Home > Help Getting > Help Getting Went I Restart : A.bat / Zapchast.reg

Help Getting Went I Restart : A.bat / Zapchast.reg

That may cause it to stall. I pressed Ctrl-Alt-Del to get the task manager, go File / Run and enter "explorer" to get the task bar. Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! Skip navigationHomeForumsGroupsContentCommunity SupportLog inRegister0SearchSearchCancelError: You don't have JavaScript enabled.

scanning hidden services & system hive ... Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXEO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Yes, it is helpful 0% No, it is useless 0% Question Can Backdoor:bat.zapchast.i spread to other computers? Since you did not mentioned it, I did not do it.Finally I ran HiJackThis. https://community.mcafee.com/thread/5772?tstart=0

New sub-forum for mobile tech - smartphones. However, the machine still behaves the same. UPDATE on Upgrade 02/07/2017 We were somewhat delayed on getting the upgrade done, but it looks like it will now be done in the next few days or possibly even later Check out the forums and get free advice from the experts.

Sign Up This Topic All Content This Topic This Forum Advanced Search Blog Browse Forums Calendar Staff Online Users More Activity All Activity My Activity Streams Unread Content Content I Started The report will be called DrWeb.csvClose Dr.Web Cureit.Please post the following logs in your next reply..1. Just post the logs as it is...Please do the following....We need to get rid of some of the services running on your machine. Greets Jurgenv.

Windows XP: Go to Start > right click My Computer > click on Properties and on the General tab you'll find all the information, incl. Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! I tried open another window and computer froze. https://www.besttechie.com/forums/topic/9959-abat-infected-with-zapchastreg-and-devexe-infected-with-w32sdbotwormgenh/ The most common way computers become infected with a backdoor, including Backdoor:bat.zapchast.i, is when users install software (such as cryptographic software designed to protect confidential information) with a built-in backdoor.

Messenger""C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! Since then McAfee antivirus detects and removes (according to him) a trojan with the name a.bat, which is detected as zapChast.reg. Type Y to begin the script. AnuRay 25.06.2008 23:48 QUOTE(Lucian Bara @ 25.06.2008 07:16) helloyou seem to have a bagle infection.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Was the answer helpful? Always double check the file name as sometimes Backdoors use very similar filenames as very important system files do and you can mistakenly remove important system file what will harm your You have made a great job!

I first noticed something was wrong when my sound went out after downloading cracked software from emule site that I could have gotten for free elsewhere. If such monitoring and/or recording reveals possible evidence of criminal activitythe Company may provide the monitored evidence of such activity to law enforcement officials.""disablecad"=dword:00000000"legalnoticetext_backup"="""legalnoticecaption_backup"=""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoMSAppLogo5ChannelNotify"=dword:00000001"NoToolbarCustomize"=dword:00000000"NoBandCustomize"=dword:00000000"NoCDBurning"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"Btn_Back"=dword:00000000"Btn_Forward"=dword:00000000"Btn_Stop"=dword:00000000"Btn_Refresh"=dword:00000000"Btn_Home"=dword:00000000"Btn_Search"=dword:00000000"Btn_History"=dword:00000000"Btn_Favorites"=dword:00000000"Btn_Folders"=dword:00000000"Btn_Fullscreen"=dword:00000000"Btn_Tools"=dword:00000000"Btn_MailNews"=dword:00000000"Btn_Size"=dword:00000000"Btn_Print"=dword:00000000"Btn_Edit"=dword:00000000"Btn_Discussions"=dword:00000000"Btn_Cut"=dword:00000000"Btn_Copy"=dword:00000000"Btn_Paste"=dword:00000000"Btn_Encoding"=dword:00000000"Btn_PrintPreview"=dword:00000000"NoActiveDesktopChanges"=dword:00000000"NoFavoritesMenu"=dword:00000001"NoSetActiveDesktop"=dword:00000001"NoWindowsUpdate"=dword:00000001"NoChangeStartMenu"=dword:00000000"NoRecentDocsMenu"=dword:00000000"NoRecentDocsHistory"=dword:00000000"ClearRecentDocsOnExit"=dword:00000000"NoLogoff"=dword:00000000"NoSetTaskbar"=dword:00000000"NoTrayContextMenu"=dword:00000000"NoFileMenu"=dword:00000000"EnforceShellExtensionSecurity"=dword:00000000"LinkResolveIgnoreLinkInfo"=dword:00000000"NoNetConnectDisconnect"=dword:00000000"NoDeletePrinter"=dword:00000000"NoAddPrinter"=dword:00000000"NoPrinterTabs"=dword:00000000[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{A236FA7C-CEA6-4781-BBDE-376508BFE64B}"="C:\WINNT\system32\fccayyy.dll" [07-05-15 11:49 ]HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwuutHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccayyyHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGinaHKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkeyHKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Can anybody please tell me some steps to take to try and fix this problem...if it is fixable.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:36:03 PM, on 4/21/2008Platform: Windows XP I did not close it so the task bar wouldn't disappear as always.

If you are asked to reboot the machine choose Yes.NEXTPlease download Dr.Web CureIt to the Desktop:Doubleclick the drweb-cureit.exe file and Allow to run the express scanThis will scan the files currently Show 1 reply 1. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXEO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Safe Mode does not usually allow Backdoor:bat.zapchast.i to load when the system boots (!!!but exceptions can appear!!!).

Back to top #3 criveraf criveraf Member Members 12 posts Posted 16 May 2007 - 09:37 PM Thanks for the response.I did what you said. Now What? Created on 05/17/2007 14:30:01I rebooted the machine and the file was NOT moved.Then I went to virustotal.com to analyze the file you mentioned and did not find any virus in it.I

I am not sure if this is what is causing my computer to restart over and over or if it is a w32/ircworm.

It will move the file anyway.When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.Copy and paste this log in your next Back to top #13 jurgenv jurgenv Advanced Member Volunteer Security Advisor 2462 posts Posted 17 May 2007 - 05:12 PM * Download OTMoveIt.exe from here and place it on your desktop:http://download.blee...er/OTMoveIt.exe* It opened a small blue window and said it was scanning my computer for as little as three minutes. Back to top #11 criveraf criveraf Member Members 12 posts Posted 17 May 2007 - 04:22 PM Thanks once again.Combofix's logs:ComboFix.txt"Administrator" - 05/17/2007 11:10:20 Service Pack 4 ComboFix 07-05.13.V - Running

My volume wouldn't move. I plan on running some other scans (not combofix--deleting this from my computer) from superantispy, kaspersky, and malwarebytes again in the next couple days. Community Software by Invision Power Services, Inc. × Existing user? When finished, it shall produce a log for you.

Choose your usual account. If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.   Thank you for your Backdoor:bat.zapchast.i is a backdoor, which is a dangerous virus. Also, resources in the network still cannot be accessed yet, and the Internet explorer opens and hangs immediately.

How to Get Rid of ZapChast.reg? [RESOLVED] Started by bferretti , Jul 09 2008 08:41 PM This topic is locked #1 bferretti Posted 09 July 2008 - 08:41 PM bferretti New I resigned myself to open the task manager and go File / Run to try to run SDFix directly from there.SDFix ran for about 10 minutes and then rebooted the machine. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Any help much appreciated.

Six hours sounds plausible for a heavily infected machine... a fresh Deckard System Scanner (after Dr.Web step)..Regardsfenzodahl512 0 #5 bferretti Posted 12 July 2008 - 01:25 PM bferretti New Member Topic Starter Member 5 posts 1. FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\\JOEMETH\\Yahoo Messenger\\Messenger\\YahooMessenger.exe"="E:\\JOEMETH\\Yahoo Messenger\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Append

When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Yesterday I clicked on a downloaded torrent. Messenger""C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! To disconnect your PC from the Internet you need to plug-off LAN cable (if you use LAN connection) or to turn of the Wi-Fi module (if you use Wi-Fi Internet connection).

The situation is getting worse!Many thanks in advance.criveraf Attached Files AdAwareLog_20070515_0959AM_.TXT 41.25KB 241 downloads hijackthis.log 10.82KB 445 downloads Edited by criveraf, 16 May 2007 - 12:07 AM. IE 11 copy/paste problem It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum.