VTtrayp.exe = safe
CastleCops
-> Startup Programs
Author: polopolo, Location: Netherlands
Posted: Thu Feb 23, 2006 9:53 am Post subject: VTtrayp.exe = safe
I have analyzed a HJT log with the next line:
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
On the startup list I cannot find about file VTtrayp.exe.
I have scanned the file with Jotti file scanner and the file have's no infection's.
The file is on me computer on C:\WINDOWS\system32.
Author: Trpm,
Posted: Thu Feb 23, 2006 4:07 pm Post subject:
Hey there polopolo,
Welcome to CastleCops, VTtrayp.exe has been added to the list.
/s12641-VTtrayp_exe.html
Thanks,
Rex 
Author: polopolo, Location: Netherlands
Posted: Thu Feb 23, 2006 4:31 pm Post subject:
You're welcome. 
Author: EnricoSuarve,
Posted: Wed Aug 01, 2007 9:40 am Post subject: Not all versions of Vttrayp.exe are safe
Be aware there seems to be a new file doing the rounds called vttrayp.exe
It installs to the windir directory instead of sys32 and is called in a different manner in the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: Explorer.exe %WINDIR%\VTTrayp.exe
CA identify as Win32/Petribot.AOS
CastleCops
-> Startup Programs
All times are GMT
Page 1 of 1
Powered by phpBB © 2001 phpBB Group