SecurityHome.eu Trojan.IRC.Zapchast.NAB

Home / malware PDF

Trojan.IRC.Zapchast.NAB

First posted on 21 November 2011.
Source: BitDefender
Aliases :
There are no other names known for Trojan.IRC.Zapchast.NAB.
Explanation :
This virus comes as a RAR-SFX. When executed he unpacks in C:WindowsSystem some modified mIRC files.
Then he makes sure it will be launched every time the computer starts by modifying the key :
"HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunGNP Generic Host Process"
After that he launches: C:WindowsSystemsvchost.exe which is the file mirc.exe renamed and infected with Win32.Parite.B.
That mIRC will connect to an Undernet server to channel #unl***** and will act as an ircbot and waits for commands like:
op/deop/kick/ban/voice/nick/msg/run/exit/say/ping from his owner.
Last update 21 November 2011

TOP

Malware :

Dridex
Shamoon 2
Hitler-Ransomware
Trojan.Win32.Vicepass.A
ButterflyBot.A

Last 20