Trojan Horse Shutting Down Important Windows Functions

TROJ_KILLAV.LW is a new type of Trojan that attempts to modify important changes of a Windows machine, in order to infect the computer and be sure that nobody ever manages to detect or stop it. Dream on, kid! The Trojan horse has already been identified by the security companies and most antivirus technologies have already provided protection against it. But, let's see what it is able to do. First of all, TROJ_KILLAV.LW affects most Windows versions including 98, ME, NT, 2000, XP or Server 2003 after it arrives on the computer without users' approval. "This Trojan may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites", security company Trend Micro wrote in an advisory rolled out today.

Just like many other Trojan horses, TROJ_KILLAV.LW attempts to modify the Windows Common Startup folder in order to be sure that it is automatically started every time the operating system is loaded. "It creates and modifies registry entries to enable its automatic execution at every system startup", Trend Micro wrote.

And now, the juicy part: it disables both 'Automatic Windows Update' and 'Task Manager' functions in order to remain unidentified and be able to exploit other system vulnerabilities. By disabling the automatic updates, the Trojan horse tries to keep the computer away from the latest patches powered by Microsoft, which obviously means unpatched system and more vulnerabilities to be exploited. The 'Task Manager' modification is supposed to block the users from discovering the Trojan horse running on the system.

In addition to these changes, the infection also modifies the HOSTS files to block users from visiting certain websites. The HOSTS file is located in WINDOWSsystem32driversetc for the Windows XP users. Although Trend Micro set a high damage potential, I don't think this Trojan horse should be a problem if you have an updated antivirus solution.