Firewall query? [Resolved]

I have scanned my computer and found Ircbot-CJK so I sent it to quarantine, my question is this

The virus is a backdoor trojan, would it still have had to ask for permission to send data out to a third party as I have never run the file prior to it being detected and I cant recall it ever asking for permission to access the internet, nor can I find any traces that it would leave behind had it run, the suspect file is 19Kb and .zip extension would this mean for it to spread I would of had to run it myself or is this trojan a self running type, any help would be massivly appreciated

I have also asked about it on my antivirus vendors website

Is comodo firewall able to defend against suspicious data transmissions without user intervention ie if the trojan was sending my data out would it have blocked it as suspicious?

Yes, CFP 2.4 would have blocked it. I would be very surprised if not. Its application behavior monitoring takes notice of every unknown executable that tries to connect to the internet, either on its own or via another program.


Trojans CAN NOT execute themselves, tho it might use buffer overflows or another exploit in Windows to run itself. But if the trojan manage to run, CFP 2.4 should warn you if it tries to connect to the Internet.


thanks for the replies, I think it was just sitting there inactive as I couldn’t find evidence of unknown processes or traces in the registry, I have since downloaded more antispyware programs. If anything changes I will let you know, thanks again :SMLR

That’s great to hear. I’ll go ahead and lock this topic, and mark it as resolved. To open it again, just send a PM to any moderator, thank you.