Aliases: Trojan-Downloader.Win32.AutoIt.s, W32/YahLover.worm, TR/Spreader.A, Mal/Generic-A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 12 Sep 2007
Damage: Low

Characteristics: The worm W32.Killaut.A infects local and removable drives by creating copies of itself into the drives. In addition, it can also disable antivirus-related process and system tools. It infects all versions of Windows. Infection from this worm has a very low risk and can be easily removed from an infected computer manually.

More details about W32.Killaut.A

W32.Killaut.A is a worm that copies itself to both local drives and removable drives. The worm disables system tools and certain antivirus-related processes. It can infect all versions of Windows. When the worm is executed, it copies itself into local and removable drives. The attributes of the folders are set to hidden to lure users into clicking the malicious file instead of the original folder. After that, the worm copies the files %SystemDrive%\autorun.inf and %SystemDrive%\New_Folder.exe into all local and removable drives available. It deletes certain registry subkeys disabling the usual startup process of the infected computer. When the worm is executed, it may also attempt to end the processes sp_rsser.exe and avgupsvc.exe or it may attempt to pause or stop the services sp_rssrv and avg7alrt.

The computer worm is capable of scanning network shares on random IP addresses. It will create copies of itself on the shared folders of the computer if the worm gains full access on the system. The program will possibly copy itself in the hard disk of the computer. It can also use other malware applications such as a downloader Trojan program to propagate. The W32.Killaut.A program can also be distributed through e-mail, peer-to-peer (P2P) file sharing networks.