Home / malware Trojan:WinNT/Kapa.A
First posted on 06 October 2010.
Source: SecurityHomeAliases :
Trojan:WinNT/Kapa.A is also known as KillKAV.D (AVG), Win32/Kapa.A (CA), Win32/AutoRun.AntiAV.R (ESET), Rootkit.Win32.Small (Ikarus), Generic Rootkit.ep (McAfee), RootKit.Win32.Mnless.bqp (Rising AV), Mal/Agent-S (Sophos), Hacktool.Rootkit (Symantec).
Explanation :
Trojan:WinNT/Kapa.A is a detection for a kernel-mode trojan that may be directed by other malware to terminate services.
Top
Trojan:WinNT/Kapa.A is a detection for a kernel-mode trojan that may be directed by other malware to terminate services. Installation Trojan:WinNT/Kapa.A terminates specified processes by using native API calls. The trojan may be present as a file named "DRV.SYS". The trojan c reates a device named "DrvDN". Payload Terminates processes Trojan:WinNT/Kapa.A searches for the non-exported kernel function "PspTerminateProcess" address and calls it to terminate a process name received from other malware.
Analysis by Shawn WangLast update 06 October 2010
