(Virus detected) REG/TCPParams.A & BAT/Zapchast.AX

Hello smart computer people

My anti-virus detected these two viruses and quarantined them.

1) REG/TCPParams.A
2) BAT/Zapchast.AX

What is the best way to get rid of them. I haven't noticed anything strange yet. The firewall is blocking the first one. My operating system is XP Pro. Any help would be greatly appreciated.

Thanks
cosmo727

Using one or both of the programs Super Antispyware or MalwareBytes AntiMalware should remove the malware.

Instructions and links to downloads are in the link below.
http://www.bleepingcomputer.com/forums/ind...t&p=1087935

Be sure to UPDATE the programs after downloading, installing and before running each scan.

Sorry that it took so long to reply, been very busy lately. MalwareBytes AntiMalware seemed to do the trick!! Thank-you very much for the advice.

cosmo727

Please post the first log from MBAM and run another scan and post that log too, if anything was found.

First scan:

Malwarebytes' Anti-Malware 1.36
Database version: 2082
Windows 5.1.2600 Service Pack 3

06/05/2009 9:22:10 AM
mbam-log-2009-05-06 (09-22-10).txt

Scan type: Quick Scan
Objects scanned: 83952
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\WINDOWS\system32\winreger.exe (Trojan.Dropper) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Manager System (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Manager System (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winreger.exe (Trojan.Dropper) -> Delete on reboot.


Second scan:

Malwarebytes' Anti-Malware 1.36
Database version: 2082
Windows 5.1.2600 Service Pack 3

06/05/2009 9:37:07 AM
mbam-log-2009-05-06 (09-37-07).txt

Scan type: Quick Scan
Objects scanned: 83535
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Just as a note I used Super Antispyware first and scanned in safe mode as per the instructions. It detected some items but I was unable to retrieve the log after rebooting out of safe mode.

Whever a malware is labeled a "backdoor" such as the one in your log, you should consider your computer
completely compromised. Meaning that all passwords, financial info, (banking, PayPal, credit cards,etc) have
possibly been sent to the persons responsible for infecting your computer. Most professionals will advise to
wipe the HD, reformat and reinstall all software as the best way to repair and insure a backdoor to your computer
has not been left open. More info in link below.
http://www.dslreports.com/faq/10063

If you decide not to reinstall, you need to delete the existing "restore points" as some are infected. Deleting all is the
only option. Info on how to do that if needed is in the link below.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

Cleanup your temporary files and logs.
Double-click ATF-Cleaner.exe to run the program.
http://www.atribune.org/ccount/click.php?id=1
* Under Main "Select Files to Delete" choose: Select All.
* Click the Empty Selected button.
* If you use Firefox browser click Firefox at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* If you use Opera browser click Opera at the top and choose: Select All
* Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

Use Secunia online scanner to check for missing security updates. http://secunia.com/vulnerability_scanning/online/
After updating Java (if you haven't done so already) go to Add/ Remove and remove ALL old Java programs.
IE browser, Adobe Reader, Adobel Flash and Java have all been exploited recently. Important to get the latest updates to avoid malware exploiting those programs.

Thank-you very much for all your help. Looks like I have some work to do.