IRC прашања, помош, #pletenje итн.

[HuLiGaN]

ako pisete nesto na kanal cesto nekoj ce vi dojt na private i ce vi pisit , DO You Want To Be Operator in #kanlaotkajstoste copy paste this itn itn.....
to e nov virus so ime IRC.Worm.gen


W32.Heovin@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to all contacts in Windows Address Book. It attempts to send a copy of itself to other mIRC users. It also has backdoor capabilities that allows a hacker to remotely control an infected computer. The email message has the following characteristics:

 

[HuLiGaN]

http://trout.snt.utwente.nl/ubbthreads/showflat.php?Number=115038
OVA za operatorite moze da bide korisna za da se banirat infecdet

 

[HuLiGaN]

ince za operatorite



On *:TEXT:*//write $decode*:?: {
var %a = 1
While ($Comchan($Nick,%a)) {
If ($Me isop $v1) { ban -k $v2 $Nick You have been infected with an IRC virus. }
inc %a
}
}

 

[HuLiGaN]

VBS.Funcess is a Visual Basic Script (VBS) worm that attempts to send itself by mIRC and Pirch IRC clients


TECHNICAL DETAILS
When it is executed, VBS.Funcess does the following:

It determines whether it has already infected your computer by checking for the existence of the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Open

If the key does not exist, the worm copies itself to the \Windows\System folder as a random name with the extension .vbe.

It then adds the \Open subkey to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

so that the worm runs when you start Windows.

It then copies itself to the \Windows folder as Opel.vbs.

Next, it searches all drives for folders that contain the files Mirc.ini or Pirch98.ini. If it finds these files, it creates the files Script.ini or Events.ini, respectively. These .ini files contain commands to send itself using the IRC client.

 

[HuLiGaN]

RECOMMENDATIONS:

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

 

[HuLiGaN]

REMOVAL INSTRUCTIONS

To remove this worm, delete files that are detected as VBS.Funcess or IRC.Worm.gen, and remove the key that the worm added to the registry.

To remove the worm:

Run LiveUpdate to make sure that you have the most recent virus definitions.
Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
Run a full system scan.
Delete all files that are detected as VBS.Funcess or IRC.Worm.gen.

 

[RICK]

ACID, fala ti mnogu, bas ke probam po tvoeto i ke napisam posle sto sum napravil
Inaku i jas prv pat se srecavam so nego, go najdov na CD na najnov BUG mislam, pokompliciran e prilicno od mIRC , a najpovece sakav da go probam kako ke reagira so Kaspersky :?:
Sigurno znaes kako vece Kaspersky reagira na mIRC , ako ne go trgnes da ne ti preci............
Pozdrav

 

[RICK]

Sepak ne odi rabotava i ce moram podetalno da opisam:
Koga kliknam conect, izleguva prozor, a vo nego:
URI [IRC:// i ceka vnesuvanje-crtka sto trepka......
Ima i dve "kopcinja":
Prvoto:
ADD NETWORK , klik na nego i se otvoraat dva prazni dialoga:
NETWORK NAME [ nema nisto-prazno..... i
PREFERRED IDENTITY [ stoi izbor od dve opcii: USE DEFAULT i
mojot vnesen NICK
Vtoroto:
ADD/EDIT SERVER, klik na nego, izleguvaat 4 dijalog prozorcinja:
DESCRIPTION [ Unknown Description ]
ADDRESS/PORT [Unknown] i do nego [6667]
NETWORK - e tuka izleguvaat programot sto gi nudi, no nisto nase.........a gi ima eden kup,........
PASSWORD [ ama toa veruvam ne e bitno za konekcija, sto rekovme - so Skopje na primer..............
E sega izvinete mnogu uste ednas sto ke ve macam , a ako sakate i ke vi go ispratam -voopsto ne e problem, samo kazete mi ja postepkata -kako i
MNOGU , MNOGU FALA

 

[Acid]

РИК, кажи ми ти прво дали можеш сам да се конектираш на Undernet.
Ако незнаеш како и ако ја нема Undernet мрежата на тој клиент, најверојатно вака ќе можеш:

ADD NETWORK:
пиши Undernet
PREFERRED IDENTITY: го внесуваш твојот прекар што го користиш на IRC (пример Rick124)

ADD/EDIT SERVER
DESCRIPTION: Undernet
ADDRESS/PORT: eu.undernet.org 6667 (можеш да користиш и друг сервер, пример zagreb.hr.eu.undernet.org)
NETWORK: најверојатно ќе ти го даде сега и Undernet
PASSWORD: остави го ова поле ПРАЗНО

откако ќе се конектираш, во било кој активен прозорец пиши /join #pletenje , /join #skopje ... инт, ќе влезеш на кој канал сакаш.


Што се однесува до Касперски, не ти е убаво подесен, затоа го дава mIRC-от како вирус.
Мој совет е, или најди некој убаво да ти го подеси, или батали го, земи си AntiVir Guard.

Помогнав?

 

[RICK]

ACID, navistina fala ti, ama ne odi rabotava.....izgleda ova e premnogu komplicirano!
Edino, kako sto rekov, da ti go pratam nekako, pa sigurno ke mu najdes care.......
Ti kazi...
Fala i pozdrav.

 

[Acid]

Баш ме интересира што глупост е.. прати го на marjanlazarevski@yahoo.com

 

[RICK]

Prateno i fala mnogu :wink:

 

[Acid]

Ах, нешто ме зеза.. неможам да го инсталирам, јас стварно незнам што е работава. :shock:

Друже, батали го ова комплицирано чудо, имаш 100 пати подобри и попрости IRC клиенти од него :roll:

 

[RICK]

U sekoj slucaj fala ti za trudot
A ako mu najdes care u medjuvreme-pisi kako e, ako pa ja nesto zavrsam, obavezno pisuvam
Pozdrav

 

[Acid]

Абе батали го, не биди инат и ти....
За ова време ќе си го оправеше Kaspersky-от наместо да бараше замена за стариот добар mIRC.