Internet threat level: 1
Home→Descriptions→Trojan.Win32.KillAV.an
Trojan.Win32.KillAV.an
| Detected | Jul 06 2003 22:57 GMT |
| Released | Jul 06 2003 22:57 GMT |
| Published | Aug 15 2007 07:52 GMT |
Payload
Removal instructions
Technical Details
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 13,824 bytes in size. It is packed using UPX. The unpacked file is approximately 32KB in size. It is written in C++.
Installation
The Trojan also copies its executable file to the Windows system directory under the following names:
%System%\NavbwvLw32.Exe %System%\Winscrl0n3.Scr %System%\LwBWV60.dll
In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "(Default)" = "%System%\NavbwvLw32.Exe"
Payload
When launching, the Trojan scans the system for widnows with the following names and terminates them:
Norton AntiVirus VirusScan eSafe Desktop Watch eTrust EZ AntiVirus Panda AntiVirus Titanium PC-Cillin 2002 PC-Cillin 2003 F-Secure Anti-Virus Sophos AntiVirus ZoneAlarm ZoneAlarm Pro Tiny Personal Firewall McAfee Firewall Norton Personal FireWall
The Trojan then ceases running.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following system registry key: (see What is a system registry and how do I use it for details on how to edit the registry).
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "(Default)" = "%System%\NavbwvLw32.Exe"
- Delete the following files:
%System%\NavbwvLw32.Exe %System%\Winscrl0n3.Scr %System%\LwBWV60.dll
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
Trojan.
- Virus:
W32/BackZat. worm. gen (McAfee) - Troj/KillAV-BE (Sophos)
- Trojan.
Killav-19 (ClamAV) - W32/KillAV.
C (FPROT) - Trojan:
Win32/Killav. AN (MS(OneCare)) - Trojan.
Siggen. 13216 (DrWeb) - Win32/KillAV.
AN trojan (Nod32) - Generic.
Malware. SVWk!. 83B80AA4 (BitDef7) - Trojan.
Killav. AII (VirusBuster) - Win32:
Trojan-gen (AVAST) - Trojan.
Win32. KillAV (Ikarus) - Generic.
KIM (AVG) - TR/Killav.
AN (AVIRA) - Trojan Horse (NAV)
- W32/Killav.
AS (Norman) - W32/BackZat.
worm. gen (NAI) - TROJ_Generic (PCCIL)
- Worm.
Lonewolf. b (Rising) - TROJ_Generic (TrendMicro)
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.