Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Shows commercial adverts
  • Normal system programs crash immediatelly
  • Slow internet connection
  • System crashes
  • Annoying Pop-up's
  • Slow Computer

Trojan.KillAV

Trojan.KillAV is a clearly malicious application consisting of harmful functionality which is utilized to ensure a PC user’s entire network remains compromised and possibly endangered. The term Trojan reveals that this infection is not only installed under deceptive pretences, infiltrating the user’s PC without their approval or knowledge, but also refers to the fact that it is intensely dangerous for any PC system. This Trojan is particularly damaging as once it has fully embedded itself within the operating system, it puts it at risk of the opening of illicit network connections, the use of polymorphic tactics to self-mutate, the disabling of already installed security software, modification of system files, and not forgetting the installation of additional malware. The fact that this infection can easily enter any PC system via security exploits and flaws, most times without the user’s interaction, means that all computers that are not protected are susceptible to it. Continue reading to learn more about the tactics of this Trojan, as well as to learn how to remove Trojan.KillAV.

Nowadays, the name “Trojan.KillAV” is used to identify various Trojans; however, this was not always the case. The first infection identified by this name was first discovered back in 1999, and it was capable of detecting and terminating the processes of authentic antivirus tools. Needless to say, this infection was designed to help cyber criminals perform malicious activity without alarming the user, and this technique has been employed by many other infections since. Right now, multiple different Trojans capable of terminating AV processes are identified using this very name. The original infection was automatically run from HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN. Its Value Name was WIN32.DLL, and the Value Data said “C:\Windows\WINLOGON .exe”. According to our research, the original infection used different processes, including killer.exe, System_File.exe, and WINLOGON .exe. The name of the latter process might seem identical to the name of an authentic Windows process that is responsible for authorizing users and checking Windows activation. Needless to say, the name of this authentic process is used to conceal the malicious one by Trojan.KillAV so that users would not terminate it. Note that the description of the malicious process is "WINLOGON .EXE," and the description of the legitimate process is "Windows Logon Application."

According to our research, Trojan.KillAV also has many different aliases, including Troj/PWS-AC, PWS-AC, and Trojan.PSW.Stealth. These names reveal another side of the malicious infection: It can steal sensitive information. Your passwords are sensitive because they are the key to hijacking your personal accounts. If this malicious, clandestine Trojan manages to steal your passwords using keyloggers installed without your permission, your social networking accounts could be used to spread malware via social media sites. Furthermore, your email could be used to spread infected spam emails to the people you know or completely random addressees. On top of that, your operating system could be hijacked. Other versions of the malicious Trojan.KillAV were found to perform in other malicious ways. For example, some can download multiple ad-supported programs from the Conduit family. In fact, it is very likely that third-party malware will be downloaded along with or by this Trojan. Therefore, if you detect this threat, make sure you inspect your operating system for any additional infections.

The removal process is rarely straightforward when it comes to malware, and especially Trojans. Detecting Trojan.KillAV is complicated enough, and deleting this threat can be even more difficult. The original threat can be eliminated using the steps below. Although you can disable this infection by terminating one process and removing one file, we still recommend installing an automated malware remover to eliminate any remaining threats. As you know, this clandestine Trojan usually comes packaged with malware (e.g., data-stealing keyloggers), or it can download malware to perform malicious activities. In either case, your virtual security is at risk, and you need to do everything to ensure complete elimination of malware. If you have already made a decision to delete existing threats manually, the first thing you need to do is scan your operating system to identify malware. Only if you know which threats have corrupted your PC, can you eliminate them successfully. Use the comments section below if you have any questions about any of the processes associated with the removal of Trojan.KillAV or other threats.

Trojan.KillAV Removal

  1. Launch Task Manager (tap Ctrl+Shift+Esc or Ctrl+Alt+Delete).
  2. Click the Processes tab and select WINLOGON .exe (description: “WINLOGON .exe”).
  3. Click End Process/End task and close the window.
  4. Launch Explorer (tap Win+E).
  5. Type C:\Windows into the address bar and find WINLOGON .exe (the original winlogon.exe file is located in C:\Windows\System32).
  6. Right-click and Delete the file.
  7. Launch the browser and type http://www.pcthreat.com/download-sph into the address bar.
  8. Download and install an automated remover to clean your system from the remaining threats.
Download Spyware Removal Tool to Remove* Trojan.KillAV
  • Quick & tested solution for Trojan.KillAV removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Trojan.KillAV

Files associated with Trojan.KillAV infection:

Live.exe
mdm.exe
rqd.exe
her.exe
ComboFix.exe
6DSS92c31Apgjk.exe
av.exe
VCDAuto.exe
wrdivin.dll
srenum.sys
rloadh6B.dll
gonrrkt.dll
WmiSvc.sys
avkbrlfvwwnfeskoi.exe
winlogon.exe
giuqodcrohhcmoawujix.exe
upoeurmzrmbbhcaliio.exe
sysrest32.exe
nodlogin.exe

Trojan.KillAV DLL's to remove:

wrdivin.dll
rloadh6B.dll
gonrrkt.dll

Trojan.KillAV processes to kill:

Live.exe
mdm.exe
rqd.exe
her.exe
ComboFix.exe
6DSS92c31Apgjk.exe
av.exe
VCDAuto.exe
avkbrlfvwwnfeskoi.exe
winlogon.exe
giuqodcrohhcmoawujix.exe
upoeurmzrmbbhcaliio.exe
sysrest32.exe
nodlogin.exe

Remove Trojan.KillAV registry entries:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ atqesngrhanlpieni
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ iismivsfarpiqqauqd
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ NodLogin
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ sysrest32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ tnbrgzshhgwnlyps
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Windows Login Assistance
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.