Trojan.KillAV.D

Printer Friendly Page

Discovered: March 20, 2004
Updated: March 23, 2004 8:21:15 PM
Systems Affected: Windows

Trojan.KillAV.D is a trojan program that terminates the processes of antivirus and security software.

Discovered: March 20, 2004
Updated: March 23, 2004 8:21:15 PM
Systems Affected: Windows

Trojan.KillAV.D is a trojan that terminates the processes of antivirus and security software. When the trojan is executed, it creates the following copy of itself:
%Windir%\<Trojan file name>
Where <Trojan file name>, is a configurable filename.

In order to remain persistent on the system, the trojan creates the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\<Trojan file name> = %Windir%\<Trojan file name>

HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"load"=%Windir%\<Trojan file name>

Again where <Trojan file name>, is a configurable filename.

Finally the trojan will attempt to terminate the process of many antivirus and security software by performing the following:
Deleting registry keys
Terminating processes
Deleting services
Modifying registry keys so that security features of some programs are turned off