w32.IRCbot

Archive
1

Today my full scan ran and detected W32.IRCbot on my computer. I run full scans daily so I know this was not on here prior to 2/20/09 4am. So It had to come up withing the last 24 hours.

I have several concerns about this

 

1. If it is a worm/virus that Norton has been aware of for at least October 2008, how did it get on my computer?

Shouldn'i it have been detected and blocked before installing??

 

2. The security information shows a bunch of registry changes effecting security. The fact that the W32.IRCbot has been removed, does it also change back the registry malice? Or are my security settings still at risk?

 

3. If the virus was on there for 24 hours, it could have downloaded other virus, etc, etc couldn't it?

So I has vulnerable for at least 24 hours?

 

4. The file is in quarantine. Do I need to submit it to Norton? Do I now need to delete it?

 

Th elocation of the file c:\program files\build-a-lot 3 - passport to europe is a folder that has been on the computer since 1/09 so it wasn't just downloaded 

 

The security risk log shows the following

Risk category: Virus
Overall Risk Impact: High
Performance: High
Privacy: High
Removal: High
Stealth: High
Click for more information about this risk : W32.IRCbot
Action taken: Fully removed
Affected Areas:
Files & Directories
c:\program files\build-a-lot 3 - passport to europe\mpxhkpm.exe
Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa->restrictanonymous:0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa->AUOptions:3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusOverride:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallOverride:0
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows->DisableSR:0
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UacDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirewallDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->UpdatesDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->AntiVirusOverride:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirewallOverride:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->FirstRunDisabled:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\->UacDisableNotify:0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\->UncheckedValue:1
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->SuperHidden:1
HKEY_USERS\S-1-5-21-1909828513-1491688853-3379000327-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\->SuperHidden:1