Flood is a family of script-based backdoors that operate with a modified IRC client application and a set of utilities. Quite often these backdoors are spread in self-extracting archives and customized installation packages. F-Secure Anti-Virus detects over 40 different Flood backdoor variants.
Disinfection of Flood backdoor is simple - just delete or rename (if deleting fails) all infected files and restart your computer.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
The backdoor is basically an IRC script that operates with a modified IRC client, usually mIRC. The backdoor can use external utilities for its needs. A hacker can control the backdoor by sending specific commands to it. The latest backdoor variants can perform the following actions:
- open a file server on an infected computer - give OP to a specific user or everyone - change channel mode - give VOICE to a specific user or everyone - deOP a specific user or everyone - deVOICE a specific user or everyone - add a user to autoOP list - add a user to autoVOICE list - delete user from a channel list - add aliases - change IRC server - add server to a server list - reconnect to a server - join or part a specific channel - join or part a specific channel in a cycle - kick a specific user from a channel - show backdoor info - ban a specific user from a channel - set specific variable - change nickname - show backdoor version - show backdoor credits - send messages - get channel statistics - clear server list - remove specific variable
Some commands will only work if an infected IRC user has an OP or high rank in a specified channel.