home

vsqiqd.exe

MagicISO

MagicISO, Inc.

The executable vsqiqd.exe, “Virtual CD/DVD Manager” has been detected as malware by 38 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Vsqiqd’.
Publisher:
MagicISO, Inc.

Product:
MagicISO

Description:
Virtual CD/DVD Manager

Version:
2.07.0107

MD5:
ae42f5748bb89ff7e4cedb5e708243fe

SHA-1:
76e6de65ceaff3a4131564cad09f77af16281f88

SHA-256:
673909405c253fb90acb25360db16899a9a5d7f693a8c091ff1f5ec450a5072f

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
4/1/2025 8:02:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.39850
-39

AegisLab AV Signature
Backdoor.W32.Ruskill.qxd!c
2.1.4+

Agnitum Outpost
Backdoor.Ruskill
7.1.1

AhnLab V3 Security
Win-Trojan/ASD.variant
2016.03.01

Avira AntiVirus
BDS/Ruskill.qxd
8.3.3.2

Arcabit
Trojan.Zusy.D9BAA
1.0.0.656

avast!
Win32:VBCrypt-CHD [Trj]
2014.9-170315

AVG
BackDoor.SmallX
2018.0.2439

Baidu Antivirus
Backdoor.Win32.Ruskill
4.0.3.17315

Bitdefender
Gen:Variant.Zusy.39850
1.0.20.370

Clam AntiVirus
WIN.Trojan.Ruskill-166
0.98/21511

Comodo Security
TrojWare.Win32.Trojan.Agent.Gen
24381

Dr.Web
BackDoor.IRC.NgrBot.42
9.0.1.074

Emsisoft Anti-Malware
Backdoor.Win32.Ruskill
8.17.03.15.11

ESET NOD32
Win32/Dorkbot
11.13104

Fortinet FortiGate
W32/VBKrypt.DAB!tr
3/15/2017

F-Secure
Gen:Variant.Zusy.39850
11.2017-15-03_4

G Data
Gen:Variant.Zusy.39850
17.3.25

IKARUS anti.virus
Virus.Win32.VBInject
t3scan.2.0.8.0

K7 AntiVirus
EmailWorm
13.214.18890

Kaspersky
Backdoor.Win32.Ruskill
14.0.0.-1312

Malwarebytes
Trojan.Agent
v2017.03.15.11

McAfee
Artemis!AE42F5748BB8
5600.6095

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!JD
1.1.12400.0

MicroWorld eScan
Gen:Variant.Zusy.39850
18.0.0.222

NANO AntiVirus
Trojan.Win32.Ruskill.burepc
1.0.14.6204

nProtect
Trojan/W32.Agent.147456.BHR
16.02.29.01

Panda Antivirus
Dialer.EMN
17.03.15.11

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
(Suspicious) - DNAScan
3.17.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.17313

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Vbaj
8534

Trend Micro House Call
TROJ_SPNR.35CA13
7.2.74

Trend Micro
TROJ_SPNR.35CA13
10.465.15

Vba32 AntiVirus
Backdoor.Ruskill
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
47564

Zillya! Antivirus
Backdoor.Ruskill.Win32.1776
2.0.0.2691

File size:
144 KB (147,456 bytes)

Product version:
2.07.0107

Original file name:
MagicDisc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vsqiqd.exe

File PE Metadata
Compilation timestamp:
2/18/2013 5:48:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x13D8

Entry point:
68, 7C, 16, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 67, 08, 83, 29, 5C, E5, D6, 40, 80, DC, 2E, C0, 00, 3E, 75, 8C, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 74, 79, 6C, 65, 20, 20, 4D, 61, 67, 69, 63, 49, 53, 4F, 00, 0A, 20, 20, 20, 43, 61, 70, 00, 00, 00, 00, FF, CC, 31, 00, 05, 27, EF, 78, F1, CE, 84, EF, 43, AC, 4A, 42, 4B, 8C, F2, A8, 12, FE, 59, 0A, 5C, E3, 09, 6D, 44, AC, EB, 7D, D9, 02, 2A, C4, 12, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
32 KB (32,768 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Vsqiqd

Command:
C:\users\{user}\appdata\roaming\vsqiqd.exe


Remove vsqiqd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.