Win32/KillFiles [Threat Name] go to Threat

Win32/KillFiles.NCL [Threat Variant Name]

Category trojan
Size 49152 B
Aliases Downloader.MisleadApp (Symantec)
  BKDR_DSBOT.EH (TrendMicro)
  Downloader.VB.LPN (AVG)
Short description

Win32/KillFiles.NCL is a trojan that deletes files in specific folders.


The trojan does not create any copies of itself.

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "%executablefilename%" = "%malwarepath%"
Payload information

The trojan attempts to delete the following files:

  • %programfiles%\­*.*
  • %programfiles%\­Scpad\­*.*
  • %programfiles%\­Scpad\­resultadoa
  • %programfiles%\­Scpad\­resultadob
  • %programfiles%\­Scpad\­resultadoc
  • %programfiles%\­Scpad\­resultadod
  • %programfiles%\­Scpad\­resultadoe
  • %programfiles%\­GbPlugin\­GbpSv.exe
  • %allusersprofile%\­Dados de aplicativos\­Scpad\­*.*
  • %windir%\­Downloaded Program Files\­CONFLICT.1\­*.*
  • %windir%\­Downloaded Program Files\­*.*
  • %windir%\­Downloaded Program Files\­resultadof
  • %windir%\­Downloaded Program Files\­resultadog
  • %windir%\­system32\­resultadoh
  • %windir%\­system32\­resultadoi
  • %windir%\­system32\­scplib.dll
  • %windir%\­system32\­scpmib.dll
  • %windir%\­system32\­sshib.dll
  • %windir%\­system32\­Logof.dll
Other information

The trojan may create the following files:

  • %malwarefolder%\­Gbp.log

The trojan may delete the following files:

  • %malwarefolder%\­Gbp.log

The following programs are terminated:

  • GbpSv.exe
  • iexplore.exe
  • explorer.exe
  • winlogon.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.