My AntiVirus program reports a file infection with "IRC/BackDoor.Flood" in my C:\Windows\Temporary Internet Files\Content.
I just went there and had NO problems. Why don't you delete your Temp.Internet Files and run a scan on your computer??
![]() | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
I was using Symantec's web site at http://www.symantec.com/avcenter/index.html to review current threats because my Grisoft AVG software trapped 4 virus infected emails yesterday and 4 more today.
Whenever I try to open the link on Symantec's web page for a description of the "W32.Dinfor.Worm"
My AntiVirus program reports a file infection with "IRC/BackDoor.Flood" in my C:\Windows\Temporary Internet Files\Content.
The other 5 links for the "Latest Virus Threats" on this page work fine.... Could it be that Symantec site has a virus???
- Or, do I have a problem and just don't know it?
... It's very rare for me to get infected files, I update my defs and scan daily, I also use Trend's free scanner regularly as an additional sanity test.
Discussion is locked
Hi Marianna, thanks for rapid reply.
I have 2 PCs at home, the first is an old 300 MHz AMD running Win'98, have followed your advice & deleted Temp Internet files, got the same virus warning message when I deleted first time, then it cleared. Currently rescanning, will take abour an hour on this old PC.
Then went to my other Win XP 2.6 MHz PC which is not used for email retrieval, tho' is used for browsing, and also has current AVG defs and scans. First I deleted Temp Internet files, then rescanned with no virus found. Then went to Symantec's site and checked the 6 "latest virus threats" first 5 of 6 are OK, opened last link for w32.dinfor.worm and again AVG logged theIRC/BackDoor.Flood warning with a little more info in C:\Windows\Temporary Internet Files\Content.IE5\OPUJWDA3\W32Dinfor.worm[1].htm.
Repeated process again and found again.
I'm not an expert, but it sure looks like Symantec has a virus... hard to believe so that's why I posted here. Hey, maybe they slipped and included the virus with the description, or maybe they got hacked?
Can you recheck their links, you may have to click on it more than once, on my XP PC I had to click on the links 2 x on 2 separate tests.
Malcolm
BTW - Got to step out for 30 mins.
Hi Malcolm,
I just waited a bit on that particular webpage and .... yep - I also got a warning:
click here
Strangely enough - clicking on "delete" or "move to vault" didn't do anything - that's why I made a screenprint - will send the screenprint to Symantec for their info.
In the meantime I cleaned up my Temp. Internet files ![]()
I got the same result but I'm wondering if the problem isn't with AVG. I run NAV primarily but AVG's resident shield in the background. Have never had any problem with conflicts. After getting the same result I went to AVG's website to see what they said about the virus they named. The website said to search by the exact name AVG identified. I did, with a couple of variations, and the search had no result.
Backdoor.IRC.Flood
Discovered on: August 03, 2001
Last Updated on: April 15, 2002 04:46:08 PM
Backdoor.IRC.Flood is a backdoor Trojan. It installs an mIRC client that has backdoor capabilities; this gives the hacker unlimited access to the computer.
Also Known As: Backdoor.IRC.Flood.i, Backdoor.IRC.Flood.f
Type: Trojan Horse
http://www.sarc.com/avcenter/venc/data/backdoor.irc.flood.html
Back Again,
I ran more tests, AVG always finds this virus. Then I opened the link again with AVG running in background and it logged the problem. This time I did not try fix, or quarantine it in the AVG Vault.
Instead I ran Trend Micro's free on-line scan and it triggered AVG to flag the same virus infection as Trend scanned that particular file. Did this test three times and Trend reported "NO Virus Found" at the end of their scans even tho' AVG triggered each time it hit the suspect file.
I'm not going to take the risk of disabling AVG to see if it is not reporting accurately. I'll wait to see if Symantec gets back to Marianna with a good explanation. I'm not sure if it is a virus, or bug in AVG... but funny it seems to only pick on one link using multiple PCs and users!
What AntiVirus tools are you testing with Marianna?
Malcolm
Hi Malcolm,
I wrote to both, Symantec AND AVG Technical Support and included my screenprint I had made.
Well, I went back to that particular webpage and yes, AVG 7 Professional popped up again - I left the file in my Temp.file folder and scanned with The Cleaner 4.0 Professional my Temp.Internet Files\Content.IE5
NOTHING showed up. Then I scanned that folder with Trend Micro, TDS 3 Profesional and AVG 7 again and ALL showed up with nothing !
Curious to hear what AVG has to say ![]()
The Cleaner and TDS 3 Professional are trojan scanners.
Will let you know IF I get responses ![]()
Hi Jo,
Here's all I could find about IRC/BackDoor.Flood on AVG's site. Looks like they added it to their Dec 15th, 2003 defs.:
History of the AVG Updates
... .5.0 and AVG 6.0 - 552 Added detection of Worm/Nvrdoc, Worm/Heher, Worm/Francette, Win32/Sogost and new variants of Worm/Agobot, Worm/Spybot, trojan IRC/BackDoor.Flood, trojan IRC/BackDoor.SdBot. - December 15, 2003 - Program update AVG 7.0 - 7.0.206 Several improvements in Control Center ...
http://www.grisoft.com/us/us_history.php 02/10/04, 39101 bytes
Thanks for your input,
Malcolm
Thanks for sending to both Symantec & Grisoft AVG, guess we'll wait for their answers at this point.
BTW - In reply to your earlier comment; on my PCs I was able to move multiple virus hits to the AVG Vault and delete them from there, but when trying to get info about the virus while in the vault the message said in effect "no further info available about the virus"
I tried it too, didn't work here either. That is why I now suspect it is a "false positive" after I ran several scans with other AV's and they scanned all clean. That is also a reason I wrote to AVG Technical Support.
I hardly get any "false positives" from AVG - now I also should like to know from them what is going on ![]()
Marianna:
Good work, thanks for contacting all involved, I'll wait for their comments.
I'm a little spooked with MyDoom going around and after getting 8 virus infected emails in past 2 days. I have never had that many in any year. I'm set for previewing email before downloading from my ISP and saw those in my in box. All were about 33 - 35Kb with attachments, subject "Hi" or "Test", none from addresses and Domains I normally share email with, message text either blank or symbols. The trouble is that they do download when I delete them from the server, then AVG flagged them as I went in to delete locally without opening the attachments.
Thanks again ![]()
Malcolm
Malcolm,
I have MailWasher Pro and always look via it first what kind of e-mails are on my server. I have NO problems deleting the e-mails from the server via MailWasher. The free MailWasher does the same job deleting from the server! Maybe worth a look??
http://www.mailwasher.net/download.php
Yes, I will let you know if I receive replies from the 2 involved ![]()
Malcolm,
here is AVG's reply:
Hello,
this detection is caused because of Symantec's citacion of all content of BAT file used by IRC/Backdoor.Flood so AVG detects it as this
backdoor. This page itself is harmless.
--
Pavel Krcma
Grisoft, s.r.o.
Hi Marianna,
Thanks for copying me on AVG's response.
I understand what they are saying, but not sure that the way they interpret web page text as a live virus is a good, or bad, thing... It sure scared me big time.
BTW - Still getting several MyDoom.A infected emails daily from a variety of addresses (probably spoofed?) that I don't communicate with. This may take a while to subside. Odd they only started for me this week.
My Best,
Malcolm