Killer Webdownloader 1.0

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 From the doc: 'a 3.1kb webdownloader that will download any file from a website and execute it.also kills any AV's and firewalls running works on win9x/me/nt/2k/xp. *only 3.1kb packed making it the first and smallest av/fW killing webdl to date *downloads a larger trojan from any web url *stays resident on the computer killing over 130 av's and firewalls *restarts with the computer *if downloaded trojan ever gets deleted it will redownload it again'

Alias:

 Backdoor/Killer.10 [Computer Associates], Downloader.cfg [McAfee], Downloader-AK [McAfee], security risk or a "backdoor" program [F-Prot], Trj/Aphex.10.C.Dwn [Panda], Trj/W32.Aphex [Panda], TrojanDownloader.Win32.Aphex.10.c [Kaspersky], Win32.Killer.10 [Computer Associates], Win32/AvKiller.1_0!Trojan [Computer Associates]

Category:

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Backdoor: A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Firewall Killer: Any hacker tool intended to disable a user's personal firewall. Some will also disable resident anti-virus software.

Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Similar Pests:

 Downloader · Backdoor · Firewall Killer · Trojan

Origins

Author:

 Illwill

Date of Origin:

 May, 2002

Operation

Storage Required:
  • Killer Webdownloader 1.0: at least 85 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Killer Webdownloader 1.0 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 03, 2005