Question re Trojan.Zapchas.ac/IE 6 problem and suggested software remover for Trojan

Discussion in 'malware problems & news' started by Wills, May 6, 2007.

Thread Status:
Not open for further replies.
  1. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    I posted earlier in another thread re my problems with IE 6 on my notebook xp sp2 "encounters problems and closes down".

    I click on tech details and it indicates "comctl32.dll".
    I have done a Search and the .dll is present.

    I have tried this tool to try to correct a corrupt IE 6 and it does not work. I get through all the steps intil the second last sentence "right click the ie.inf file and click Install on the context menu" and That is where I am stopped. It indicates that "The File "Explore Exe" not found. Please verify the correct file name was given.
    This is the repair site:http://www.nucleustechnologies.com/Repair-Corrupt-Internet-Explorer.html

    I don't understand this and have searched for IE6 and there is a folder for it.

    In my prior post I have on trial a2 malware program and I did a Free Hijack Scan that is available with the trial of this program and it shows:
    File Name: explorer.exe (Path) %systempath%\ Description: Trojan.Zapchas.ac

    How do I get rid of this Trojano_O
    With A2 as the trial A2 Malware program does not rid of ito_O?

    My IE 6 problem is perplexing and now I think that it maybe related to this Trojan hiding in Explorer.Exeo_O?

    I have a modem, smc router, alpha shield, norton A/V, spyware blaster, spybot search and destroy, a2 malware software, trojan hunter. I check for updates in the morning and at night and scan daily.

    And I really want to get my IE6 working properly.
    BTW, I keep cleaning out my Temp files and that does not help.

    I hope that someone has some ideas, thankyou
     
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    Re: Question re Trojan.Zapchas.ac/IE 6 problem and suggested software remover for Tro

    have you tried superantispyware and rogue remover? both have free versions available for download :

    http://www.superantispyware.com/

    http://www.malwarebytes.org/rogueremover.php

    here's more info on the trojan :
    http://www.sophos.com/virusinfo/analyses/trojzapchasac.html

    if you can search your computer for these files and registry keys you can get rid of the trojan yourself, but you got to be careful not delete important files.
     
    Last edited: May 6, 2007
  3. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    I am not sure what this "Chat" is all about b/c; I don't belong to any public groups etc.

    Only to security forums and of course I search the internet. I forgot to mention that I have Site Hound installed as well.

    I really have no idea where this Trojan came from, but trust that I should try a d/l of the programs that you mentioned and see if either of them come up with anything.

    i don't think that I am tech savvy enough to attempt to repair the problem manually that is for certain.

    Thankyou for the reply and I will post re my scan results from these programs.

    Would this Trojan cause me problems with IE6 encountering problems and closingo_O?
     
  4. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    Re: Question re Trojan.Zapchas.ac/IE 6 problem and suggested software remover for Tro

    i honestly don't know, the only info i found on this trojan was from the sophos website. once the trojan is removed (if that doesn't fix your IE problem) you could try using dial-a-fix to repair IE :
    http://wiki.djlizard.net/Dial-a-fix
     
  5. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Thx again for the reply. I just finished a scan with rogue remover and there was nothing that showed up, then super spyware and it found 28 cookies that I reviewed and deleted, then a2 malware scan and nothing showed, and spybot and nothing showed and trojan hunter and nothing showed.

    I really con't understand this free Trial of Hijack Free from Lava Soft, whether this might be a false positive and I actually have a corrupt file in IE 6??

    The "sfc scannow" shows the Windows to be intacto_O

    I am really confused about the "comctl32.dll" tech details that shows up when IE encounters a problem and closes.

    I have googled that and tried remedies and nothing helped.

    Thought that I should post my results of my scans.

    I guess that I will persist here or have to take it into a techie and get it checked out.
     
  6. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    Re: Question re Trojan.Zapchas.ac/IE 6 problem and suggested software remover for Tro

    it could be a false positive and like you said your IE could be corrupted. did you try downloading dial-a-fix and selecting the "repair IE" option?

    download dial-a-fix, select the "tools" button (it's the button with the hammer icon), then scroll down till you find the "repair/reinstall IE" option, then select "go". hopefully that will fix your IE crashing problem.
     
  7. webster

    webster Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    285
    Location:
    Denmark
  8. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Thx for the replies.
    First I tried a post at Dial-A-Fix and received a reply that this tool did not deal with this type of problem, I posted a query back asking why and have not received a reply yet.

    In respect of the last post re the d/l of the update; I guess the first part of the explanation applies in that it mentions that if a problem is encountered within a program that needs comctl32.dll 5 or comctl32.dll6 that there could be a problem.
    However the next sypmtom of a mixed display of Windows XP 6 syle window and Windows Classic 5 Window is not an issue.

    If I download this on top of what I have installed could I run into another problemo_O

    What is intermittently occurring is that I get the Error that IE6 is encountering a problem and must close, however the Window does not close always and on the occasion that it does; it reopenso_O

    The notebook has been again checked for malware and there is none and that is by 2 techies.

    I don't feel comfortable doing a uninstall and reinstall of IE6 xpsp2, the office tech did the upgrade to sp2 off the internet. And since this is a notebook the programs come all bundled in a cd which is a pain. Windows is not separate.

    I wondered how do I find out if both the 5 and 6 comctl32.dll's are present. Maybe I am missing one or one or both are corrupto_O

    As I mentioned I tried this fix:
    http://www.nucleustechnologies.com/Repair-Corrupt-Internet-Explorer.html
    and this did not work.
    I got all the way down to the second last sentence " Right Click the "ie.inf" file and click on Install on the context menu."

    When I do that I get the Error IEXPLORE.EXE file not found. Please verify the correct file name was given.

    I hope that someone has suggestions about this, thankyou.
     
  9. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    zapchast has so many different files & different droppers

    the only way to tell is to seek help on one of the malware cleaning forums by posting a HJT log

    Wilders no longer deals with HJT or 1 on 1 malware cleaning

    you can downlaod HJT from

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    a list of cleaning sites is http://asap.maddoktor2.com/
     
  10. Wills

    Wills Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    146
    Location:
    Canada
    Thx one and all for the replies. I did do a HJT and as I already knew there was no malware present.
    The only suggestion I got was to remove the Google Tool Bar and I did and no change.

    I got frustrated using my newer satellite M50-MX5 and so I went back to using my 4 year old satellite 2410 which is like my work horse. I had a project to complete.

    When I started working with my 2410 I noticed that I didn't have Fire Trust's Site Hound installed and so after I worked with my project and browsing I took a break and decided to d/l the Free Version and then low and behold after I started back with my work, I had the same problem "IE has encountered a problem and Must Close..." Tech Error "comctl32.dll.
    So I continued to try to Browse and the same Errors.

    So I used the Uninstaller for Site Hound and did a Reg clean and started back at my work Browsing and No problems, I worked for 6 hrs and not a sign of IE6 Encountering problems and closing.

    So I went back and tried out my notebook that caused me to do this post, my newer toshiba and of course there was still the error when I Browsed and so I decided to Uninstall and do a Reg clean.
    IN both cases I used the Uninstaller and not add/remove.

    And then i went about Browsing with my newer toshiba M50-mx5 and everything was fine.

    I guess the Site Hound in my toshiba IE6 does not like to play ball for whatever reason. i do have my pop up blocker on and don't know if that has anything to do with this "comctl32.dll" error or not.

    I have posted in the Site Hound Forum in Castle cops, but no answer yet.

    I am not thinking about trying out "Trend Protect", but don't know how it works.
    I have googled it and it seems that it simply gives you a red, yellow or green light and I don't know how often the data base is updated.
    I am not worried about the Sites that I browse, it is when a Link comes in from someone; I want to know that it is safe.

    Anyone have comments on any of this as I am baffled and would like to know of experiences by any members of either or both of the above programs.

    Thankyou for your time and I hope that some of this info is useful to anyone else who may come across this problem.
    Windows xpsp2, IE6.
    Cheers
     
Loading...
Thread Status:
Not open for further replies.