Troj/Zapchas-G is a backdoor Trojan for the Windows platform.
Troj/Zapchas-G creates the following registry in order to be automatically run at logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
profiler
C:\WINDOWS\system32\config\profile\liteout.exe C:\WINDOWS\system32\config\profile\prof.exe
Troj/Zapchas-G creates several files in the config\ subfolder of the Windows system folder. Most of these files are clean applications and configuration files.
One of the dropped files (also detected as Troj/Zapchas-G) is a mIRC script that, when opened by mIRC, allows a remote user to issue further instructions to the IRC client. These instructions cause the infected machine to scan specified IP addresses for known network vulnerabilities. The results of such scans are then sent to the remote user.