Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog


Malware Environment
Malware Descriptions
Who Creates Malware
History of Malware
Malware Trends
If Your Computer Is Infected

 
Malware Description Search

 

  Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / General Trojans

Trojan.Win32.Killav.an

Other versions: .be, .bf, .bk, .bl, .br, .bx, .gj, .hl, .id, .k, .r

Aliases
Trojan.Win32.Killav.an (Kaspersky Lab) is also known as: W32/BackZat.worm.gen (McAfee),   Trojan Horse (Symantec),   Trojan:Win32/Killav.AN (RAV),   TROJ_KILLAV.AN (Trend Micro),   Trojan.Killav.AN (SOFTWIN),   Trojan Horse (Panda),   Win32/KillAV.AN (Eset)
Description added Aug 15 2007
Behavior Trojan

Technical details

This Trojan has a malicious payload. It is a Windows PE EXE file. It is 13,824 bytes in size. It is packed using UPX. The unpacked file is approximately 32KB in size. It is written in C++.

Installation

The Trojan also copies its executable file to the Windows system directory under the following names: 

%System%\NavbwvLw32.Exe
%System%\Winscrl0n3.Scr
%System%\LwBWV60.dll

In order to ensure that the Trojan is launched automatically when the system is rebooted, the Trojan registers its executable file in the system registry:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"(Default)" = "%System%\NavbwvLw32.Exe"
Payload

When launching, the Trojan scans the system for widnows with the following names and terminates them:

Norton AntiVirus
VirusScan
eSafe Desktop Watch
eTrust EZ AntiVirus
Panda AntiVirus Titanium
PC-Cillin 2002
PC-Cillin 2003
F-Secure Anti-Virus
Sophos AntiVirus
ZoneAlarm
ZoneAlarm Pro
Tiny Personal Firewall
McAfee Firewall
Norton Personal FireWall

The Trojan then ceases running.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete the following system registry key: (see What is a system registry and how do I use it for details on how to edit the registry). 
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"(Default)" = "%System%\NavbwvLw32.Exe"
  3. Delete the following files: 
    %System%\NavbwvLw32.Exe
%System%\Winscrl0n3.Scr
%System%\LwBWV60.dll
  4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
 		 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com