FANDOM



Trojan.Win32.KillAV.be or KilllAV.be is a Trojan program used by other malicious programs to kill known AV processes. It comes in PE EXE format.

Payload

The trojan searches for, and terminates, the following processes.

  • outpost.exe
  • VetTray.exe
  • AutoDown.exe
  • Rescue.exe
  • WRCTRL.EXE
  • WRADMIN.EXE
  • ICSUPPNT.EXE
  • ZONEALARM.EXE
  • IOMON98.EXE
  • GUARD.EXE
  • DOORS.EXE
  • PCCIOMON.EXE
  • AvkServ.exe
  • AckWin32.exe
  • notstart.exe
  • AVSYNMGR.EXE
  • WebScanX.exe
  • Mcshield.exe
  • VSHWIN32.EXE
  • VSECOMR.EXE
  • WEBSCANX.EXE
  • AVCONSOL.EXE
  • VSSTAT.EXE
  • ALOGSERV.EXE
  • SPHINX.EXE
  • LOCKDOWN2000.EXE
  • cleaner3.exe
  • cleaner.exe
  • tca.exe
  • MOOLIVE.EXE
  • WrCtrl.exe
  • WrAdmin.exe
  • WrCtrl.exe
  • ZATUTOR.EXE
  • MINILOG.EXE
  • VSMON.EXE
  • blackice.exe
  • blackd.exe
  • FRW.EXE
  • iamapp.exe
  • iamserv.exe
  • Anti-Trojan.exe
  • ANTS.EXE
  • IFACE.EXE
  • ICLOAD95.EXE
  • ICMON.EXE
  • ICSUPP95.EXE
  • ICLOADNT.EXE
  • ICSUPPNT.EXE
  • NAVAPW32.EXE
  • NAVW32.EXE
  • _AVP32.EXE
  • _AVPCC.EXE
  • _AVPM.EXE
  • AVP32.EXE
  • AVPCC.EXE
  • AVPM.EXE
  • AVP.EXE
  • ZAUINST.EXE
  • NAVAPW32.EXE
  • FAST.EXE
  • GUARD.EXE
  • AUTOUPDATE.EXE
  • TC.EXE
  • NSCHED32.EXE
  • TCA.EXE
  • TCM.EXE
  • TDS-3.EXE
  • SS3EDIT.EXE
  • ATCON.EXE
  • ATUPDATER.EXE
  • ATWATCH.EXE
  • WGFE95.EXE
  • POPROXY.EXE
  • NPROTECT.EXE
  • VSSTAT.EXE
  • VSHWIN32.EXE
  • NDD32.EXE
  • MCAGENT.EXE
  • MCUPDATE.EXE
  • WATCHDOG.EXE
  • TAUMON.EXE
  • IAMAPP.EXE
  • IAMSERV.EXE
  • TFAK.EXE
  • SPYXX.EXE
  • ATCON.EXE
  • FRW.EXE
  • Smc.exe
  • NeoWatchTray.exe
  • NeoWatchLog.exe
  • NTXconfig.exe
  • NWService.exe
  • AutoTrace.exe
  • cpd.exe
  • AVXMONITOR9X.EXE
  • ISRV95.EXE
  • REALMON95.EXE
  • NAVAPW32.EXE
  • RTVSCN95.EXE
  • DEFWATCH.EXE
  • VPTRAY.EXE
  • TFAK.EXE
  • WEBTRAP.EXE
  • LUCOMSERVER.EXE
  • TRJSCAN.EXE
  • POP3TRAP.EXE
  • ALERTSVC.EXE
  • SS3EDIT.EXE
  • JEDI.EXE
  • MONITOR.EXE
  • MCAGENT.EXE
  • MCUPDATE.EXE
  • IFACE.EXE
  • NISUM.EXE
  • NISSERV
  • ACKWIN32.EXE
  • AVKSERV.EXE
  • NMAIN.EXE
  • F-PROT95.EXE
  • F-AGNT95.EXE
  • SPYXX.EXE
  • PERSFW.EXE
  • SWNETSUP.EXE
  • SymProxySvc.exe
  • SYNMGR.EXE
  • NavLu32.exe
  • Navw32.exe
  • AVXMONITOR9X.EXE
  • AVXMONITORNT.EXE
  • AVXQUAR.EXE
  • NORMIST.EXE
  • NVC95.EXE
  • Claw95cf.exe
  • Claw95.exe
  • Nupgrade.exe
  • AVGCC32.EXE
  • AVGCTRL.EXE
  • AVGSERV.EXE
  • ICSUPP95.EXE
  • ICLOADNT.EXE

The trojan will also terminate a service titled "anem"

Removal

1. Terminate the Trojan with Task Manager

2. Delete the original trojan file

3. Clean up with an antivirus

Aliases

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.