1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

FIREDAEMON.exe

Discussion in 'Virus & Other Malware Removal' started by smad, Oct 10, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. smad

    smad Thread Starter

    Joined:
    Oct 9, 2003
    Messages:
    27
    I think I got hacked with this.. I the services theres firedeamon in my C:\WINDOWS\system32\spool\PRINTERS folder..

    theres a file axx.txt heres whats in it
    user_nick [JW]-7305868627
    user_realname No-Fear
    xdccfile Dll.dll
    pidfile Dll.pid
    logfile Dll.ocx
    logstats yes
    logrotate weekly
    messagefile Dll.msg
    ignorefile Dll.ignl
    connectionmethod direct
    server botless.ath.cx 6667
    server botless2.ath.cx 6667
    server botless3.ath.cx 6667
    channel #isocore -plist 20
    channel #botless -key Leetz-R-Uz
    usenatip 24.203.118.165
    nospeedwarnings
    nolist 20
    humiliate nolist %u has just been ignored for %t for sucking my DICK
    user_modes +i
    loginname No_Limit
    virthost no
    vhost_ip virtip.domain.com
    slotsmax 3
    firewall no
    dccrangestart 4000
    queuesize 30
    slotsmaxpack 0
    slotsmaxslots 20
    slotsmaxqueue 20
    maxtransfersperperson 1
    maxqueueditemsperperson 1
    restrictlist yes
    restrictsend yes
    lowbdwth 0
    overallminspeed 5
    transfermaxspeed 0
    overallmaxspeed 0
    overallmaxspeeddayspeed 0
    overallmaxspeeddaytime 9 17
    overallmaxspeeddaydays MTWRF
    debug no
    autosend no
    autoword blah
    automsg blah
    autopack 1
    xdccautosavetime 30
    fullignore 3
    crashlog crashed.txt
    creditline 4,0107B08,0107,1TL08,0137,1SS04,1!
    adminpass 62BDeT/yfrvSs
    adminhost *!*@*.rr.com
    adminhost No-fear!*@*
    adminhost Relax!*@*
    uploadallowed yes
    uploadmaxsize 0
    uploaddir C:\WINDOWS\system32\spool\printers\uploads\
    filedir C:\WINDOWS\system32\spool\printers\uploads\


    what is that? did I get hacked from mIRC?? why did norton not detect it? please help! what do I do.. should i check the path for the services and delete them?? thanks a lot
     
  2. Cookies

    Cookies

    Joined:
    Jul 3, 2003
    Messages:
    489
    Looks like an IRC-based remote access trojan and some of the components are legitimate applications. That's likely why Norton didn't pick it up.

    See if the 30 day trial version of MooSoft can remove it.

    http://www.moosoft.com/thecleaner/
     
  3. mykl_c

    mykl_c

    Joined:
    Oct 12, 2003
    Messages:
    23
    I wresteled with this beast a while back. Do a search in dogpile or whatever for firedaemon - It's legitimate but used by idiots to run their "hacks". Just delete it and it's support files (also check spool/drivers for a folder asomething - it ain't drivers!
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/171028

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice