Home / malwarePDF  

Trojan:WinNT/Killav.A


First posted on 18 June 2010.
Source: SecurityHome

Aliases :

Trojan:WinNT/Killav.A is also known as Win-Trojan/Securisk (AhnLab), Rootkit.Win32.Banker.m (Kaspersky), KillAV.ANK (AVG), RKIT/Banker.M (Avira), Rootkit.Banker.H (BitDefender), Win32/Rooban.A (CA), Trojan.AVKill.1676 (Dr.Web), Win32/KillAV.NIF (ESET), Rootkit.Win32.Banker.m (Ikarus), PWS-Banker!gos (McAfee), Rootkit/Banbra.GQX (Panda), RTKT_BANKER.RAG (Trend Micro).

Explanation :

Trojan:WinNT/Killav.A is a trojan rootkit that deletes files from kernel mode.
Top

Trojan:WinNT/Killav.A is a trojan rootkit that deletes files from kernel mode. InstallationThis trojan may be installed by other malware such as VirTool:Win32/VBInject.gen!DI and may be present as the following file: %windir%\system32\drivers\avgbkill.sys Payload Deletes files Trojan:WinNT/Killav.A is installed in the computer as a device with the name "360SuperKill". It deletes the following files from kernel mode, some related to the security software "GBPlugin", a Brazilian online-banking protection software:

  • %ProgramFiles%\Alwil Software\Avast4\VisthU\pd.exe
  • %ProgramFiles%\AVG\AVG8\avgupd.exe
  • %ProgramFiles%\Avira\AntiVir Desktop\avscan.exe
  • %ProgramFiles%\Avira\AntiVir Desktop\avupgs\vc.exe
  • %ProgramFiles%\GbPlugin\bb.gpc
  • %ProgramFiles%\GbPlugin\cef.gpc
  • %ProgramFiles%\GbPlugin\gbieh.dll
  • %ProgramFiles%\GbPlugin\gbieh.gmd
  • %ProgramFiles%\GbPlugin\gbiehcef.dll
  • %ProgramFiles%\GbPlugin\gbiehuni.dll
  • %ProgramFiles%\GbPlugin\gbpdist.dll
  • %ProgramFiles%\GbPlugin\gbpkm.sys
  • %ProgramFiles%\GbPlugin\uni.gpc
  • %ProgramFiles%\Scpad\scpIBCfg.bin
  • %ProgramFiles%\Scpad\scpLIB.dll
  • %ProgramFiles%\Scpad\scpMIB.dll
  • %ProgramFiles%\Scpad\scpsssh2.dll
  • %ProgramFiles%\Scpad\sshib.dll
  • %windir%\Downloaded Program Files\abn.gpc
  • %windir%\Downloaded Program Files\erma.inf
  • %windir%\Downloaded Program Files\gbieh.gmd
  • %windir%\Downloaded Program Files\gbiehabn.dll
  • %windir%\Downloaded Program Files\gbiehuni.dll
  • %windir%\Downloaded Program Files\GbPluginABN.inf
  • %windir%\Downloaded Program Files\GbPluginuni.inf
  • %windir%\Downloaded Program Files\scpsssh2.inf
  • %windir%\Downloaded Program Files\uni.gpc
  • <system folder>\drivers\gbpkm.sys
  • <system folder>\scpsssh2.dll


    • Analysis by Tim Liu

    Last update 18 June 2010

     

    TOP

    Malware :

    Family: