English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.KillAV.k

Detected Aug 21 2002 20:00 GMT
Released Aug 21 2002 20:00 GMT
Published Aug 09 2007 13:43 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11,264 bytes in size. It is packed using UPX. The unpacked file is approximately 24KB in size. It is written in C++.


Payload

When launched, the Trojan creates a thread which every second performs the following actions:

terminates all processes that contain one of the strings listed below in their names:

ANTIVIR
WEBSCANX
SAFEWEB
ICMON
CFINET
CFINET32
AVP.EXE
LOCKDOWN2000
AVP32
ZONEALARM
ALERTSVC
AMON.EXE
AVPCC.EXE
AVPM.EXE
ESAFE.EXE
PCCIOMON
PCCMAIN
POP3TRAP
WEBTRAP
AVCONSOL
AVSYNMGR
VSHWIN32
VSSTAT
NAVAPW32
NAVW32
NMAIN
LUALL
LUCOMSERVER
IAMAPP
ATRACK
MCAFEE
FRW.EXE
IAMSERV.EXE
NSCHED32
PCFWALLICON
SCAN32
TDS2-98
TDS2-NT
VETTRAY
VSECOMR
NISSERV
RESCUE32
SYMPROXYSVC
NISUM
NAVAPSVC
NAVLU32
NAVRUNR
NAVWNT
PVIEW95
F-STOPW
F-PROT95
PCCWIN98
IOMON98
FP-WIN
NVC95
NORTON

scans the system for the Task Manager window and terminates it.


Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Reboot the computer.
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).

Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions

Aliases

Trojan.Win32.KillAV.k (Kaspersky Lab) is also known as:

  • Trojan: ProcKill-O (McAfee)
  • Mal/Generic-A (Sophos)
  • Trojan:Win32/Killav.K (MS(OneCare))
  • Trojan.AVKill.24576 (DrWeb)
  • Win32/KillAV.K trojan (Nod32)
  • Generic.Malware.PVPk.8599594A (BitDef7)
  • Trojan.KillAV.CJR (VirusBuster)
  • Win32:Malware-gen (AVAST)
  • Trojan.Win32.KillAV.k (Ikarus)
  • Generic.KEK (AVG)
  • TR/Killav.K.1 (AVIRA)
  • Trojan.KillAV (NAV)
  • W32/Killav.HFH (Norman)