Fasle positive : mIRC

symbian · December 1, 2008, 6:44pm

file and Av screen shot :

http://delivery-102.podmailing.com/default_thumbnails/default.png
mIRC.zip

V7chy · December 1, 2008, 7:43pm

Yeah it’s probably a false positive…

http://www.virustotal.com/analisis/2c25e3b14584577661c6b68762b49b43

V7chy

gibran · December 1, 2008, 7:56pm

Mirc is detected as Application.Win32.mIRC.621[ at ]787605 and is supposed to be added to AV exclusion list if the user willingly installed this application.

If the user did not install such application it is likely that his system has been compromised since even a legitimate software like mirc could be abused for malicious purposes.

Taskmngr.exe is actually Mirc32.exe version 5.7. The Trojan uses this file to run all of its mIRC scripts, including Dll32.hlp, Dll32NT.hlp, Xvpll.hlp, Httpsearch.ini, and NT32.ini.

symbian · December 1, 2008, 10:31pm

So we can say it’s a Riskware ?

gibran · December 1, 2008, 10:45pm

Yep. Kaspersky Lab groups these apps under Riskware category.

Baskar · December 2, 2008, 11:12am

Yes, I can confirm that such detection is only to indicate the user about the presence of such potentially dangerous applications. It is not a false positive, but rather a detection of a security risk.

Regards,
Baskar.

symbian · December 2, 2008, 12:28pm

Thank you