English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.KillAV.id

Detected Jul 07 2006 14:05 GMT
Released Jul 07 2006 14:05 GMT
Published Sep 05 2006 12:54 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan terminates a number of legal applications. It is a Windows PE EXE file. It is 3104 bytes in size, and packed using UPX. The unpacked file is approximately 13KB in size.


Payload

The Trojan terminates the processes listed below:

_AVPCC.EXE
_AVPM.EXE
_FINDVIRU.EXE
ACKWIN32.EXE
ALOGSERV.EXE
AMON.EXE
ANTI-TROJAN.EXE
APVXDWIN.EXE
AVE32.EXE
AVKSERV.EXE
AVNT.EXE
AVPCC.EXE
AVPM.EXE
AVWIN95.EXE
CLAW95CF.EXE
ECENGINE.EXE
ESAFE.EXE
FINDVIRU.EXE
FPROT.EXE
F-PROT95.EXE
FP-WIN.EXE
GUARDDOG.EXE
IOMON98.EXE
NAVAPSVC.EXE
NAVAPW32.EXE
NAVNT.EXE
NAVW32.EXE
NAVWNT.EXE
NOD32.EXE
NSPLUGIN.EXE
OGRC.EXE
RAV7.EXE
RULAUNCH.EXE
SCAN32.EXE
SPIDER.EXE
VET95.EXE
VETTRAY.EXE
VSMAIN.EXE

Removal instructions

  1. Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8, then choose Safe Mode from the Windows boot menu).
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions