high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | November 2007 (4.23) |
| Protection available since | 8 October 2007 23:00:55 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zapchas-DV is an backdoor IRC Trojan for the Windows platform.
Troj/Zapchas-DV runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Zapchas-DV includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zapchas-DV is installed the following files are created:
<Temp>\gsf2\antispyrus.exe
<Temp>\gsf2\lindisecret.exe
<Temp>\gsf2\zlip.cpl
<Temp>\gsf2\zlip1.cpl
<Temp>\gsf2\zlip2.cpl
The file antispyrus.exe is detected as Troj/Mirchack-A, the file lindisecret.exe is detected as Mal/Packer, and the files zlip.cpl, zlip1.cpl and zlip2.cpl are detected as Troj/Zapchas-DV.
Registry entries are created under:
HKCU\Software\Microsoft\Microsoft Agent
HKCU\Software\mIRC\DateUsed
HKCR\irc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC
Troj/Zapchas-DV provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "zlip".
|
