Trojan Horse Dropper.Agent.JOC

From software to hardware, breakthough to disaster, it all belongs here!

Moderator: CricketMX Forum Moderators

Post Reply
User avatar
moongirl
Moderator
Moderator
Posts: 19016
Joined: Mon Jan 12, 2004 8:07 am

Viewing Google Images earlier today, I got my first ever "Pink Warning Card" - AVG detected a Trojan Horse,
Trojan Horse Dropper.Agent.JOC
My first thought was; that I love my AVG. Now I'm not so sure. AVG scares me!!
There is a lot of talk at the moment with so many people having had the same warning.
Not a lot of information available either. Could be a false positive. Might not be.

From AVGs FAQ:
1313:
What is a Trojan Horse?
Trojan Horse is a malicious application, which can not spread itself. Original Trojan Horses were programs which acted as a useful utility. Although, in fact, their start used to cause damage to disc content (or part of it).

At the present time the most spreading Trojan Horses are BackDoor Trojans. They enable remote access to infected computers and PSW (Password Stealers) - they are trying to gather as much private information from the infected computer as possible and to send the info through the Internet.

To remove the Trojan Horse, it is enough to delete the detected file.
1314:
I have some files in the AVG Virus Vault. What next?

Most of today's viruses (Trojan horses, I-Worms, Worms, etc) create their own files which contain nothing but a body of the virus. In such cases the only way to remove the infection is to delete the infected file. When you moved the file to the AVG Free Virus Vault it was deleted from its original location, coded, and then saved in a non-executable file in a hidden folder. Your PC is no longer infected then.

If you are not missing any data file and your applications are running, then you can delete these vaulted files from the AVG Virus Vault program:

* Double-click the AVG Free icon on your desktop -> choose the "History" menu and select the "Virus Vault" option -> click on the "Empty Vault" button.
http://free.avg.com/ww.faq.num-1244#faq_1244

I've just emptied my vault, so many prisoners in there it's getting a bit overcrowded :shock:

I really and truly hate it when these things happen.
So, it's out with the disinfectant spray, dirty files...clean machine :cry:
Image
That's not the man in the moon...that's me ;)
User avatar
Layzie Bone
Mr. Computergeek Salad Guy
Mr. Computergeek Salad Guy
Posts: 2460
Joined: Mon May 24, 2004 11:59 pm
Location: North Carolina
Contact:

Often enough AVG and other scanners can't remove the virus. Also pat attiention to where the virus is located, a lot of times the viruses are stored in the Temporary Internet Files, simply delete the Temporary files and run a full scan from Safe Mode. To boot into safe mode press F8 before windows starts to boot. When running AVG from safe mode you will only be able to run the command line scanner.

If the virus is being found in the System Restore, simply turn off system restore, this deletes all your restore points, but also deletes the virus. Also another reason not to use System Restore if you're having these kinds of problems, often it just makes the problem worse... To turn off System Restore, right click on My Computer and click properties, click on the System Restore tab and click on Turn Off System Restore, then click OK.
User avatar
moongirl
Moderator
Moderator
Posts: 19016
Joined: Mon Jan 12, 2004 8:07 am

Thanks Layzie.
By coincidence, at that time Spybot had also identified hundreds of temporary files in the system.
In order to speed up the scan I checked the box to delete them.
This is the first time I have ever seen the Temporary File Removal box in Spybot.
Out of curiosity, how do temporary files come to be there in the first place?

Two more AVG scans have been free of threats.
Image
That's not the man in the moon...that's me ;)
Post Reply