9 Years
Discussion Span
Last Post by jholland1964

Hi Community.

Can anyone tell me how to remove REG/Zapchast.H and BAT/Zapchast.CE viruses?



Nobody can give any info until WE have info...operating system, av program, firewall, anti-malware programs and, most important, how do you know you have these on the computer?


Nobody can give any info until WE have info...operating system, av program, firewall, anti-malware programs and, most important, how do you know you have these on the computer?

Thanks for getting back to me jholland. I'll give you what info I have and hopefully it will be enough.

My OS is WindowsXP
AV program is provided by my ISP, Bell Sympatico
I know I have these viruses because I did a virus scan, after a pop-up from my ISP security program indicated I'd been infected. I got that message seconds after I opened a bogus Hallmark card.

I hope that helps. Any assistance you can provide would be very appreciated.

Regards, scripted


Please Download ATF-Cleaner.exe by Atribune Save it to the desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
REBOOT the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the computer.
When the computer has rebooted then Right Click on the desktop and choose New Folder. A new folder will be created on the desktop.
Rename this folder HJT.
Next Download HiJackThis and save it to this folder.
Now run a Full System scan with HiJackThis and save the log.
Post back here with the MBA-M log, the ESET log and the HiJackThis log.


What you are dealing with can and is very dangerous. Both of these files are from ONE trojan...so far. Unless you get this cleaned up there most likely will be many more.

Here are links below where I found the info I have posted below the links.



This one is considered High Risk.
High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Trojan.Zapchast puts a copy of itself in the registry as a Window's runkey so that is it activated when Windows starts. When active, this trojan will execute another trojan, Trojan.Pakes, which downloads other malware.

Creates an executable file in the fake Recycle Bin folder with the purpose of concealing its presence in the system.
Creates fake Recycle Bin folder.
Must be removed

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.