zapchast

[midwyfjan]

Hi
I was here a month or so ago, trying to figure what malware was causing my system to have Timeouts pop up. After much searching, scanning, etc, I ran a scan at F-secure.com today and they said I have these 2 troublemakers:
C:\wINDOWS\system\mirc.ini Backdoor.IRC.Zapchast
and
C:\Windows\system\script.ini Backdoor.IRC.Zapchast

It didn't give me much info on how to eliminate the buggers. I did a quick Google, and same up with something on Sophos, but I don't have their AV  program.

I think it's still in my system, altho I have done a lot of cleaning in the last few days. Turned off System Restore, dumped as many Temp files as seemed safe, also Prefetch folder emptied, and (I hope) got rid of remnants of the Norton Recycler file.

Have  attached a new HJT file, just in case that helps. I'm hoping for assistance in how to rid myself of these unpleasant trojans. Thanks

[galooma]

Hi and welcome back Jan,
I presume you have overcome your previous problems .
These new ones are related to IRC which suggests to me you have installed something new related to a chat program or perhaps someone has shared some files over a chat connection.
You havent said wether there are any noticeable problems associated .
First port of call would be add/remove programs to see if anything new is there that you dont recall installing ,If all else fails you could try removing/deleting them in safe mode. Be warned though , if indeed you have installed a new chat program it wont work as a result.

[midwyfjan]

Hmmm - I see
Well, no, I haven't overcome my previous problems. This is just the newest installment in my quest to figure out what demon is haunting me. I still get the damn timeout messages, my ISP still blocks my outgoing mail from time to time, and no virus or spyware scans ever find anything. Only one that found something was this new one from F-Secure.

I have gotten rid of AIM and loaded Trillian instead, as an IM program, as it was suggested that this would be less problematic. Nothing has been different since I started using it about a month ago.

So perhaps my subject line should have been "connection still elapsing . . . "

[DavidR]

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

If you haven't already got this software (freeware), download, install, update and run it,
Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.

[midwyfjan]

David
I already included a HJT logfile attached to my first post.

And altho I have Ewido already, it hasn't found anything, and my ISP folks said it isn't very good and to use Ad-Aware

[DavidR]

Yes you did, but by attaching it people have to download it to examine it.

There are links for on-line analysis sites which can help you to help yourself (and you don't have to wait for a response), the first analysis link also a facility to scan files that are flagged nasty, unknown, etc.

I guess the ISP folks haven't much of a clue about security programs because the two programs aren't like for like.

[midwyfjan]

I had used the HJT online analyzer before, but not recently. Ran it this morning and it alerted me to one "nasty". And then I ran the Ewido scan and it found and removed the zapchast thing. Now I will wait to see if anymore Timeout windows pop up, or if I am, finally, free of this malware.

You have all been so very helpful, and I am learning SO much!!

Much thanks

[galooma]

Thanks jan, glad to hear it .

and I am learning SO much!!

This is after all the ultimate goal