Win32/KillWin [Threat Name] go to Threat

Win32/KillWin.NCI [Threat Variant Name]

Category trojan
Size 222128 B
Detection created Oct 24, 2017
Detection database version 16297
Aliases Trojan.Win32.Agent.qwesig (Kaspersky)
  Trojan.KillFiles.61789 (Dr.Web)
Short description

The trojan has a simple payload.

Installation

When executed, the trojan copies itself into the following location:

  • %startup%

This causes the trojan to be executed on every system start.

Payload information

It may perform the following actions:

  • manipulate application windows
  • delete files

The trojan may delete the following files:

  • c:\­ntldr
  • c:\­win.ini
  • c:\­boot.ini
  • c:\­windows.ini
  • c:\­autoexec.bat
  • c:\­windows\­win.ini
  • c:\­windows\­system32\­hal.dll
  • c:\­windows\­system32\­winload.exe

The trojan may cause the operating system to crash.

Other information

The trojan changes the window title of all running applications to the following text:

  • 666

Please enable Javascript to ensure correct displaying of this content and refresh this page.