Hello. I somehow received the Trojan.KillAV virus and need to get it removed. I tried going to Symantec for their removal tool, however the nature of the virus redirects my browser to other sites preventing me from getting the removal tool. It has also removed my administrative privledges, so I am struggling to add/remove programs. Does anyone have the removal tool in a state that I can download it directly from the thread to get rid of it? Thanks in advance for any help you can provide. Have a great day!

10 Years
Discussion Span
Last Post by INT3

I don't have the removal tool but you can probably get it yourself and run it... the trojan has very likely set values in your hosts file which are blocking you from some anti-malware sites. Solution is to remove those entries, ie. reset your hosts file.
You can do this manually or with this tool:
==download HostsXpert from http://www.funkytoad.com/content/view/13/31/
-click Restore MS Hosts File button.
Some security applications, possibly also various malware, will lock your Hosts file [as a protection]. If HostsXpert is unable to restore your file check for applications which may have incidentally locked it. Lock/Unlock hosts exists in Zonealarm and Spybot S&D.
ZoneAlarm : look under firewall, advanced;
Spybot : click Tools, Hosts File, uncheck "Lock Hosts file read-only as protection against hijackers"
Or just...[ but a Spybot setting may over-ride this command....] do this:
Go Start, run, type cmd -press Enter. Paste this line into the window at the prompt, press Enter, close the window and try the Restore button again.

attrib -r -h -s %SystemRoot%\system32\drivers\etc\HOSTS

Manually: the hosts file is at C:\windows\system32\drivers\etc\hosts. Run the command above then drag the hosts file onto a notepad to open it. Delete all extra entries so that your file has only this entry : localhost
Save it, then try the removal tool URL again.



If you have "Your browser was hijacked by Trojan.KillAV" or something like "Your browser was hijacked by Trojan.KillAV"

This infection is arrived via bad CODEC installs aka Zlob. You can read this:
How to use SmitFraudFix


This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.