Trojans are malicious applications that pose themselves as legitimate software in order to trick users to install them. Once on the victim's machine, it may run any number of malicious process to steal vital information or inflict damage to other software.
Backdoor.IrcJan is an IRC Backdoor Trojan Horse that gives its author control of an infected computer through Internet Relay Chat (IRC).
It adds False IP's to more than 50 popular antivirus companys urls in the Host file, disables antivirus notifications, firewall notifications, update notifications, and overrides firewalls.
One of the malicious exe files acts a Server exchanging commands. BackDoor.IrcJan creates a folder containing a lot of malicious executables with the same file, MD5 and different names..
Backdoor.IrcJan creates the folder, %Windir%\system32\programs\
Copies itself to the %Windir%\system32\programs\ folder as the following filenames:
2 Find MP3 8.2.0.exe
Adobe InDesign CS 2.exe
Adobe keygen for photoshop indesign incopy SERIAL crack.exe
Adobe Photoshop CS 2.exe
Autocad 2002 Crack.exe
Autocad 2004 Crack.exe
Autocad 2005 Crack.exe
Autocad 2006 Crack.exe
BEST HACK TOOL FOR REAL HACKERS KEYLOGGER WEBCAM SPY! - PRIVATE.exe
Counter strike - cs full version.exe
Counter strike keygen WORKING FOR ONLINE STEAM.exe
Credit card generator.exe
Eric vd Vogt Gay Movie - Dutch homosexual fetish raped.exe
Fifa 2006 FULL with crack.exe
Fifa 2007 FULL with crack.exe
Free SMS Bomber.exe
Google hack tutorial for beginners.exe
HalfLife 2 WORKING Steam crack.exe
Hotmail account hacker in 30 minutes.exe
Microsoft Office Activation Crack.exe
Microsoft Office Professional Crack.exe
Microsoft Office Professional Serial.exe
Microsoft Office Professional Universal Crack without serial.exe
Microsoft Office Universal Activator v1.0.exe
MSN hacker - password stealer.exe
norton anti virus FULL NEWEST VERSION.exe
Norton AntiVirus 2005 crack.exe
Norton AntiVirus 2006 crack.exe
Norton antivirus crack.exe
Norton firewall 2006 crack.exe
psx2 - playstation 2 emulator.exe
UniVersal GSM unlocker for removing simlock (NOKIA,ERICSSON,SONY,SAMSUNG,OTHERS).exe
WinRAR 4 beta.exe
ZoneAlarm crack (keygen).exe
Large amount of Hijacked domains are placed in the Hosts file. Its probably better to delete the file itself than to fix each item.(and create a Backup)
File location is C:\Windows\System32\drivers\etc\hosts
To Correct Modified Registry Values:
1.Click on Start , click run.
2.Type "regedit" and press enter.
3.Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center"
4.Right Click on "AntiVirusDisableNotify" ,click on Modify , Type " 0 " in Value Data field in place of "1" and press Enter.
5.Right Click on "FirewallDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
6.Right Click on "FirewallOverride" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.
7.Right Click on "UpdatesDisableNotify" , click on Modify , Type "0" in Value Data field in place of "1" and press Enter.