Systweak Spyware Library
Systweak Spyware Library text
More than 1309737 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Trojan.agent.azqq Analysis Report
Threat Submitted On: 1/11/2009 12:10:32 AM
Threat Analysed On: 1/11/2009 5:10:32 AM
Threat Updated On: 11/8/2009 11:16:53 AM
Type : Trojan
Symptoms of agent.azqq
  • Performs illicit activities under the disguise of a useful program.
  • Download malicious code and programs such as keyloggers.
  • It is capable of fetching user’s personal and confidential information.
Alias : trojan.win32.agent.azqq
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Delete the following Files to remove Infection
File: script.vbs
Path : %programfiles%\xerox\nwwia

Md5Hash :ef40fdc38e86127906db2c6fa2ded87b ( 263 bytes)
File: temp_0.tmp
Path : %temp%\$inst

Md5Hash :4ff3d9073049b3e0100f8e1f02c7d78f ( bytes)
File: [randomname].exe
Path : %workingdir%

Md5Hash :483b5970636f783c8e8652c587b165d8 ( 119148 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
These file(s) can be kept as they are also created by genuine Software.
File : 2.tmp
Path : %temp%\$inst

Md5Hash :8708699d2c73bed30a0a08d80f96d6d7 ( bytes)
The following Registry Values are added to the provided Registry Keys :-
Delete the added Values from the Key to remove Infection
|__ Value Added :
script.vbs = "%programfiles%\xerox\nwwia\script.vbs"


1. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
2. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
3. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.

Microsoft Gold Certified Partner

© Systweak Inc., 1999-2009 All rights reserved.