Troj/KillAV-Q

Please follow the instructions for removing Trojans.

Please follow the instructions for removing Trojans.

Windows NT/2000/XP

In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\W1N32.DLL

and delete it if it exists.

Close the registry editor.

Troj/KillAV-Q attempts to disable anti-virus and security software. When
run, the Trojan creates a copy of itself named winlogon .exe in the Windows
folder and adds the following registry entry to ensure that the copy is run
each time Windows is started:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\W1N32.DLL

Troj/KillAV-Q attempts to disable the following processes and services:

agentw.exe
AckWin32.exe
Claw95.exe
Monitor.exe
avpm.exe
_AVP32.EXE
AVP32.EXE
f-stopw.exe
APVXDWIN.EXE
PAVPROXY.EXE
VbCons.exe
vbcmserv.exe
_AVPCC.EXE
GBPOLL.EXE
TAUMON.EXE
zonealarm.exe
vsmon.exe
zapro.exe
PERSWF.EXE
MPFAGENT.EXE
MPFSERVICE.exe
MPFTRAY.EXE
AVSYNMGR.exe
alogserv.exe
CPDCLNT.EXE
VSHWIN32.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOL.EXE
VSSTAT.EXE
cpd.exe
ALOGSERV.EXE
CMGRDIAN.EXE
RULAUNCH.EXE
VSMAIN.EXE
Mcshield.exe
cpd.exe
CPDClnt.exe
cfgWiz.exe
iamapp.exe
iamserv.exe
FRW.EXE
WrCtrl.exe
WrAdmin.exe
lockdown2000.exe
Sphinx.exe
BlackICE.exe
blackd.exe
rapapp.exe
IAMAPP.EXE
NISUM.EXE
IAMSTATS.EXE
LUSPT.exe
ccApp.exe
ccEvtMgr.exe
ccPxySvc.exe
NISSERV.EXE
AUTODOWN.exe
VET32.exe
ETRUSTCIPE.exe
MWATCH.exe
EFPEADM.exe
EVPN.exe
cleaner3.EXE
cleaner.EXE
Navw32.exe
AVXMONITOR9X.EXE
AVXMONITORNT.EXE
AVXQUAR.EXE
NORMIST.EXE
NVC95.EXE
Claw95cf.exe
Claw95.exe
Nupgrade.exe
AVGCC32.EXE
AVGCTRL.EXE
AVGSERV.EXE
ICSUPP95.EXE
ICLOADNT.EXE
IOMON98.EXE
Vet95.exe
VetTray.exe
AutoDown.exe
Rescue.exe
WRADMIN.EXE
GUARD.EXE
DOORS.EXE
PCCIOMON.EXE
AvkServ.exe
AckWin32.exe
notstart.exe
MINILOG.EXE
VSMON.EXE
BLACKD.EXE
NISUM.EXE
NISSERV.EXE
NMAIN.EXE
IAMAPP.EXE
IAMSERV.EXE
CDP.EXE
GUARDDOG.EXE
FRW.EXE
PERSFW.EXE
LOCKDOWN.EXE
LOCKDOWN2000.EXE
SPHINX.EXE
NPROTECT.EXE
NDD32.EXE
SMC.EXE
NETUTILS.EXE
LDNETMON.EXE
PORTMONITOR.EXE
CONNECTIONMONITOR.EXE
navapsvc
NVSVC32
NAVAP
NAVENGNAVEX15
NAV Auto-Protect
SymProxySvc.exe
SweepNet
SWEEPSRV.SYS
AvSynMgr
AvgServ
_AVPM.EXE
AVPM.EXE
AVP.EXE
NAVAPW32.EXE
RTVSCN95.EXE
DEFWATCH.EXE
VPC32.EXE
VPTRAY.EXE
POPROXY.EXE
NAVAPSVC.EXE
ALERTSVC.EXE
NAVLU32.EXE
NAVWNT.EXE
NPSSVC.EXE
LUALL.EXE
SWNETSUP.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
IFACE.EXE
ADVXDWIN.EXE
PADMIN.EXE
NWTOOL16.EXE
NTVDM.EXE
ANTS.EXE
ANTI-TROJAN.EXE
WRCTRL.EXE
WRADMIN.EXE
TC.EXE
TCA.EXE
TCM.EXE
MOOLIVE.EXE
MGHTML.EXE
MCMNHDLR.EXE
MCVSRTE.EXE
MCVSSHLD.EXE
MGAVRTCL.EXE
MGAVRTE.EXE
SCAN32.EXE
SCRSCAN.EXE
VSECOMR.EXE
SYMTRAY.EXE
VSCHED.EXE
MCTOOL.EXE
AVXW.EXE
AVXMONITORNT.EXE
AVXMONITOR9X.EXE
AVXQUAR.EXE.EXE
AMON9X.EXE
AVGSERV.EXE
AVGW.EXE
AVGCC32.EXE
IOMON98.EXE
WEBTRAP.EXE
PCCWIN98.EXE
PCCIOMON.EXE
POP3TRAP.EXE
TDS-3.EXE
SS3EDIT.EXE
DOORS.EXE
JEDI.EXE
MONITOR.EXE
RAV7WIN.EXE
RAV7.EXE
SWEEP95.EXE
MCAGENT.EXE
MCUPDATE.EXE
ntrtscan.EXE
pccwin97.EXE
pccntmon.EXE
pcscan.EXE
Nui.EXE
CLAW95.EXE
CLAW95CF.EXE
NORMIST.EXE
NVC95.EXE
VET95.EXE
VETTRAY.EXE
AUTODOWN.EXE
VET32.EXE
ETRUSTCIPE.EXE
MWATCH.EXE
EFPEADM.EXE
EVPN.EXE
RESCUE.EXE
ACKWIN32.EXE
DVP95.EXE
DVP95_0.EXE
F-AGNT95.EXE
F-PROT95.EXE
EXPERT.EXE
FP-WIN.EXE
F-STOPW.EXE
VIR-HELP.EXE
F-PROT.EXE
SPYXX.EXE
ATWATCH.EXE
ATUPDATER.EXE
ATCON.EXE
PVIEW95.EXE
WGFE95.EXE
CTRL.EXE
LDPROMENU.EXE
LDSCAN.EXE
GENERICS.EXE
PROCESSMONITOR.EXE
PROGRAMAUDITOR.EXE
GUARD.EXE
TFAK.EXE
LUCOMSERVER.EXE
WIMMUN32.EXE
AutoTrace.exe
NWService.exe
NTXconfig.exe
NeoWatchLog.exe
NSCHED32.EXE
WATCHDOG.EXE
ISRV95.EXE
REALMON.EXE
AVWINNT.EXE
AVGSERV9.EXE
avkpop.exe
avkservice.exe
avkwctl9.exe
fsav32.exe
fameh32.exe
fch32.exe
fih32.exe
fnrb32.exe
fsaa.exe
fsgk32.exe
fsm32.exe
fsma32.exe
fsmb32.exe
sbserv.exe
apvxdwin.exe
gbpoll.exe
gbmenu.exe
pavproxy.exe
VbCons.exe
vbcmserv.exe
Avgctrl.exe
Avsched32.exe
defscangui.exe
navapsvc.exe
defalert.exe
npscheck.exe
Smc
CPD
avpm
AckWin32
Claw95
Monitor
avpm
vshwin32
f-stopw
APVXDWIN
PAVPROXY
VbCons
vbcmserv
_AVPCC
GBPOLL
TAUMON
zonealarm
vsmon
zapro
PERSWF
MPFSERVICE
VSHWIN32
VSECOMR
WEBSCANX
AVCONSOL
VSSTAT
ALOGSERV
CMGRDIAN
RULAUNCH
VSMAIN
GUARDDOG
AVSYNMGR
CMGrdian
alogserv
CPDClnt
cfgWiz
iamapp
iamserv
FRW
WrCtrl
WrAdmin
lockdown2000
Sphinx
BlackICE
blackd
IAMAPP
NISSERV
NISUM
IAMSTATS
LUSPT
navapw32
ccEvtMgr
ccPxySvc.exe
NISSERV.EXE
AUTODOWN
VET32
ETRUSTCIPE
MWATCH
EFPEADM
EVPN
cleaner3
cleaner
Navw32
AVXMONITOR9X
AVXMONITORNT
AVXQUAR
NORMIST
NVC95
Claw95cf
Claw95
Nupgrade
AVGCC32
AVGCTRL
AVGSERV
ICSUPP95
ICLOADNT
IOMON98
Vet95
VetTray
AutoDown
Rescue
WRCTRL
WRADMIN
GUARD
DOORS
PCCIOMON
AvkServ
AckWin32
notstart
AVSYNMGR
MINILOG
BLACKD
NISUM
NISSERV
NMAIN
IAMAPP
IAMSERV
FRW
PERSFW
LOCKDOWN
LOCKDOWN2000
SPHINX
NPROTECT
NDD32
NETUTILS
LDNETMON
PORTMONITOR
CONNECTIONMONITOR
NVSVC32
NAVAP
NAVENGNAVEX15
NAV Auto-Protect
SymProxySvc
SweepNet
SWEEPSRV.SYS
AvSynMgr
AvgServ
_AVP32
_AVPCC
_AVPM
AVPCC
AVPM
AVP
AVP32
NAVAPW32
RTVSCN95
DEFWATCH
VPC32
VPTRAY
POPROXY
ALERTSVC
NAVLU32
NAVW32
NAVWNT
NPSSVC
LUALL
SWNETSUP
ICLOAD95
ICMON
ICSUPP95
ICLOADNT
ICSUPPNT
IFACE
ADVXDWIN
PADMIN
NWTOOL16
NTVDM
ANTS
ANTI-TROJAN
WRCTRL
WRADMIN
TC
TCA
TCM
MOOLIVE
MGHTML
MCMNHDLR
MCVSRTE
MCVSSHLD
MGAVRTCL
MGAVRTE
VSHWIN32
SCAN32
SCRSCAN
ALOGSERV
VSECOMR
WEBSCANX
VSSTAT
SYMTRAY
VSCHED
MCTOOL
CMGRDIAN
AVXW
AVXMONITORNT
AVXMONITOR9X
AVXQUAR
AMON9X
AVGSERV
AVGW
AVGCC32
IOMON98
WEBTRAP
PCCWIN98
PCCIOMON
POP3TRAP
TDS-3
SS3EDIT
DOORS
JEDI
MONITOR
RAV7WIN
RAV7
SWEEP95
MCAGENT
MCUPDATE
ntrtscan
pccwin97
pccntmon
pcscan
CLAW95
CLAW95CF
NORMIST
NVC95
VET95
VETTRAY
AUTODOWN
VET32
ETRUSTCIPE
MWATCH
EFPEADM
EVPN
RESCUE
ACKWIN32
DVP95
DVP95_0
F-AGNT95
F-PROT95
EXPERT
FP-WIN
F-STOPW
VIR-HELP
F-PROT
SPYXX
ATWATCH
ATUPDATER
ATCON
PVIEW95
WGFE95
CTRL
LDPROMENU
LDSCAN
GENERICS
PROCESSMONITOR
PROGRAMAUDITOR
AVSYNMGR
GUARD
TFAK
LUCOMSERVER
WIMMUN32
AutoTrace
NWService
NTXconfig
NeoWatchLog
NSCHED32
WATCHDOG
ISRV95
REALMON
AVWINNT
AVGSERV9
avkpop
avkservice
avkwctl9
fsav32
fameh32
fch32
fih32
fnrb32
fsaa
fsgk32
fsm32
fsma32
fsmb32
sbserv
apvxdwin
gbpoll
gbmenu
pavproxy
VbCons
vbcmserv
Avgctrl
Avsched32
defscangui
navapsvc
defalert
npscheck