Trojan.Win32.Killav

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Category:

AV Killer: Any hacker tool intended to disable a user's anti-virus software to help elude detection. Some will also disable personal firewalls.

Variants:
  • Trojan.Win32.Killav.ae
  • Trojan.Win32.Killav.aj
  • Trojan.Win32.Killav.al
  • Trojan.Win32.Killav.am
  • Trojan.Win32.Killav.ao
  • Trojan.Win32.Killav.ar
  • Trojan.Win32.Killav.au
  • Trojan.Win32.Killav.ba
  • Trojan.Win32.Killav.bd
  • Trojan.Win32.Killav.bf
  • Trojan.Win32.Killav.bj
  • Trojan.Win32.Killav.bk
  • Trojan.Win32.Killav.bl
  • Trojan.Win32.Killav.bn
  • Trojan.Win32.Killav.br
  • Trojan.Win32.Killav.bw
  • Trojan.Win32.Killav.bz
  • Trojan.Win32.Killav.cf
  • Trojan.Win32.Killav.cp
  • Trojan.Win32.Killav.cy
  • Trojan.Win32.Killav.d
  • Trojan.Win32.Killav.i
  • Trojan.Win32.Killav.q
  • Trojan.Win32.Killav.t
  • Trojan.Win32.Killav.x
  • Trojan.Win32.Killav.y
    		•

    Similar Pests:

    		 AV Killer

    Origins

    Programming Language:

    		 Compressed with: UPX

    Date of Origin:

    		 Variants from June, 2003 to July, 2004

    Distribution

    Prevalence:
  • Trojan.Win32.Killav.d: 19.0%
    • More Info

    Clot Factor:
  • Trojan.Win32.Killav.d: 2

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Growth:
  • Trojan.Win32.Killav.d: Insufficient data to report growth
    		•

    Operation

    Storage Required:
  • Trojan.Win32.Killav.aj: at least 13 KB
  • Trojan.Win32.Killav.al: at least 85 KB
  • Trojan.Win32.Killav.am: at least 21 KB
  • Trojan.Win32.Killav.ao: at least 21 KB
  • Trojan.Win32.Killav.ar: at least 9 KB
  • Trojan.Win32.Killav.au: at least 13 KB
  • Trojan.Win32.Killav.ba: at least 13 KB
  • Trojan.Win32.Killav.bd: at least 21 KB
  • Trojan.Win32.Killav.bf: at least 5 KB
  • Trojan.Win32.Killav.bj: at least 9 KB
  • Trojan.Win32.Killav.bk: at least 149 KB
  • Trojan.Win32.Killav.bl: at least 33 KB
  • Trojan.Win32.Killav.bn: at least 33 KB
  • Trojan.Win32.Killav.br: at least 17 KB
  • Trojan.Win32.Killav.bz: at least 161 KB
  • Trojan.Win32.Killav.cf: at least 65 KB
  • Trojan.Win32.Killav.cp: at least 33 KB
  • Trojan.Win32.Killav.cy: at least 25 KB
  • Trojan.Win32.Killav.d: at least 9 KB
  • Trojan.Win32.Killav.i: at least 37 KB
  • Trojan.Win32.Killav.q: at least 21 KB
  • Trojan.Win32.Killav.t: at least 17 KB
  • Trojan.Win32.Killav.x: at least 9 KB
  • Trojan.Win32.Killav.y: at least 13 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Trojan.Win32.Killav from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove AutoRun Reference:

    Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
    If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\w1n32.dll, delete it and reboot the machine immediately.



    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 05, 2005