Internet threat level: 1
Home→Descriptions→Trojan.Win32.KillAV.be
Trojan.Win32.KillAV.be
| Detected | Nov 05 2003 23:51 GMT |
| Released | Nov 05 2003 23:51 GMT |
| Published | Dec 26 2006 06:49 GMT |
Payload
Removal instructions
Technical Details
This Trojan is designed to disable antivirus programs and terminate a range of processes on the victim machine. It is a Windows PE EXE file. The file is 5,632 bytes in size.
Installation
This Trojan will be installed to the victim machine by another malicious program.
Payload
The Trojan terminates the following processes:
outpost.exe VetTray.exe AutoDown.exe Rescue.exe WRCTRL.EXE WRADMIN.EXE ICSUPPNT.EXE ZONEALARM.EXE IOMON98.EXE GUARD.EXE DOORS.EXE PCCIOMON.EXE AvkServ.exe AckWin32.exe notstart.exe AVSYNMGR.EXE WebScanX.exe Mcshield.exe VSHWIN32.EXE VSECOMR.EXE WEBSCANX.EXE AVCONSOL.EXE VSSTAT.EXE ALOGSERV.EXE SPHINX.EXE LOCKDOWN2000.EXE cleaner3.exe cleaner.exe tca.exe MOOLIVE.EXE WrCtrl.exe WrAdmin.exe WrCtrl.exe ZATUTOR.EXE MINILOG.EXE VSMON.EXE blackice.exe blackd.exe FRW.EXE iamapp.exe iamserv.exe Anti-Trojan.exe ANTS.EXE IFACE.EXE ICLOAD95.EXE ICMON.EXE ICSUPP95.EXE ICLOADNT.EXE ICSUPPNT.EXE NAVAPW32.EXE NAVW32.EXE _AVP32.EXE _AVPCC.EXE _AVPM.EXE AVP32.EXE AVPCC.EXE AVPM.EXE AVP.EXE ZAUINST.EXE NAVAPW32.EXE FAST.EXE GUARD.EXE AUTOUPDATE.EXE TC.EXE NSCHED32.EXE TCA.EXE TCM.EXE TDS-3.EXE SS3EDIT.EXE ATCON.EXE ATUPDATER.EXE ATWATCH.EXE WGFE95.EXE POPROXY.EXE NPROTECT.EXE VSSTAT.EXE VSHWIN32.EXE NDD32.EXE MCAGENT.EXE MCUPDATE.EXE WATCHDOG.EXE TAUMON.EXE IAMAPP.EXE IAMSERV.EXE TFAK.EXE SPYXX.EXE ATCON.EXE FRW.EXE Smc.exe NeoWatchTray.exe NeoWatchLog.exe NTXconfig.exe NWService.exe AutoTrace.exe cpd.exe AVXMONITOR9X.EXE ISRV95.EXE REALMON95.EXE NAVAPW32.EXE RTVSCN95.EXE DEFWATCH.EXE VPTRAY.EXE TFAK.EXE WEBTRAP.EXE LUCOMSERVER.EXE TRJSCAN.EXE POP3TRAP.EXE ALERTSVC.EXE SS3EDIT.EXE JEDI.EXE MONITOR.EXE MCAGENT.EXE MCUPDATE.EXE IFACE.EXE NISUM.EXE NISSERV ACKWIN32.EXE AVKSERV.EXE NMAIN.EXE F-PROT95.EXE F-AGNT95.EXE SPYXX.EXE PERSFW.EXE SWNETSUP.EXE SymProxySvc.exe SYNMGR.EXE NavLu32.exe Navw32.exe AVXMONITOR9X.EXE AVXMONITORNT.EXE AVXQUAR.EXE NORMIST.EXE NVC95.EXE Claw95cf.exe Claw95.exe Nupgrade.exe AVGCC32.EXE AVGCTRL.EXE AVGSERV.EXE ICSUPP95.EXE ICLOADNT.EXE
The Trojan will also terminate and delete a service called "anem".
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.
Trojan.
- Trojan:
ProcKill-AS (McAfee) - Troj/ProcKil-AS (Sophos)
- Trojan.
AVKill. 5632 (ClamAV) - Trj/Killav.
I (Panda) - W32/Malware!151a (FPROT)
- Trojan:
Win32/Killav. BE (MS(OneCare)) - Trojan.
AVKill. 5632 (DrWeb) - Win32/KillAV.
BE trojan (Nod32) - Generic.
Malware. P!Pk!g. 98B3B260 (BitDef7) - Trojan.
KillAV. AHA (VirusBuster) - Win32:
Trojan-gen {Other} (AVAST) - Trojan.
Win32. Snatch. 147 (Ikarus) - Killav.
F (AVG) - TR/KillAV.
BE (AVIRA) - Trojan.
KillAV (NAV) - W32/Killav.
B (Norman) - ProcKill-AS (NAI)
- Trojan.
KillAV. be (Rising) - TROJ_PROCKILL.
A (TrendMicro)
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.