Info concerning IRC/BackDoor.Flo

[rollandb]

my free avg tells me i have a file infected with this virus. i have gone to
the trendmicro and avg virus encyclopaedias to gather more information.
Amazingly enough there are NO results from either search. whats up with
that? i would have thought there would be at least a mention of
"IRC/BackDoor.Flo".

 

[rollandb]

Its actually called "IRC/BackDoor.Flood" (high resolution monitor chopping
off end of name) and i think maybe there is still no info on that spelling
because the virus is old. Still...they shouldn't call it an encyclopaedia
with such a poor list of definitions.

 

[null]

Its actually called "IRC/BackDoor.Flood" (high resolution monitor chopping
off end of name) and i think maybe there is still no info on that spelling
because the virus is old. Still...they shouldn't call it an encyclopaedia
with such a poor list of definitions.

Use Project VGREP to track down alias names and descriptions:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=irc/backdoor.flood&complete=1&product=0


Art
http://www.epix.net/~artnpeg

 

[BoB]

my free avg tells me i have a file infected with this virus. i have gone to
the trendmicro and avg virus encyclopaedias to gather more information.
Amazingly enough there are NO results from either search. whats up with
that? i would have thought there would be at least a mention of
"IRC/BackDoor.Flo".

Maybe Art or someone can confirm the following recent statement:
~~~~~~~~~
Get a copy of Stinger from:

http://vil.nai.com/vil/stinger/

Good for all variants of Backdoor.
~~~~~~~~~

BoB

 

[David W. Hodgins]

Maybe Art or someone can confirm the following recent statement:
Get a copy of Stinger from:
http://vil.nai.com/vil/stinger/
Good for all variants of Backdoor.

Where did you get that idea? If you check the page, you'll see stinger removes
about forty specific viruses and trojans. It does include 3 versions of irc/flood,
which may work for Rollandb, but may not. Backdoor is a generic term, for any
virus or trojan that allows your computer to be controlled remotely.

I'd suggest running an online scan at http://www.ravantivirus.com, or housecall,
and see what they call it.

Regards, Dave Hodgins

 

[null]

Maybe Art or someone can confirm the following recent statement:
~~~~~~~~~
Get a copy of Stinger from:

http://vil.nai.com/vil/stinger/

Good for all variants of Backdoor.
~~~~~~~~~

That's as bad as "certified virus free by AVG" don't you think?

As Dave pointed out, Stinger has cleaning capabilities for the handful
of malwares listed at that web site. With some reservation, I often
suggest the use of Trend's SysClean when it's not clear which malware
is infesting a user. SysClean has removal capability for hundreds of
malwares ... I haven't tried to get a count lately. But more than
that, it automatically scans and will detect most all malware that
Trend's av products detect. So even if it just finds something that it
can't clean, the user has the benefit of that info as well.

I say "with some reservation" since I'm concerned about
misidentification and mistaken deletion of legitimate files. In the
hands of paniced users, additional damage might well be done. In fact,
I recall one user posted here that SysClean had deleted the wrong
files. So there are risks. It's always best to do a "dry run" without
deletion checked. Users should make an attempt to assess the situation
.... something that just ain't going to happen, I'm afraid


Art
http://www.epix.net/~artnpeg

 

[BoB]

Where did you get that idea?

From a msg by Paul-B posted last Oct, that's why I suggested
confirmation.

Also a 15 Feb msg about Stinger stated:

"This version of Stinger includes detection for all known variants,
as of January 28, 2004:

BackDoor-AQJ Bat/Mumu.worm Exploit-DcomRpc
IPCScan IRC/Flood.ap IRC/Flood.bi
IRC/Flood.cd NTServiceLoader PWS-Narod
PWS-Sincom W32/Bagle@MM W32/Bugbear@MM
W32/Deborm.worm.gen W32/Dfcsvc.worm W32/Dumaru@MM
W32/Elkern.cav W32/Fizzer.gen@MM W32/FunLove
W32/Klez W32/Lirva W32/Lovgate
W32/Lovsan.worm W32/Mimail@MM W32/MoFei.worm
W32/Mumu.b.worm W32/MyDoom@MM W32/Nachi.worm
W32/Nimda W32/Pate W32/Sdbot.worm.gen
W32/Sober@MM W32/SirCam@MM W32/Sobig
W32/SQLSlammer.worm W32/Swen@MM W32/Yaha@MM"

So assuming Stinger is kept pretty well up-to-date, it had
a worthwhile chance of being beneficial but I haven't used it.

If you check the page, you'll see stinger removes
about forty specific viruses and trojans. It does include 3 versions of irc/flood,
which may work for Rollandb, but may not. Backdoor is a generic term, for any
virus or trojan that allows your computer to be controlled remotely.

I'd suggest running an online scan at http://www.ravantivirus.com, or housecall,
and see what they call it.

Regards, Dave Hodgins

Thanks for the additional info. I have added your comment to
those older msg files. Between your two recommended sites
and/or Stinger, hopefully their problem may be cleared up.

BoB