Spyware, viruses, & security : AVG7.5 false positive? knlwrap.exe
- 8/22/08 12:26 PM
AVG7.5 false positive? knlwrap.exe
by MarkFlax - 8/22/08 12:26 PM
Hi all.
My AVG 7.5 scanner popped up with this file today which they call Trojan horse Dropper.Agent.JOC . It is quarantined, and so I can't check its creation date. File size 126976 bytes, (124KB).
It was detected in my C:\Program Files\Common Files\InstallShield\engine\6\Intel 32 folder, and all other files in that folder have creation dates ranging from Sept 2001 to Feb 2005, but nothing more recent. The Intel 32 folder was created in 2003.
I suspect the file has been in that folder ever since I purchased this system 4 or 5 years ago, but AVG has not picked it up before. I updated AVG's virus definitions today before the scan.
Google shows a number of articles about this file, but nothing that is conclusive. Filenet.com shows it variously as a necessary file for InstallShield, or as a keylogger, or installed with other apps like Roxio, and other web sites show similar inconclusive results.
I suspect it is a false positive, to do with today's virus definition update. I did attempt to search the AVG forums for this knlwrap.exe, but I never have much luck searching those forums, 
Has anyone reported this before? I've kept it quarantined, and I may restore it when I get the next definitions update to see if it is in fact a false positive and the new definitions has removed it from the database.
By the way, Google does not show much about Trojan horse Dropper.Agent.JOC
Many thanks.
Mark
knlwrap.exe
by billy_womble - 8/22/08 1:01 PM In reply to: AVG7.5 false positive? knlwrap.exe by MarkFlax
If it's any consolation, I have had exactly the same problem today (22 August) with AVG 8.0 (virus update today)
Tojan horse Dropper.Agent.JOC
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
I'm hoping it's a false positive too!
Trojan horse dropper agent JOC
by roxanneabigail - 8/22/08 2:02 PM In reply to: knlwrap.exe by billy_wombleI,too, had the same problem (8/22), but my files were C:\system Volume Information\_restore(F845E3DB-I751-4BE4-A620-64F2CA1BFB5F}\RP157\A))17173.exe
Trojan horse Dropper.Agent.JOC
by AldoVW - 8/22/08 1:40 PM In reply to: AVG7.5 false positive? knlwrap.exe by MarkFlax
Make that 3. AVG version 8
Same thing - updated and then scanned. Here is the difference. I run AVG on three different computers. Only 1 of the three got the virus. the two that didn't are wireless (not sure if that makes a difference).
I am not a computer person so dont laugh.
It picked up 11 files Trojan horse Dropper.Agent.JOC
program files
system volume info
and 3 windows\installer - these were moved to the virus vault.
The remaining 6 files WINDOWS\Installer\ Trojan horse Dropper.Agent JOC. just said Infected.
when i clicked remove all unhealed infections it said something like the files are too big.
Should I be freaking out?
There was another update released just now so
by roddy32 - 8/22/08 1:47 PM
In reply to: AVG7.5 false positive? knlwrap.exe by MarkFlax
I would try updating and see if the detection is still there or not.
New update
by billy_womble - 8/22/08 1:59 PM In reply to: There was another update released just now so by roddy32
Thanks for the tip.
Unfortunately, it's still picked up as a threat by AVG 8.0
Spyware Doctor
by AldoVW - 8/22/08 2:05 PM In reply to: New update by billy_wombleSince posting - I have been browsing - Spyware Doctor seems to be the software in removing this virus. www.pctools.com Will see.
Me, too!
by cycler1729 - 8/22/08 1:53 PM In reply to: AVG7.5 false positive? knlwrap.exe by MarkFlax
My AVG 7.5 is running right now and it says the same thing! I did a search on the knlwrap.exe and Google "says" that it is a key logger. AVG deleted it so I've got no additional information, but I once had another Dropper virus and it did a lot of damage.
Other views
by billy_womble - 8/22/08 2:16 PM In reply to: Me, too! by cycler1729This guy seems to know what he's doing:
http://discussions.virtualdr.com/showthread.php?t=232995
Most likely a false positive
ME TOO
by krisdr - 8/22/08 2:27 PM In reply to: Other views by billy_wombleI just ran AVG 8.0 and my computer had 22 treats of this Trojan horse dropper.agent.JOC. After doing quite a bit of googling this it seems to only be detected by AVG. Lets hope for a false positive.
Knlwrap.exe - report to AVG as false positive
by evorg the elder - 8/22/08 7:14 PM In reply to: ME TOO by krisdrI also have it. Attempted to report as possible false positive but AVG 8 failed to send it.
And now
by cycler1729 - 8/22/08 4:10 PM In reply to: Other views by billy_wombleI updated my AVG and it's running now and it's showing A0010836.exe as the same thing in another folder.
Same thing...
by SlamDesigns - 8/22/08 5:32 PM In reply to: And now by cycler1729Been getting the same results as all of you...and additionally, for the past week and half AVG has been telling me that my RoadRunner Medic program is a virus. Waaaaay too many false positives lately.
Mark,
by Marianna Schmudlach - 8/22/08 7:50 PM
In reply to: AVG7.5 false positive? knlwrap.exe by MarkFlax
I have sent an e-mail to
AVG Technical Support <technicalsupport@grisoft.com>
and linked to this thread.
HTH
Me too on one PC
by dough_dallas - 8/22/08 8:36 PM In reply to: Mark, by Marianna Schmudlach
OS WinXP Pro
Running AVG Fee Edition v8.0.138 - release date today 2008-08-22 @ 1:32 PM
Trojan horse Dropper.Agent.JOC flagged at 4:17:11 PM and moved to virus vault.
Path to File- C:Program Files\Common\InstallShield\Engine\6\Intel 32\knkwrap.exe
I've never had a virus hit. Wondering what to do and based on this thread even more confused. Please advise best actions. At this point, unless advised otherwise, I'll leave it in the vault and wait furhter information from this thread.
Any help appreicated.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
