Home / malware Trojan:Win32/Killav.DR
First posted on 01 May 2019.
Source: MicrosoftAliases :
Trojan:Win32/Killav.DR is also known as Trojan.Win32.AntiAV.dsg, Trj/AntiAV.O.
Explanation :
Installation This threat tries to uninstall you antimalware and firewall programs. It can be installed by other malware, such as TrojanDropper:Win32/Pykspa. This malware is a .DLL file that is written to %TEMP%
.dll, for example, jkzepoub.dll, before it is called by the malware that installed it. The file name used is derived from various pieces of system information, so that it will differ between systems, but will usually be the same or similar for an individual system. Payload Uninstalls security software This threat can be requested to uninstall a number of different antimalware and firewall programs. It attempts to do so by launching the security program's uninstaller, and then sending keyboard events to any dialogs that might appear, in order to dismiss the dialogs and approve the uninstallation process. Programs targeted by this threat include: Avast AVG Avira BitDefender Eset F-secure GData Kaspersky McAfee Norton Panda ZoneAlarm Additional Information The signature for Trojan:Win32/Killav.DR may also detect variants of TrojanDropper:Win32/Pykspa. Analysis by David Wood Last update 01 May 2019
