Win32/AntiAV [Threat Name] go to Threat

Win32/AntiAV.NHH [Threat Variant Name]

Category trojan
Size 24368 B
Detection created Oct 15, 2010
Detection database version 5534
Aliases Trojan-Downloader.Win32.Small.axbi (Kaspersky)
  Trojan.Dropper (Symantec)
  Downloader.Generic10.ABLE (AVG)
Short description

Win32/AntiAV.NHH is a trojan which tries to download other malware from the Internet. The trojan terminates various security related applications.

Installation

When executed, the trojan creates the following files:

  • %system%\­lqcyc52.cyc (26112 B)
  • %windir%\­systemdebug.exe (4396 B)

The trojan creates and runs a new thread with its own program code in all running processes.


After the installation is complete, the trojan deletes the original executable file.

Other information

The trojan acquires data and commands from a remote computer or the Internet.


The trojan contains a list of (2) URLs.


The trojan can download and execute a file from the Internet.


The files are saved into the following folder:

  • %temp%

The following filename is used:

  • %variable%.exe

The %variable% represents a random number.


The following programs are terminated:

  • 0000ksdesk.exe
  • 360realpro.exe
  • 360rp.exe
  • 360Safe.exe
  • 360sd.exe
  • 360tray.exe
  • 360WDMain.exe
  • avp.exe
  • dep360.exe
  • DSMain.exe
  • egui.exe
  • ekrn.exe
  • IceSword.exe
  • kav32.exe
  • kavstart.exe
  • kppmain.exe
  • kppserv.exe
  • kpptray.exe
  • liveupdate360.exe
  • ODbgScript.dll
  • ollydbg.exe
  • OllyDump.dll
  • RavMonD.exe
  • RsMain.exe
  • RsTray.exe
  • SnipeSword.exe
  • WpeSpy.dll
  • WSockExpert.exe
  • WSockHook.dll
  • wsyscheck.exe
  • ZhuDongFangYu.exe

The trojan may create the following files:

  • c:\­test.bat
  • c:\­WINDOWS\­boot.ini

Please enable Javascript to ensure correct displaying of this content and refresh this page.