here... I do not have to exclude it or anything.

Uninstall MiRC, delete the entire directory, and use CCleaner or so to securely delete all traces of that directory. Reboot, Reinstall MiRC and see if that helps.

[sojo]

Then you probably really do have a Trojan. Because MiRC works fine with BOClean here... I do not have to exclude it or anything.

Uninstall MiRC, delete the entire directory, and use CCleaner or so to securely delete all traces of that directory. Reboot, Reinstall MiRC and see if that helps.

I tried all that as I was having the same problem as Toggle and mIRC still doesn't work unless I exclude it.  So I excluded it and now when I turn on my computer instead of going to the desktop it goes to the mIRC file.  Anyway to fix that? 

[stradivariuus]

It happened to me too. The Bo ate my Mirc. 1st time i thought something was there like a trojan and i reinstalled mirc. It's the official Mirc form http://www.mirc.com/

So I installed it . I reopende it and imediately Bo ate it again. LOL 

Then I went to Bo and red all the program . I found out the Exclude Area. Just took the mirc into it and now the 2 programs work wonderfully 

[~cat~]

I'm going to lock the gate on this dead horse.
OP knows the drill.

[Tags:]