Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: mIRC reported as IRC.Zapchast

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    13

    Default mIRC reported as IRC.Zapchast

    After upgrading to 1.6.2, when I went to use my copy of mIRC 6.0.3 for the first time the Resident killed it and told me I had in fact executed IRC.Zapchast, a backdoor trojan. This is a legitimate (albeit old) copy of mIRC that I've had on my system and used since February 2008. TeaTimer is 1.6.6.32. My OS is XP Professional. Resident logs this:

    29/03/2009 13:37:42 Encountered and terminated IRC.Zapchast in C:\Program Files\mIRC\mirc.exe!
    Last edited by AdamM; 2009-03-29 at 16:12.

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this false positive.
    It has been confirmed and will be fixed with the next detection update scheduled for Wednesday 2009-04-01.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    13

    Default

    Are you sure this was fixed? I've updated to the latest version but I'm still getting the false positive.

    I understand this may be part of a wider TeaTimer 1.6.6.32 problem, but if so then why is this thread marked as 'fixed'?

  4. #4
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Did you restart the Teatimer or the computer after the update 2009-04-01?
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  5. #5
    Junior Member
    Join Date
    Nov 2008
    Posts
    13

    Default

    Unless you're suggesting that I haven't once turned off my machine between the 1st April and the present, then no, I did not reboot directly after installing the update; although I did restart TeaTimer after it reported the false positive again, to no avail.

    Why, do you think this corrupted my update somehow?
    Last edited by AdamM; 2009-04-07 at 20:25.

  6. #6
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    Try giving the machine a reboot.

  7. #7
    Junior Member
    Join Date
    Nov 2008
    Posts
    13

    Default

    Astonishingly, that didn't work.

  8. #8
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    ok, then please email to detections@spybot.info with a reference to this thread and give the following information:

    * include the resident log to your email
    * also include a full spybot S&D report to your email (scan , then right-click scan result and select to save full report)
    * state when you did the Teatimer update and if there were other parts of Spybot S&D updated as well (best attach the downloaded.ini located in C:\program files\Spybot - Search & Destroy\Updates)
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  9. #9
    Junior Member
    Join Date
    Nov 2008
    Posts
    13

    Default

    Email sent. I also included the mirc.exe if you want to check that over.

  10. #10
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    thank you for sending in the files.
    I can confirm that the false positive still occurred with the version of mirc you supplied. This will be fixed with the next detection update scheduled for 2009-04-22.
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •