Emsisoft Malware-Info

Name: Adware.Win32.Backdoor.IRC.Zapchast

Risklevel: Elevated Risk

Company: Unknown

Description:

Backdoor.IRC.Zapchast installs IRC server script and configuration files that allow the infected machine to be used as a server. Certain IRC channels specified in the configuration files connect to the server, making the infected machine vulnerable to remote attackers.

Removal instructions for Adware Backdoor IRC Zapchast:

To delete this malware infection, buy Emsisoft Anti-Malware.
Guaranteed removal of Adware Backdoor IRC Zapchast.

Run a full scan on all drives and move all detected items to the quarantine.

More details about this danger:

Characteristics:

  • It installs an Internet Relay Chat (IRC) server on the infected machine without the user s knowledge.
  • It makes infected system vulnerable to remote attackers.

Installation: Installed through EXE

Process: winspector.exe

Screenshots:

Backdoor.IRC.Zapchast

Used folders:

  • C:\WINDOWS\system32\drivers\shellz
  • C:\WINDOWS\system32\drivers\shellz\download
  • C:\WINDOWS\system32\drivers\shellz\logs
  • C:\WINDOWS\system32\drivers\shellz\sounds

Used files:

  • C:\WINDOWS\system32\drivers\shellz\fullinfo2.lnk
    [576 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\netinfo.bat
    [194 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\msasw.lnk
    [793 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\msasw.bat
    [62 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\mirc.ini
    [2714 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\memorat.txt
    [0 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\ipconf.lnk
    [570 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\ipconf.bat
    [191 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\netinfo.lnk
    [572 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\fullname.txt
    [1253 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\ident.txt
    [1018 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\fullinfo2.bat
    [99 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\fullinfo.lnk
    [574 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\fullinfo.bat
    [632 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\away.txt
    [0 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\aliases.ini
    [92 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\setup.lnk
    [789 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\hidewndw.exe
    [40960 Bytes] Application
  • C:\WINDOWS\f2.exe
    [69632 Bytes] Application
  • C:\WINDOWS\system32\drivers\shellz\sup.bat
    [586 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\nicks.txt
    [139544 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\sup2.bat
    [468 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\sup2.lnk
    [791 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\users.ini
    [99 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\winspector.lnk
    [803 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\sup.reg
    [562 Bytes] Registration Entries
  • C:\WINDOWS\IEXPL0RE.exe
    [49152 Bytes] Application
  • C:\WINDOWS\g3.exe
    [57344 Bytes] Application
  • C:\WINDOWS\system32\drivers\shellz\procese.lnk
    [572 Bytes] Shortcut
  • C:\WINDOWS\system32\drivers\shellz\perform.ini
    [53 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\winspector.exe
    [1790464 Bytes] Application
  • C:\WINDOWS\system32\drivers\shellz\procese.bat
    [95 Bytes] MS-DOS Batch File
  • C:\WINDOWS\system32\drivers\shellz\procese.txt
    [0 Bytes] Text Document
  • C:\WINDOWS\system32\drivers\shellz\remote.ini
    [175 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\script.ini
    [11604 Bytes] Configuration Settings
  • C:\WINDOWS\system32\drivers\shellz\servers.ini
    [985 Bytes] Configuration Settings
  • C:\Program Files\Common Files\System\Updaterun.exe
    [40960 Bytes] Application

Additional information might be found here:

Search at Google for Adware Backdoor IRC Zapchast Search at Google for Adware Backdoor IRC Zapchast
Search at Bing for Adware Backdoor IRC Zapchast Search at Bing for Adware Backdoor IRC Zapchast
Search at Yahoo for Adware Backdoor IRC Zapchast Search at Yahoo for Adware Backdoor IRC Zapchast

How can I protect myself from Adware Backdoor IRC Zapchast?

Important!
You essentially need an antivirus product, that is not only able to clean infections, but also protect your PC permanently from new dangers. This is the only way to prevent data loss and unnecessary hassle and costs of new installations of your operating system.

Take your chance and buy the multiple awarded protection software Emsisoft Anti-Malware today!

Only $40 for the security of your computer.

Buy Emsisoft Anti-Malware online:

Buy Emsisoft Anti-Malware now

Trust only on the best protection software!

Spring Offer!

Don't miss this: To your bought 1-year license of Emsisoft Anti-Malware or Emsisoft Internet Security Pack or higher you can now get a free license of the CyberGhost Anonymizer for free.
Your advantage: Surf anonymously and visit websites that are restricted in your country.

Only a few days left! Order here

Best In Test!

Emsisoft Anti-Malware is the best of 19 tested antivirus programs - Test by MRG - Malware Research Group - Q1-Q3 2011
More independent reviews of anti-malware software