The script:
Quote:
KILLALL::
File::
C:\WINDOWS\tsitra11.exe
DirLook::
C:\From the Earth to the Moon
|
caused Combofix to stall out after completing Step 5. Ran Combofix without it, log appended below.
No visible improvement in system performance.
VirusTotal Report:
Quote:
File rygorad77798.exe received on 10.15.2007 18:12:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 22/31 (70.97%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 39 and 56 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.10.16.0 2007.10.15 Win-AppCare/Ttc.163840.B
AntiVir 7.6.0.23 2007.10.15 TR/Dldr.AW.awk
Authentium 4.93.8 2007.10.14 W32/Downldr2.QJZ
Avast 4.7.1051.0 2007.10.14 Win32:Trojan-gen. {Other}
AVG 7.5.0.488 2007.10.15 Adware Generic2.JSI
BitDefender 7.2 2007.10.15 Adware.TTC.B
CAT-QuickHeal 9.00 2007.10.13 AdWare.TTC.c (Not a Virus)
ClamAV 0.91.2 2007.10.14 Adware.TTC-1
DrWeb 4.44.0.09170 2007.10.15 -
eSafe 7.0.15.0 2007.10.10 -
eTrust-Vet 31.2.5207 2007.10.13 Win32/Zquest.H
Ewido 4.0 2007.10.15 -
FileAdvisor 1 2007.10.15 High threat detected
Fortinet 3.11.0.0 2007.10.15 -
F-Prot 4.3.2.48 2007.10.15 W32/Downldr2.QJZ
F-Secure 6.70.13030.0 2007.10.15 -
Ikarus T3.1.1.12 2007.10.15 not-a-virus:AdWare.Win32.TTC.c
Kaspersky 7.0.0.125 2007.10.15 not-a-virus:AdWare.Win32.TTC.c
McAfee 5140 2007.10.12 potentially unwanted program Generic Adware
Microsoft 1.2908 2007.10.15 Program:Win32/TTC
NOD32v2 2591 2007.10.14 -
Norman 5.80.02 2007.10.15 -
Panda 9.0.0.4 2007.10.15 Adware/TTC
Prevx1 V2 2007.10.15 -
Rising 19.45.02.00 2007.10.15 Trojan.DL.Win32.Agent.lq
Sophos 4.22.0 2007.10.15 Troj/TTC-A
Sunbelt 2.2.907.0 2007.10.13 Deskwizz/ZQuest
Symantec 10 2007.10.15 SecurityRiskOn
TheHacker 6.2.8.091 2007.10.15 Adware/TTC.c
VBA32 3.12.2.4 2007.10.15 AdWare.Win32.TTC.c
VirusBuster 4.3.26:9 2007.10.15 -
Additional information
File size: 163840 bytes
MD5: b517f6aeedb6f383fb38d99738ee66aa
SHA1: 93c57a64dab351ec8fa7b8cc3a59f3f284e11201
Bit9 info: http://fileadvisor.bit9.com/services...38d99738ee66aa
Sunbelt info: Deskwizz/ZQuest is an adware application that tracks the user's browsing in order to display targeted advertising on the desktop.
|