Backdoor.IRC.Zapchast
Backdoor.IRC.Zapchast installs IRC server script and configuration files that allow the infected machine to be used as a server. Certain IRC channels specified in the configuration files connect to the server, making the infected machine vulnerable
to remote attackers.0
General information:
| Malware Name: |
Backdoor.IRC.Zapchast |
| Malware Type: |
Backdoor |
| Company Name: |
Unknown |
| Company URL: |
|
| Threat Level: |
Elevated Risk |
| Operating System: |
WIN XP |
| Installation Type: |
Installed through EXE |
| Operation: |
Time of After Installation |
Company Description:
Spyware Description:
Backdoor.IRC.Zapchast installs IRC server script and configuration files that allow the infected machine to be used as a server. Certain IRC channels specified in the configuration files connect to the server, making the infected machine vulnerable
to remote attackers.0
Characteristics/Symptoms:
-> It installs an Internet Relay Chat (IRC) server on the infected machine without the user s knowledge. -> It makes infected system vulnerable to remote attackers.
Additional information might be found here:
Processes Running:
winspector.exe
File information Created after Installation:
| File Location |
Size (Bytes) |
Type |
| C:\WINDOWS\system32\drivers\shellz\msasw.bat |
unknown |
|
| C:\WINDOWS\system32\drivers\shellz\msasw.lnk |
unknown |
|
| C:\WINDOWS\system32\drivers\shellz\netinfo.bat |
unknown |
|
Folder information Created after Installation:
| Folder Location |
| C:\WINDOWS\system32\drivers\shellz |
| C:\WINDOWS\system32\drivers\shellz\download |
Registry information Created after Installation:
| Main Registry Key |
Sub Registry Key |
Key Value Name |
| HKEY_CLASSES_ROOT |
\.cha |
0 |
| HKEY_CLASSES_ROOT |
\.chat |
0 |
| HKEY_CLASSES_ROOT |
\ChatFile |
0 |
