Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
2 replies to this topic

#1 digicrow


  • Members
  • 32 posts
  • Local time:10:35 AM

Posted 24 December 2006 - 08:12 PM

This particular piece of spyware I could not find in a search of your database. I quarantined it with AVG (formerly-Ewido). Is there anything else I need to do? A google search for the exact name that AVG gave me found nothing. The exact name: dropper.agent.amm. Is this new in the jungle or is it just not yet in your database? I hope that, if this is new, it is some help to you folks who are doing a marvelous job. I think AVG has quarantined it, if not, give a bit of help, please. I don't know if this is the reason I have had other MACs showing up on my Trend port protection. But, I would like to know.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,927 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:35 AM

Posted 26 December 2006 - 08:30 AM

dropper.agent.amm is the name assigned by AVG to the file it detected as infection. A quick search disclosed an AVG Anti-Spyware log posted at another forum with the following entry:

C:\Program Files\PacificPoker\pv.exe -> Dropper.Agent.amm : Cleaned

Certain Process Viewer programs include pv.exe. PrcView is a command line utility that allows automating common task like figuring out if particular process is running or killing a running process. Files like this may have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. Anti-virus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. Depending on where you got this file and what its being used for will determine if its bad or a false positive.

However, pv.exe can be included with other programs that will misuse it. See eTrust's Spyware Encyclopedia info where this file is included as part of DriveCleaner 2006.

In the above example this file was related to PacificPoker. Poker programs and online gaming sites are infested with malware and lead you to other sites where more malware is lurking. Gaming sites are an increasing source of malware which you can inadvertently download without knowledge or consent. Users visiting such sites may see innocuous-looking banner ads containing code that can launch annoying pop-up ads and even change the home page settings of your browser.

rdsok - AVG Moderator wrote:

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, email a copy to virus@grisoft.com with a brief description.

If it is a false positive , turn off hueristic scanning for the time being. When Grisoft adjusts the virus defintions you can turn it back on.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 digicrow

  • Topic Starter

  • Members
  • 32 posts
  • Local time:10:35 AM

Posted 26 December 2006 - 01:09 PM

My wife and I are the only ones who use this computer as far as I know. Occasionally one of our children will check their email on it when visiting. Neither my wife nor I are "gamers" so I am not sure where this came from. I happened to do a scan of my wifes section of the HDD and that is when this came up. Interesting result that you indicate. As I am the only one who knows the computer will enough to install software and hardware this is a mystery. I would think that this came from some other website.

One last point for clarification, if you don't mind: Does AVG, and other anti-spy/virus, work only on the section of the HDD under whose name it is installed or does it scan the entire HDD. In other words, I have my User section and my wife has her User section and it would seem that when I run scans with the anti-spy it cleans and checks only my sections, as in this case.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users