Trojan:WinNT/KillAV.E is a kernel mode rootkit, which is used to terminate processes related to antivirus and security software. It may also perform other functions, such as deleting files, overwriting registry entry data, and others.
Performs certain actions
Trojan:WinNT/KillAV.E is a rootkit provides functionality used by other malware. It is capable of performing the following functions:
Restore System Service Dispatch Table (SSDT) hooks
Terminate processes related to antivirus and security software
Overwrite data for registry entries related to antivirus and security software
Analysis by Zhitao Zhou
The following system changes may indicate the presence of this malware: