musirc4.72.exe - Dangerous
musirc4.72.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Spreads itself to other systems on the same network.
Allows unauthorized remote execution of commands on an infected computer.
Adds the value: "MusIRC (irc.music.com) client"="musirc4.72.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Attempts to authenticate itself to randomly generated IP addresses.
Copies itself to the following remote locations when a successful connection is made:
\ADMIN$\system32\musirc4.72.exe
\C$\WINNT\system32\musirc4.72.exe
Schedules itself to execute remotely created files.
Opens a connection to a specified Web site.
Connects to a specific IRC channel on a specific IRC server to receive remote instructions, such as:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.
Automatic removal: Use RegRun Startup Optimizer to remove it from startup.