Guest ggalv Posted September 6, 2008 Posted September 6, 2008 My AVG Antivirus initially found this to be "Trojan Horse Dropper.Agent.JOC." and placed it in the valut. It was located in C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe. It was in the vault for about 3 weeks, then finally I found out that it was a "false positive" and I restored the file to its original location from the AVG Vault. Do you guys/girls know what this file (knlwrap.exe) is for? Also, would having it in the vault for 3 weeks cause my computer or some software not to function properly? THANKS After I did the restore, the file is now in its original location. But the file is still in the Vault. Now, should I delete it from the vault or empty the vault? THANKS
Guest PA Bear [MS MVP] Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe 1. Who said it was a F/P? 2a. Are you running AVG v8.0.169 or v7.5.x? > After I did the restore, the file is now in its original location. But the > file is still in the Vault. Now, should I delete it from the vault or > empty > the vault? 2b. Is AVG still identifying the file as a keylogger? 3. AVG Free Forum: http://freeforum.avg.com/ -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ ggalv wrote: > My AVG Antivirus initially found this to be "Trojan Horse > Dropper.Agent.JOC." and placed it in the valut. > > It was located in C:\Program Files\Common > Files\InstallShield\Engine\6\Intel > 32\knlwrap.exe. > > It was in the vault for about 3 weeks, then finally I found out that it > was > a "false positive" and I restored the file to its original location from > the > AVG Vault. > > Do you guys/girls know what this file (knlwrap.exe) is for? Also, would > having it in the vault for 3 weeks cause my computer or some software not > to > function properly? > > After I did the restore, the file is now in its original location. But the > file is still in the Vault. Now, should I delete it from the vault or > empty > the vault? THANKS
Guest ggalv Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe 1. These are two postings that discusses this being as "false positive". Does this seem right? http://discussions.virtualdr.com/showthread.php?t=232995 http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html 2a. I am running AVG v7.5 with the latest updates. 2b. After I restored the file, I right clicked the file with and did a scan with AVG and AVG did not find any threat. Then I scan my whole computer and AVG did not find any threat again. 3. Do you know what this file (knlwrap.exe) is for? Also, would having it in the AVG vault and not in its original location for 3 weeks cause my computer or some software not to function properly? THANKS "PA Bear [MS MVP]" wrote: > 1. Who said it was a F/P? > > 2a. Are you running AVG v8.0.169 or v7.5.x? > > > After I did the restore, the file is now in its original location. But the > > file is still in the Vault. Now, should I delete it from the vault or > > empty > > the vault? > > 2b. Is AVG still identifying the file as a keylogger? > > 3. AVG Free Forum: http://freeforum.avg.com/ > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > > ggalv wrote: > > My AVG Antivirus initially found this to be "Trojan Horse > > Dropper.Agent.JOC." and placed it in the valut. > > > > It was located in C:\Program Files\Common > > Files\InstallShield\Engine\6\Intel > > 32\knlwrap.exe. > > > > It was in the vault for about 3 weeks, then finally I found out that it > > was > > a "false positive" and I restored the file to its original location from > > the > > AVG Vault. > > > > Do you guys/girls know what this file (knlwrap.exe) is for? Also, would > > having it in the vault for 3 weeks cause my computer or some software not > > to > > function properly? > > > > After I did the restore, the file is now in its original location. But the > > file is still in the Vault. Now, should I delete it from the vault or > > empty > > the vault? THANKS > >
Guest Daave Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe From relevant discussions I've seen (including what you have posted), it seems that this is indeed a false positive and with the most recent definitions, AVG is no longer considering this malware. I believe there was a keylogger years ago with the same file name. I have no idea what this program does. It appears to be added with Roxio Easy CD Creator 5. I doubt its absence would mess up your whole system. It *might* affect Roxio, depending on what it does. "ggalv" <ggalv@discussions.microsoft.com> wrote in message news:666B8057-7B15-408B-997D-61AB0A049818@microsoft.com... > 1. These are two postings that discusses this being as "false > positive". > Does this seem right? > > http://discussions.virtualdr.com/showthread.php?t=232995 > > http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html > > 2a. I am running AVG v7.5 with the latest updates. > > 2b. After I restored the file, I right clicked the file with and did > a scan > with AVG and AVG did not find any threat. Then I scan my whole > computer and > AVG did not find any threat again. > > 3. Do you know what this file (knlwrap.exe) is for? Also, would > having it > in the AVG vault and not in its original location for 3 weeks cause my > computer or some software not to function properly? > > THANKS > > "PA Bear [MS MVP]" wrote: > >> 1. Who said it was a F/P? >> >> 2a. Are you running AVG v8.0.169 or v7.5.x? >> >> > After I did the restore, the file is now in its original location. >> > But the >> > file is still in the Vault. Now, should I delete it from the vault >> > or >> > empty >> > the vault? >> >> 2b. Is AVG still identifying the file as a keylogger? >> >> 3. AVG Free Forum: http://freeforum.avg.com/ >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> >> ggalv wrote: >> > My AVG Antivirus initially found this to be "Trojan Horse >> > Dropper.Agent.JOC." and placed it in the valut. >> > >> > It was located in C:\Program Files\Common >> > Files\InstallShield\Engine\6\Intel >> > 32\knlwrap.exe. >> > >> > It was in the vault for about 3 weeks, then finally I found out >> > that it >> > was >> > a "false positive" and I restored the file to its original location >> > from >> > the >> > AVG Vault. >> > >> > Do you guys/girls know what this file (knlwrap.exe) is for? Also, >> > would >> > having it in the vault for 3 weeks cause my computer or some >> > software not >> > to >> > function properly? >> > >> > After I did the restore, the file is now in its original location. >> > But the >> > file is still in the Vault. Now, should I delete it from the vault >> > or >> > empty >> > the vault? THANKS >> >>
Guest ggalv Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe I really appreciate the help I have been receiving in this forum the last few days. I have never added Roxio Easy CD Creator to my computer. Do you know of another possibility where this file came from or what it does? THANKS "Daave" wrote: > From relevant discussions I've seen (including what you have posted), it > seems that this is indeed a false positive and with the most recent > definitions, AVG is no longer considering this malware. I believe there > was a keylogger years ago with the same file name. > > I have no idea what this program does. It appears to be added with Roxio > Easy CD Creator 5. I doubt its absence would mess up your whole system. > It *might* affect Roxio, depending on what it does. > > > "ggalv" <ggalv@discussions.microsoft.com> wrote in message > news:666B8057-7B15-408B-997D-61AB0A049818@microsoft.com... > > 1. These are two postings that discusses this being as "false > > positive". > > Does this seem right? > > > > http://discussions.virtualdr.com/showthread.php?t=232995 > > > > http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html > > > > 2a. I am running AVG v7.5 with the latest updates. > > > > 2b. After I restored the file, I right clicked the file with and did > > a scan > > with AVG and AVG did not find any threat. Then I scan my whole > > computer and > > AVG did not find any threat again. > > > > 3. Do you know what this file (knlwrap.exe) is for? Also, would > > having it > > in the AVG vault and not in its original location for 3 weeks cause my > > computer or some software not to function properly? > > > > THANKS > > > > "PA Bear [MS MVP]" wrote: > > > >> 1. Who said it was a F/P? > >> > >> 2a. Are you running AVG v8.0.169 or v7.5.x? > >> > >> > After I did the restore, the file is now in its original location. > >> > But the > >> > file is still in the Vault. Now, should I delete it from the vault > >> > or > >> > empty > >> > the vault? > >> > >> 2b. Is AVG still identifying the file as a keylogger? > >> > >> 3. AVG Free Forum: http://freeforum.avg.com/ > >> -- > >> ~Robear Dyer (PA Bear) > >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > >> AumHa VSOP & Admin http://aumha.net > >> DTS-L http://dts-l.net/ > >> > >> > >> ggalv wrote: > >> > My AVG Antivirus initially found this to be "Trojan Horse > >> > Dropper.Agent.JOC." and placed it in the valut. > >> > > >> > It was located in C:\Program Files\Common > >> > Files\InstallShield\Engine\6\Intel > >> > 32\knlwrap.exe. > >> > > >> > It was in the vault for about 3 weeks, then finally I found out > >> > that it > >> > was > >> > a "false positive" and I restored the file to its original location > >> > from > >> > the > >> > AVG Vault. > >> > > >> > Do you guys/girls know what this file (knlwrap.exe) is for? Also, > >> > would > >> > having it in the vault for 3 weeks cause my computer or some > >> > software not > >> > to > >> > function properly? > >> > > >> > After I did the restore, the file is now in its original location. > >> > But the > >> > file is still in the Vault. Now, should I delete it from the vault > >> > or > >> > empty > >> > the vault? THANKS > >> > >> > > >
Guest Daave Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe Have a look here: http://www.file.net/process/knlwrap.exe.html "ggalv" <ggalv@discussions.microsoft.com> wrote in message news:2F4897B7-F7CE-4021-B485-A6A80F6179CC@microsoft.com... >I really appreciate the help I have been receiving in this forum the >last few > days. I have never added Roxio Easy CD Creator to my computer. Do > you know > of another possibility where this file came from or what it does? > > THANKS > > "Daave" wrote: > >> From relevant discussions I've seen (including what you have posted), >> it >> seems that this is indeed a false positive and with the most recent >> definitions, AVG is no longer considering this malware. I believe >> there >> was a keylogger years ago with the same file name. >> >> I have no idea what this program does. It appears to be added with >> Roxio >> Easy CD Creator 5. I doubt its absence would mess up your whole >> system. >> It *might* affect Roxio, depending on what it does. >> >> >> "ggalv" <ggalv@discussions.microsoft.com> wrote in message >> news:666B8057-7B15-408B-997D-61AB0A049818@microsoft.com... >> > 1. These are two postings that discusses this being as "false >> > positive". >> > Does this seem right? >> > >> > http://discussions.virtualdr.com/showthread.php?t=232995 >> > >> > http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html >> > >> > 2a. I am running AVG v7.5 with the latest updates. >> > >> > 2b. After I restored the file, I right clicked the file with and >> > did >> > a scan >> > with AVG and AVG did not find any threat. Then I scan my whole >> > computer and >> > AVG did not find any threat again. >> > >> > 3. Do you know what this file (knlwrap.exe) is for? Also, would >> > having it >> > in the AVG vault and not in its original location for 3 weeks cause >> > my >> > computer or some software not to function properly? >> > >> > THANKS >> > >> > "PA Bear [MS MVP]" wrote: >> > >> >> 1. Who said it was a F/P? >> >> >> >> 2a. Are you running AVG v8.0.169 or v7.5.x? >> >> >> >> > After I did the restore, the file is now in its original >> >> > location. >> >> > But the >> >> > file is still in the Vault. Now, should I delete it from the >> >> > vault >> >> > or >> >> > empty >> >> > the vault? >> >> >> >> 2b. Is AVG still identifying the file as a keylogger? >> >> >> >> 3. AVG Free Forum: http://freeforum.avg.com/ >> >> -- >> >> ~Robear Dyer (PA Bear) >> >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> >> AumHa VSOP & Admin http://aumha.net >> >> DTS-L http://dts-l.net/ >> >> >> >> >> >> ggalv wrote: >> >> > My AVG Antivirus initially found this to be "Trojan Horse >> >> > Dropper.Agent.JOC." and placed it in the valut. >> >> > >> >> > It was located in C:\Program Files\Common >> >> > Files\InstallShield\Engine\6\Intel >> >> > 32\knlwrap.exe. >> >> > >> >> > It was in the vault for about 3 weeks, then finally I found out >> >> > that it >> >> > was >> >> > a "false positive" and I restored the file to its original >> >> > location >> >> > from >> >> > the >> >> > AVG Vault. >> >> > >> >> > Do you guys/girls know what this file (knlwrap.exe) is for? >> >> > Also, >> >> > would >> >> > having it in the vault for 3 weeks cause my computer or some >> >> > software not >> >> > to >> >> > function properly? >> >> > >> >> > After I did the restore, the file is now in its original >> >> > location. >> >> > But the >> >> > file is still in the Vault. Now, should I delete it from the >> >> > vault >> >> > or >> >> > empty >> >> > the vault? THANKS >> >> >> >> >> >> >>
Guest PA Bear [MS MVP] Posted September 6, 2008 Posted September 6, 2008 Re: knlwrap.exe Support for AVG v7.5 ended on 31 Aug-08; cf. http://aumha.net/viewtopic.php?f=27&t=29379 Please seek support for this in AVG Forums. That being said, if you (1) uninstall AVG v7.5, (2) download/install AVG v8.0 [i do not recommend upgrading], (3) manually update AVG 8 to the current definitions, (4) run a full system scan in Safe Mode and (5) AVG doesn't identify C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe <=this file (and only that file/location), you should be OK. -- ~PA Bear ggalv wrote: > 1. These are two postings that discusses this being as "false positive". > Does this seem right? > > http://discussions.virtualdr.com/showthread.php?t=232995 > > http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html > > 2a. I am running AVG v7.5 with the latest updates. > > 2b. After I restored the file, I right clicked the file with and did a > scan > with AVG and AVG did not find any threat. Then I scan my whole computer > and > AVG did not find any threat again. > > 3. Do you know what this file (knlwrap.exe) is for? Also, would having > it > in the AVG vault and not in its original location for 3 weeks cause my > computer or some software not to function properly? > > THANKS > > "PA Bear [MS MVP]" wrote: > >> 1. Who said it was a F/P? >> >> 2a. Are you running AVG v8.0.169 or v7.5.x? >> >>> After I did the restore, the file is now in its original location. But >>> the >>> file is still in the Vault. Now, should I delete it from the vault or >>> empty >>> the vault? >> >> 2b. Is AVG still identifying the file as a keylogger? >> >> 3. AVG Free Forum: http://freeforum.avg.com/ >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 >> AumHa VSOP & Admin http://aumha.net >> DTS-L http://dts-l.net/ >> >> >> ggalv wrote: >>> My AVG Antivirus initially found this to be "Trojan Horse >>> Dropper.Agent.JOC." and placed it in the valut. >>> >>> It was located in C:\Program Files\Common >>> Files\InstallShield\Engine\6\Intel >>> 32\knlwrap.exe. >>> >>> It was in the vault for about 3 weeks, then finally I found out that it >>> was >>> a "false positive" and I restored the file to its original location from >>> the >>> AVG Vault. >>> >>> Do you guys/girls know what this file (knlwrap.exe) is for? Also, would >>> having it in the vault for 3 weeks cause my computer or some software >>> not >>> to >>> function properly? >>> >>> After I did the restore, the file is now in its original location. But >>> the >>> file is still in the Vault. Now, should I delete it from the vault or >>> empty >>> the vault? THANKS
Recommended Posts