Troj/IRCFlood-R is an IRC based Trojan for the Windows platform. When used with certain IRC scripts, it can be used to provide DDoS attacks.
Troj/IRCFlood-R is an IRC based Trojan for the Windows platform. When used with certain IRC scripts, it can be used to provide DDoS attacks.
Troj/IRCFlood-R is a trojanized version of mIRC v6.03 designed to allow backdoor access to a user's computer.
When run, Troj/IRCFlood-R creates the file <Current Folder>\dbqp.fon. This file is clean and may be safely deleted.
The following registry entries are set or modified, so that Troj/IRCFlood-R is run when files with extensions of CHA and IRC are opened/launched:
HKCR\ChatFile\Shell\open\command
<pathname of the Trojan executable>" -noconnect
HKCR\irc\Shell\open\command
<pathname of the Trojan executable>" -noconnect
Registry entries are set as follows:
HKCR\ChatFile\DefaultIcon
<pathname of the Trojan executable>
HKCR\irc\DefaultIcon
<pathname of the Trojan executable>
Registry entries are created under:
HKCU\Software\Microsoft\Microsoft Agent
HKCU\Software\mIRC\DateUsed
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
Troj/IRCFlood-R provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "mIRC".