Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Short description

Win32/KillAV.NBO is a trojan that repeatedly tries to connect to various web pages. The trojan can download and execute a file from the Internet.

Installation

The trojan does not create any copies of itself.

The following Registry entries are created:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
"kr_done1" = %variable%

A string with variable content is used instead of %variable% .

Other information

The trojan contains a list of (1) URLs. It tries to download a file from the address. The HTTP protocol is used. The file is stored into the following folder:

using the following name:

%variable%.exe

A string with variable content is used instead of %variable% .

The file is then executed.

The trojan creates the following files:

%system%\kr_done1
%temp%\uninst%variable%.bat

A string with variable content is used instead of %variable% .

The following file is modified:

%windir%\wininit.ini

The trojan writes the following entries to the file:

[Rename]
NUL=%filepath%

The trojan opens TCP port 10100 .

The following information is collected:

operating system version
antivirus software detected on affected machine
malware version
Internet Explorer version

The trojan can send the information to a remote machine.

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.