English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.KillAV.bk

Detected Dec 14 2003 16:43 GMT
Released Dec 14 2003 16:43 GMT
Published Dec 15 2003 09:18 GMT

Technical Details

This is a primitive Win32 Trojan program, written in C. It is compressed using UPX: the size of the compressed executable file is 5632 bytes, and uncompressed approximately 18KB.

The program searches for and deletes the services and processes listed below:

    _avp
    _avp32
    _avpcc
    _avpm
    _findviru
    ackwin32
    advxdwin
    agentsvr
    agentw
    ahnsd
    alerter
    alertsvc
    alogserv
    amon
    amon9x
    anti-trojan
    antivirus
    ants
    apimonitor
    aplica32
    apvxdwin
    atcon
    atguard
    atro55en
    atupdater
    atwatch
    aupdate
    autodown
    autotrace
    autoupdate
    avconsol
    ave32
    avgcc32
    avgctrl
    avgserv
    avgserv9
    avgw
    avkpop
    avkserv
    avkservice
    avkwcl9
    avkwctl9
    avnt
    avp
    avp32
    avpcc
    avpdos32
    avpexec
    avpinst
    avpm
    avpmon
    avpnt
    avptc32
    avpupd
    avrescue
    avsched32
    avsynmgr
    avwin95
    avwinnt
    avwupd32
    avxmonitor9x
    avxmonitornt
    avxquar
    avxw
    azonealarm
    bd_professional
    bidef
    bidserver
    bipcp
    bipcpevalsetup
    bisp
    blackd
    blackice
    bootwarn
    borg2
    bs120
    ccapp
    ccevtmgr
    ccpxysvc
    ccsetmgr
    ccshtdwn
    cdp
    cfgwiz
    cfiadmin
    cfiaudit
    cfind
    cfinet
    cfinet32
    claw95
    claw95cf
    claw95ct
    clean
    cleaner
    cleaner3
    cleanpc
    cmgrdian
    cmon016
    connectionmonitor
    cpd
    cpdclnt
    cpf9x206
    cpfnt206
    csinject
    csinsm32
    css1631
    ctrl
    cv
    cwnb181
    cwntdwmo
    defalert
    defscangui
    defwatch
    deputy
    dllhost
    doors
    dpf
    drwatson
    drweb32
    dv95
    dv95_o
    dvp95
    dvp95_0
    ecengine
    edi
    efinet32
    efpeadm
    ent
    esafe
    escanh95
    escanhnt
    escanv95
    espwatch
    etrustcipe
    evpn
    exantivirus-cnet
    expert
    f-agnt95
    fameh32
    fast
    fch32
    fih32
    findviru
    firewall
    fix-it
    flowprotector
    fnrb32
    fprot
    f-prot
    fprot95
    f-prot95
    fp-win
    fp-win_trial
    frw
    fsaa
    fsav
    fsav32
    fsav530stbyb
    fsav530wtbyb
    fsav95
    fsave32
    fsgk32
    fsm32
    fsma32
    fsmb32
    fssm32
    f-stopw
    fwenc
    gbmenu
    gbpoll
    generics
    gibe
    guard
    guarddog
hacktracersetup
    htlog
    hwpe
    iamapp
    iamserv
    iamstats
    ibmasn
    ibmavsp
    icload95
    icloadnt
    icmon
    icmoon
    icssuppnt
    icsupp
    icsupp95
    icsuppnt
    iface
    ifw2000
    iomon98
    iparmor
    iris
    isrv95
    jammer
    jed
    jedi
    kavlite40eng
    kavpers40eng
    kerio-pf-213-en-win
    kerio-wrl-421-en-win
    kerio-wrp-421-en-win
    killprocesssetup161
    kpf
    kpfw32
    ldnetmon
    ldpro
    ldpromenu
    ldscan
    localnet
    lockdown
    lockdown2000
    lookout
    lsetup
    luall 
    luau
    lucomserver
    luinit
    luspt
    mcagent
    mcmnhdlr
    mcshield
    mctool
    mcupdate
    mcvsrte
    mcvsshld
    mfw2en
    mfweng3.02d30
    mgavrtcl
    mgavrte
    mghtml
    mgui
    minilog
    monitor
    monsys32
    monsysnt
    monwow
    moolive
    mpfagent
    mpfservice
    mpftray
    mrflux
    msblast
    msconfig
    msinfo32
    mspatch
    mssmmc32
    mu0311ad
    mwatch
    mxtask
    n32scan
    n32scanw
    nai_vs_stat
    nav32_loader
    nav80try
    navap
    navapsvc
    navapw32
    navauto-protect
    navdx
    naveng
    navengnavex15
    navex15
    navlu32
    navnt
    navrunr
    navsched
    navstub
    navw
    navw32
    navwnt
    nc2000
    ncinst4
    ndd32
    neomonitor
    neowatchlog
    netarmor
    netinfo
    netmon
    netscanpro
    netspyhunter-1.2
    netstat
    netutils
    nisserv
    nisum
    nmain
    nod32
    normist
    norton_internet_secu_3.0_407
    notstart
    npf40_tw_98_nt_me_2k
    npfmessenger
    nprotect
    npscheck
    npssvc
    nsched32
    nsplugin
    ntrtscan
    ntvdm
    ntxconfig
    nui
    nupdate
    nupgrade
    nvapsvc
    nvarch16
    nvc95
    nvlaunch
    nvsvc32
    nwinst4
    nwservice
    nwtool16
    offguard 
    ogrc
    ostronet
    outpost
    outpostinstall
    outpostproinstall
    padmin
    panixk
    pathping
    pavcl
    pavproxy
    pavsched
    pavw
    pcc2002s902
    pcc2k_76_1436
    pccclient
    pccguide
    pcciomon
    pccmain
    pccntmon
    pccpfw
    pccwin97
    pccwin98
    pcdsetup
    pcfwallicon
    pcip10117_0
    pcscan
    pcscanpdsetup
    penis32
    periscope
    persfw
    perswf
    pf2
    pfwadmin
ping
    pingscan
    platin
    pop3trap
    poproxy
    popscan
    portdetective
    portmonitor
    ppinupdt
    pptbc
    ppvstop
    processmonitor
    procexplorerv1.0
    programauditor
    proport
    protectx
    pspf
    purge
    pview
    pview95
    qconsole
    qserver
    rapapp
    rav
    rav7
    rav7win
    rav8win32eng
    realmon
    regedit
    rescue
    rescue32
    route
    routemon
    rrguard
    rshell
    rtvscn95
    rulaunch
    safeweb
    sbserv
    scan32
    scan95
    scanpm
    schedapp
    scrscan
    scvhosl
    sd
    serv95
    setup_flowprotector_us
    setupvameeval
    sfc
    sgssfw32
    sh
    sharedaccess
    shellspyinstall
    shn
    smc
    smss
    sofi
    spf
    sphinx
    spider
    spyxx
    srwatch
    ss3edit
    st2
    supftrl 
    supporter5
    sweep
    sweep95
    sweepnet
    sweepsrv.sys
    swnetsup
    symproxysvc
    symtray
    sysdoc32
    sysedit
    syshelp
    taskmon
    taumon
    tauscan
    tbscan
    tc
    tca
    tcm
    tcpsvs32
    tds2
    tds2-98
    tds2-nt
    tds-3
    tfak
    tfak5
    tftpd
    tgbob
    titanin
    titaninxp
    tmntsrv
    tracerpt
    tracert
    trjscan
    trjsetup
    trojantrap3
    undoboot
    update
    vbcmserv
    vbcons
    vbust
    vbwin9x
    vbwinntw
    vccmserv
    vcleaner
    vcontrol
    vcsetup
    vet32
    vet95
    vet98
    vettray
    vfsetup
    vir-help
    virusmdpersonalfirewall
    vnlan300
    vnpc3000
    vpc32
    vpc42
    vpfw30s
    vptray
    vscan
    vscan40
    vscenu6.02d30
    vsched
    vsecomr
    vshwin32
    vsisetup
    vsmain
    vsmon
    vsscan40
    vsstat
    vswin9xe
    vswinntse
    vswinperse
    vvstat
    w32dsm89
    w9x
    watchdog
    webscan
    webscanx
    webtrap
    wfindv32
    wgfe95
    whoswatchingme
    wimmun32
    wingate
    winhlpp32
    wink
    winmgm32
    winppr32
    winrecon
    winroute
    winservices
    winsfcm
    wnt
    wradmin
    wrctrl
    wsbgate
    wyvernworksfirewall
    xpf202en
    zapro
    zapsetup3001
    zatutor
    zatutorzauinst
    zauinst
    zonalarm
    zonalm2601
    zonealarm

Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions

Aliases

Trojan.Win32.KillAV.bk (Kaspersky Lab) is also known as:

  • Trojan: ProcKill-BO (McAfee)
  • Troj/Killav-A (Sophos)
  • Trojan.Killav-22 (ClamAV)
  • Trojan Horse (Panda)
  • W32/KillAV.H (FPROT)
  • Trojan:Win32/Killav.BK (MS(OneCare))
  • Trojan.KillAV (DrWeb)
  • Win32/KillAV.BK trojan (Nod32)
  • Generic.Malware.P!VPk!.76E59317 (BitDef7)
  • Trojan.KillAV!2wY/1SbE174 (VirusBuster)
  • Win32:Trojan-gen (AVAST)
  • Trojan.Win32.KillAV.bk (Ikarus)
  • Collected.E (AVG)
  • Trojan.KillAV (NAV)
  • NseCheckFile2() returned 0x00010018 (Norman)
  • ProcKill-BO (NAI)
  • TROJ_KILLAV.BK (PCCIL)
  • Trojan.Win32.Generic!BT (Sunbelt)
  • Trojan.KillAV!2wY/1SbE174 (VirusBusterBeta)