English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.KillAV.bl

Detected Dec 26 2003 10:42 GMT
Released Dec 26 2003 13:15 GMT
Published Dec 26 2003 10:42 GMT

Technical Details

This is a primitive Win32 Trojan. The size of the executable file is 32238 bytes.

The program searches for and deletes the services and processes listed below:

claw95cf
claw95ct
cleaner
cleaner3
cmgrdian
connectionmonitor
cpd
cpdclnt
ctrl
defalert
defscangui
defwatch
dllhost
doors
dv95
dv95_o
dvp95
dvp95_0
ecengine
edi
efinet32
efpeadm
esafe
espwatch
etrustcipe
evpn
expert
f-agnt95
fameh32
fch32
fih32
findviru
fnrb32
fprot
f-prot
fprot95
f-prot95
fp-win
frw
fsaa
fsav32
fsgk32
fsm32
fsma32
fsmb32
f-stopw
gbmenu
gbpoll
generics
gibe
guard
guarddog
iamapp
iamserv
iamstats
ibmasn
ibmavsp
icload95
icloadnt
icmon
icmoon
icssuppnt
icsupp
icsupp95
icsuppnt
iface
iomon98
isrv95
jed
jedi
kpf
kpfw32
ldnetmon
ldpromenu
ldscan
lockdown
lockdown2000
lookout
luall
lucomserver
luspt
mcagent
mcmnhdlr
mcshield
mctool
mcupdate
mcvsrte
mcvsshld
mgavrtcl
mgavrte
mghtml
minilog
monitor
moolive
mpfagent
mpfservice
mpftray
msblast
msconfig
mspatch
mwatch
n32scan
n32scanw
nai_vs_stat
nav32_loader
navap
navapsvc
navapw32
navauto-protect
navengnavex15
navlu32
navnt
navsched
navw
navw32
navwnt
ndd32
neowatchlog
netutils
nisserv
nisum
nmain
nod32
normist
notstart
nprotect
npscheck
npssvc
nsched32
nsplugin
ntrtscan
ntvdm
ntxconfig
nui
nupdate
nupgrade
nvc95
nvsvc32
nwservice
nwtool16
ogrc
outpost
padmin
pavcl
pavproxy
pavsched
pavw
pcciomon
pccmain
pccntmon
pccwin97
pccwin98
pcfwallicon
pcscan
penis32
persfw
perswf
pop3trap
poproxy
portmonitor
processmonitor
programauditor
pview
pview95
rapapp
rav
rav7
rav7win
realmon
regedit
rescue
rtvscn95
rulaunch
safeweb
sbserv
scan32
scan95
scanpm
scrscan
scvhosl
serv95
smc
smss
sphinx
spider
spyxx
ss3edit
sweep
sweep95
sweepnet
sweepsrv.sys
swnetsup
symproxysvc
symtray
syshelp
taumon
tbscan
tc
tca
tcm
tcpsvs32
tds2
tds2-98
tds2-nt
tds-3
tfak
tftpd
vbcmserv
vbcons
vcleaner
vcontrol
vet32
vet95
vet98
vettray
vir-help
vpc32
vptray
vscan
vscan40
vsched
vsecomr
vshwin32
vsmain
vsmon
vsscan40
vsstat
watchdog
webscan
webscanx
webtrap
wfindv32
wgfe95
wimmun32
wingate
winhlpp32
wink
winmgm32
winppr32
winservices
wradmin
wrctrl
zapro
zonalarm
zonealarm
_avp
_avp32
_avpcc
_avpm
_findviru
ackwin32
advxdwin
agentw
alertsvc
alogserv
amon
amon9x
anti-trojan
ants
aplica32
apvxdwin
atcon
atguard
atupdater
atwatch
autodown
autotrace
avconsol
ave32
avgcc32
avgctrl
avgserv
avgserv9
avgw
avkpop
avkserv
avkservice
avkwctl9
avnt
avp
avp32
avpcc
avpdos32
avpm
avpmon
avpnt
avptc32
avpupd
avsched32
avsynmgr
avwin95
avwinnt
avwupd32
avxmonitor9x
avxmonitornt
avxquar
avxw
azonealarm
blackd
blackice
bootwarn
ccapp
ccshtdwn
cdp
cfgwiz
cfiadmin
cfiaudit
cfind
cfinet
cfinet32
claw95

Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Other versions

Aliases

Trojan.Win32.KillAV.bl (Kaspersky Lab) is also known as:

  • Troj/Killav-A (Sophos)
  • Trojan Horse (Panda)
  • W32/KillAV.BS (FPROT)
  • Trojan:Win32/Killav.BL (MS(OneCare))
  • Trojan.AVKill.155 (DrWeb)
  • Win32/KillAV.BL (Nod32)
  • Generic.Malware.P!VPk!.ABFDFAF6 (BitDef7)
  • Win32:Trojan-gen. (AVAST)
  • Trojan.Win32.KillAV.bl (Ikarus)
  • Generic.IAQ (AVG)
  • TR/KillAV.BL.1 (AVIRA)
  • Trojan.KillAV (NAV)
  • TROJ_KILLAV.BL (PCCIL)
  • Trojan.KillAV.ep (Rising)