Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Dropper.agent.joc


  • Please log in to reply
1 reply to this topic

#1 carol0412

carol0412

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 24 August 2008 - 04:29 AM

I have windows XP and run AVG 8.0 everyday, Malwarebytes every week and Super Antispy also once a week (all free versions). Yesterday AVG picked up 11 infections and could only delete 2. They are trojan horse Dropper.Agent.Joc. I googled this and found a lot of discussion and everyone who had this message appeared to have used AVG and all got the message over two days only, and some thought that it wasn't a problem.

This is what I got fromAVG

C:\WINDOWS\Installer\1cb08d6.msi:\Binary.ISScript.Msi:\Binary.knlwrap.exe
C:\WINDOWS\Installer\1cb08d6.msi:\Binary.ISScript.Msi
C:\WINDOWS\Installer\1cb08d6.msi
C:\WINDOWS\Installer\1cb08d6.msi:\Binary.ISScript.Msi:\Binary.knlwrap.exe
C:\WINDOWS\Installer\1cb08d6.msi:\Binary.ISScript.Msi
C:\WINDOWS\Installer\1cb08d6.msi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP616\A0062839.exe
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
C:\Deckard\System Scanner\backup\DOCUME~1\Carol\LOCALS~1\Temp\1ca5b6a.msi:\Binary.ISScript.Msi:\Binary.knlwrap.exe
C:\Deckard\System Scanner\backup\DOCUME~1\Carol\LOCALS~1\Temp\1ca5b6a.msi:\Binary.ISScript.Msi:
C:\Deckard\System Scanner\backup\DOCUME~1\Carol\LOCALS~1\Temp\1ca5b6a.msi:

So only having enough knowledge to be dangerous I did the following:

Ran Malwarebytes - found 0

Ran Super Antispy - found 0

Downloaded and ran Ad-Aware - found 80 and deleted them

Switched off and

Ran Ad Aware again - found 35 and deleted them

switched off again

Ran Spybot Search and destroy - found loads of cookies

Ran AVG again and found no threats


Do you think I have a problem on this computer still and as I do all my financials on here I am worried to say the least? You were so brilliant last time I had a problem and I hope this time you will tell me that this is nothing to worry about.

Thank you once again for your time and trouble.

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 AM

Posted 24 August 2008 - 06:49 PM

According to this discussion thread, knlwrap.exe appears to be a false detection by AVG.

Edited by quietman7, 24 August 2008 - 06:49 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users