dll32NT.hlp ( Trojan.IrcBounce ) 
 dll32NT.hlp ( Trojan.IrcBounce )

/me thinks Trojan from IRC.FLOOD.U may have something to do with this.
Ran House Call and it caught 2 files that my uptodate Norton did not; IRC.FLOOD.U
and TROJ.FLOOD.U, which pointed to C:\WINNT\system32\dll32.hlp and

Has anyone had any experience with these at all?    Would appreciate any input.
Thank you in Advance.


Note: Changed the extensions of dll32.hlp to dll32.hlpold, and task32.exe to
task32.exeold, and ran any number of programs without any problem. Afterward,
removed these files to floppy and made note of the location. During all of this, I
noticed another file called dll23NT.hlp with a very recent date, so I did a search
(Google) and low and behold, I come up with a name for a Trojan called
"Trojan.IrcBounce". This leads to a whole list of files included in this punk's

The additional files are as follows: (But were "not" detected by Norton on this

(C & P)start
                                      (NOTE: Viewing all possible files windows
allows, including system, hidden)
 This Trojan consists of the following programs, all of which are detected as
Trojan.IrcBounce by Symantec antivirus products:
  a.. Dll32.hlp (ren DLL32.HLPold, copied to floppy and del)
  b.. Dll32nt.hlp (ren DLL32NT.HLPold, copied to floppy and del)
  c.. Xvpll.hlp (ren XVPLL.HLPold; not del)
  d.. Httpsearch.ini (not found in a windows search)(no DOS search)
  e.. Nt32.ini (ren NT32.INIold; not del)
  f.. Gg.bat (found changed to GG.BATold; not del)
  g.. Seced.bat (ren SEC.BATold)
  h.. Tftp8675 (ren TFTP8675.old; not del)
  i.. V.exe (no joy)
  j.. Mt.exe (no joy)

This Trojan also uses the following clean programs, which are not detected by
Symantec antivirus products:
  a.. Kill.exe (found, researching)(Had earlier copy from M$ ResKit98; different
file size)
  b.. Mdm.exe (no joy)
  c.. Mdm.scr (ren mdm.scrOLD; not del)
  d.. Ncp.exe (ren ncp.exeOLD;not del)
  e.. Psexec.exe (ren psexec.exeOLD;not del)
  f.. Taskmngr.exe (no joy)
(C & P)stop
This is as far as I have gone; in fact there has been no adverse effects from the
changes, but of course, I haven't booted, and opened and tested aps running
Any thoughts very much appreciated.


