Fasle positive : mIRC

file and Av screen shot :


Yeah it’s probably a false positive…



Mirc is detected as Application.Win32.mIRC.621[ at ]787605 and is supposed to be added to AV exclusion list if the user willingly installed this application.

If the user did not install such application it is likely that his system has been compromised since even a legitimate software like mirc could be abused for malicious purposes.

Taskmngr.exe is actually Mirc32.exe version 5.7. The Trojan uses this file to run all of its mIRC scripts, including Dll32.hlp, Dll32NT.hlp, Xvpll.hlp, Httpsearch.ini, and NT32.ini.

So we can say it’s a Riskware ?

Yep. Kaspersky Lab groups these apps under Riskware category.

Yes, I can confirm that such detection is only to indicate the user about the presence of such potentially dangerous applications. It is not a false positive, but rather a detection of a security risk.


Thank you :slight_smile: