Discovered: March 20, 2004
Updated: March 23, 2004 8:21:15 PM
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Trojan.KillAV.D is a trojan that terminates the processes of antivirus and security software. When the trojan is executed, it creates the following copy of itself:
%Windir%\<Trojan file name>
Where <Trojan file name>, is a configurable filename.
In order to remain persistent on the system, the trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\<Trojan file name> = %Windir%\<Trojan file name>
HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"load"=%Windir%\<Trojan file name>
Again where <Trojan file name>, is a configurable filename.
Finally the trojan will attempt to terminate the process of many antivirus and security software by performing the following:
Deleting registry keys
Terminating processes
Deleting services
Modifying registry keys so that security features of some programs are turned off
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine