Troj/Zapchas-Z is a Trojan for the Windows platform.
Troj/Zapchas-Z runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Zapchas-Z includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Zapchas-Z is installed the following files are created:
<System>\aliases.ini
<System>\control.ini
<System>\mirc.ico
<System>\mirc.ini
<System>\nicks.txt
<System>\remote.ini
<System>\script.ini - Troj/Zapchas-Z
<System>\servers.ini
<System>\sup.bat
<System>\sup.reg
<System>\svchost.exe - clean mIRC client
<System>\users.ini
All these files can be deleted.
The following registry entries are set or modified, so that svchost.exe is run when files with extensions of CHA and IRC are opened/launched:
HKCR\ChatFile\Shell\open\command
(default)
<System>\svchost.exe" -noconnect
HKCR\irc\Shell\open\command
(default)
<System>\svchost.exe" -noconnect
Registry entries are set as follows:
HKCR\ChatFile\DefaultIcon
(default)
<System>\svchost.exe
HKCR\irc\DefaultIcon
(default)
<System>\svchost.exe
Registry entries are created under:
HKCU\Software\Microsoft\Microsoft Agent\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC\
Troj/Zapchas-Z provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "mIRC".