Trojan:AutoIt/Kilim.A

Posted: June 12, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	7

First Seen:	June 12, 2013
Last Seen:	February 9, 2020
OS(es) Affected:	Windows

Trojan:AutoIt/Kilim.A is a Trojan that distributes itself through compromised Facebook profiles through attacks that are enabled by malicious Chrome add-ons, which Trojan:AutoIt/Kilim.A installs automatically and then prevents you from removing. Trojan:AutoIt/Kilim.A's attacks appear to centralize around exposing social network users to malicious links and acquiring followers that Trojan:AutoIt/Kilim.A can sell illegally, but Trojan:AutoIt/Kilim.A also has the potential to cause other issues for your PC. With Trojan:AutoIt/Kilim.A throwing its hat into the social networking ring, it only has become clearer than ever that proactive defenses need to be used against Facebook-based PC threats, and SpywareRemove.com malware experts encourage both healthy communication and using good anti-malware software to confine and delete Trojan:AutoIt/Kilim.A.

Trojan:AutoIt/Kilim.A's Stealth Infiltration of Your Social Network

Trojan:AutoIt/Kilim.A functions as a three-part infection that involves two separate Chrome extensions, in addition to itself. Ordinarily, you first will bump into Trojan:AutoIt/Kilim.A through a Facebook link from a friend... that actually is posted by Trojan:AutoIt/Kilim.A through the aforementioned browser add-ons. The links are typically mislabeled to encourage you to download them blithely, and even may include artificial 'like' flags that also can be generated by Trojan:AutoIt/Kilim.A.

Launching the files associated with Trojan:AutoIt/Kilim.A's links not only infects your PC, but also opens up your Facebook account to the same exploits that Trojan:AutoIt/Kilim.A used to distribute itself to your PC in the first place. SpywareRemove.com malware experts also have found that Trojan:AutoIt/Kilim.A uses some simplistic but novel defenses to prevent you from just deleting its Chrome add-ons:

Trojan:AutoIt/Kilim.A redirects you away from the Chrome 'settings' page, regardless of whether you try to access it through the browser's menu or through the address bar. These redirects load either Google or the Chrome app store.
Trojan:AutoIt/Kilim.A also will disable the User Access Control or UAC, a Windows security feature from Vista up to Windows 8 and Server 2012. This prevents you from stopping programs that could make unauthorized changes to your PC.

Telling this Bad Friend to Pack Its Bags

In terms of profitability, Trojan:AutoIt/Kilim.A's aim seems to be to use Facebook as a tool for packaging artificial groups of followers that then can be sold for easy increases in traffic. However, SpywareRemove.com malware experts warn that Trojan:AutoIt/Kilim.A also includes some basic self-updating and backdoor connectivity features that could allow Trojan:AutoIt/Kilim.A to use other attacks in the future, and the possibility remains open for Trojan:AutoIt/Kilim.A to be used for high-level attacks. All of this is, of course, in addition to the fact that Trojan:AutoIt/Kilim.A knowingly hampers your PC's security and, as a result, should be removed as hastily as possible.

SpywareRemove.com malware experts encourage using anti-malware products for deleting Trojan:AutoIt/Kilim.A, as well as its Chrome add-ons, which may be detected by the name Trojan:JS/Kilim.A. An incomplete removal of Trojan:AutoIt/Kilim.A usually will not tend to its malicious add-ons, which usually are disguised as fake Flash Player plugins or other types of harmless extensions.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%windir%\adobeflash2\update.xml

File name: %windir%\adobeflash2\update.xml
Mime Type: unknown/xml
Group: Malware file

%windir%\adobeflash\update.xml

File name: %windir%\adobeflash\update.xml
Mime Type: unknown/xml
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist "2" = "%windir%\adobeflash2\update.xml"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist "1" = "%windir%\AdobeFlash\update.xml"