high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | April 2007 (4.16) |
| Protection available since | 13 February 2007 20:05:08 (GMT) |
| Last updated | 2 March 2007 20:57:03 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Your options
- Please send us a sample to assist in improving our technology
- Use the instructions for removing generically detected files to delete the file from your computer
- If problems persist, contact Sophos support for assistance with removal
More Information
Mal/Zapchas-A is a family of Trojans for the Windows platform.
Members of Mal/Zapchas-A run continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
When members of Mal/Zapchas-A are installed some of the following files are typically created:
<Windows>\system\aliases.ini
<Windows>\system\control.ini
<Windows>\system\explorer.exe
<Windows>\system\mirc.ico
<Windows>\system\mirc.ini
<Windows>\system\nicks.txt
<Windows>\system\postcard.gif.exe
<Windows>\system\remote.ini
<Windows>\system\script.ini
<Windows>\system\servers.ini
<Windows>\system\sup.bat
<Windows>\system\sup.reg
<Windows>\system\svchost.exe
<Windows>\system\users.ini
The main dropped executable executable is usually a version of the mIRC chat application, sometimes infected with another virus.
Members of Mal/Zapchas-A often create the following folders:
<Windows>\system\download
<Windows>\system\logs
<Windows>\system\sounds
Members of Mal/Zapchas-A often set a registry entry at the following location to run the main dropped executable:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
