Page 1 of 1

Trojan Horse Dropper.Agent.JOC

Posted: Sat Aug 23, 2008 2:16 pm
by moongirl
Viewing Google Images earlier today, I got my first ever "Pink Warning Card" - AVG detected a Trojan Horse,
Trojan Horse Dropper.Agent.JOC
My first thought was; that I love my AVG. Now I'm not so sure. AVG scares me!!
There is a lot of talk at the moment with so many people having had the same warning.
Not a lot of information available either. Could be a false positive. Might not be.

From AVGs FAQ:
1313:
What is a Trojan Horse?
Trojan Horse is a malicious application, which can not spread itself. Original Trojan Horses were programs which acted as a useful utility. Although, in fact, their start used to cause damage to disc content (or part of it).

At the present time the most spreading Trojan Horses are BackDoor Trojans. They enable remote access to infected computers and PSW (Password Stealers) - they are trying to gather as much private information from the infected computer as possible and to send the info through the Internet.

To remove the Trojan Horse, it is enough to delete the detected file.
1314:
I have some files in the AVG Virus Vault. What next?

Most of today's viruses (Trojan horses, I-Worms, Worms, etc) create their own files which contain nothing but a body of the virus. In such cases the only way to remove the infection is to delete the infected file. When you moved the file to the AVG Free Virus Vault it was deleted from its original location, coded, and then saved in a non-executable file in a hidden folder. Your PC is no longer infected then.

If you are not missing any data file and your applications are running, then you can delete these vaulted files from the AVG Virus Vault program:

* Double-click the AVG Free icon on your desktop -> choose the "History" menu and select the "Virus Vault" option -> click on the "Empty Vault" button.
http://free.avg.com/ww.faq.num-1244#faq_1244

I've just emptied my vault, so many prisoners in there it's getting a bit overcrowded :shock:

I really and truly hate it when these things happen.
So, it's out with the disinfectant spray, dirty files...clean machine :cry:

Re: Trojan Horse Dropper.Agent.JOC

Posted: Sun Aug 31, 2008 4:27 am
by Layzie Bone
Often enough AVG and other scanners can't remove the virus. Also pat attiention to where the virus is located, a lot of times the viruses are stored in the Temporary Internet Files, simply delete the Temporary files and run a full scan from Safe Mode. To boot into safe mode press F8 before windows starts to boot. When running AVG from safe mode you will only be able to run the command line scanner.

If the virus is being found in the System Restore, simply turn off system restore, this deletes all your restore points, but also deletes the virus. Also another reason not to use System Restore if you're having these kinds of problems, often it just makes the problem worse... To turn off System Restore, right click on My Computer and click properties, click on the System Restore tab and click on Turn Off System Restore, then click OK.

Re: Trojan Horse Dropper.Agent.JOC

Posted: Sun Aug 31, 2008 2:52 pm
by moongirl
Thanks Layzie.
By coincidence, at that time Spybot had also identified hundreds of temporary files in the system.
In order to speed up the scan I checked the box to delete them.
This is the first time I have ever seen the Temporary File Removal box in Spybot.
Out of curiosity, how do temporary files come to be there in the first place?

Two more AVG scans have been free of threats.