high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 21 June 2005 13:54:26 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Zapchas-M is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.
Troj/Zapchas-M uses a modified IRC client to provide a Trojan backdoor server. The Trojan is capable of scanning random IP addresses and flooding them with packets.
Troj/Zapchas-M can be commanded to download and run files via the IRC network.
When Troj/Zapchas-M is installed the following files are created:
<System>\astem.as - detected as Troj/Zapchas-M
<System>\bstem.as - detected asd Troj/Zapchas-M
<System>\dstem.as - a clean configuration file (safe to remove)
<System>\oystem.er - detected as Troj/Zapchas-M
<System>\securay.exe - a legitimate application to hide windows
<System>\tskdbg.exe - detected as Troj/Zapchas-M
<System>\ugsk.tbx - a clean configuration file (safe to remove)
The following registry entries are created to run the Trojan on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RVC6Player
<System>\tskdbg.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RVC6Player
<System>\tskdbg.exe
The following registry entries are set, so that Troj/Zapchas-M is run when files with extensions of CHA and IRC are opened/launched:
HKCR\ChatFile\Shell\open\command
(default)
"<System>\tskdbg.exe"
HKCR\irc\Shell\open\command
(default)
"<System>\tskdbg.exe"
Registry entries are set as follows:
HKCR\ChatFile\DefaultIcon
(default)
"<System>\tskdbg.exe"
HKCR\irc\DefaultIcon
(default)
"<System>\tskdbg.exe"
|
