TROJ_KILLAV.QB

This Trojan may be installed manually by a user. It may be downloaded unknowingly by a user when visiting malicious Web sites.

It drops copies of itself. It drops files/components, one of which is detected by Trend Micro as TROJ_KILLAV.SM. It is injected into processes running in memory.

It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries.

It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system. It saves the downloaded files using certain file names. Trend Micro detects these files as the following:

• CRYP_UPACK
• TROJ_DROPPER.EHX
• TROJ_SYSTEMHI.JE
• TROJ_ZLOB.LN
• TSPY_AGENT.ANQR
• TSPY_ONLINEG.AK
• TSPY_ONLINEG.RKQ
• TSPY_ONLINEG.YJN
• TSPY_ONLING.AF
• TSPY_ONLING.BR

It terminates certain processes, if found running in memory.

Related Items