Backdoor.Zapinit
Backdoor.Zapinit can allow unauthorized remote access on the infected computer by opening a backdoor in it. It may also download and execute potentially malicious code onto the compromised PC. Infected system may then be used to perform malicious botnet attacks. Backdoor.Zapinit can also delete important Windows files and also disables process to stop network and Internet connection. This Trojan is usually propagated by attaching itself to a worm and spreads from computer to computer by means of removable media devices.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
How to Remove Backdoor.Zapinit:
FIRST AID TO STOP Backdoor.Zapinit:
When Backdoor.Zapinit virus infects a computer, it will modify system settings and inject itself to legitimate Windows files. System Restore is the tool-to-go-to in bringing back clean files and restoring earlier configuration. If you have saved previous restore point, please restore Windows to an earlier date.
MANUAL REMOVAL OF Backdoor.Zapinit:
1. If an anti-virus program is present, update the definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- From the menu, select Safe Mode.
3. Run a full system scan and clean/delete all infected file(s).
4. Delete/Modify any values added to the registry if present.
- To edit the registry, click on Start. Search or Run regedit.exe.
Note: For a complete guide on Safe Mode and Registry Editor, please see tutorial links on the sidebar.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- It can monitor network and Internet traffic.
- Backdoor.Zapinit will download additional files from a remote location.
- This Trojan can end multiple process of anri-vurus and firewall application.
Malicious Files Added by Backdoor.Zapinit:
%Windir%\nview.dll
%System%\drivers\atmapi.sys
%System%\[RANDOM FILE NAME]
%Windir%\task\sa.dat
File Location for Windows Versions:
- %System% for all versions of Windows it is located under C:\Windows\System32
- %Windir% refers to the installation folder of the operating system.
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows\”zwpInit_Dlls” = “C:\WINDOWS\nview.dll”
Alternative Removal Method for Backdoor.Zapinit
Option 1 : Use Windows System Restore to return Windows to previous state
If Backdoor.Zapinit enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Backdoor.Zapinit infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Gilbert Palau
Apr 29, 2008 @ 12:22:30
We have been hit by this virus for over a week. We have applied the registry patches as dictated above, but the virus keeps coming back.
Is there any other way to remove it? For us the virus installs C:\Windows\acl.exe and C:\marioforever.exe
Anyone knows?