In email below I opened safely using a Virtual Hard drive with windows 7 and AVG security suite active (in this way could do no harm even if it passed the firewall/antivirus). Attachment had a run.bat file that would loaded the Zapchast virus if it got into the system. Also I did a ip traceback and a sicko in Poland used a proxy server in Germany to send email.
Troj/Zapchas-CM is an mIRC-based backdoor Trojan for the Windows platform.
Troj/Zapchas-CM creates the following files in the C:\WINDOWS\system\ folder:
fullname.txt
ident.txt
nicks.txt
aliases.ini
control.ini
mirc.ini
remote.ini
script.ini
servers.ini
users.ini
sup.bat
svchost.exe
mirc.ico
sup.reg
popups.txt
Troj/Zapchas-CM also creates the following folders in the C:\WINDOWS\system\ folder:
download
logs
sounds
The file svchost.exe is a mIRC application infected with W32/Parite-B. The file script.ini is also detected as Troj/Zapchas-CM. The remaining files are clean and may be deleted.
After these files have been installed, svchost.exe is executed, causing it to connect to a preconfigured IRC server and join a channel in which a remote attacker can control the infected computer.
If you get this virus then use removal tool malewarebytes as first level of removal. If this does not work it 's serious sucker. You will have to google for other removal tools and/or step by step instruction to clean. Also have a good look at your firewall and antivirus tools you using. I use AVG security suite (paid version as it is that good and I don't feel over priced.
No comments:
Post a Comment