knlwrap.exe

[ggalv]

My AVG Antivirus initially found this to be "Trojan Horse Dropper.Agent.JOC."
and placed it in the valut.

It was located in C:\Program Files\Common Files\InstallShield\Engine\6\Intel
32\knlwrap.exe.

It was in the vault for about 3 weeks, then finally I found out that it was
a "false positive" and I restored the file to its original location from the
AVG Vault.

Do you guys/girls know what this file (knlwrap.exe) is for? Also, would
having it in the vault for 3 weeks cause my computer or some software not to
function properly?

THANKS





After I did the restore, the file is now in its original location. But the
file is still in the Vault. Now, should I delete it from the vault or empty
the vault? THANKS

 

[PA Bear [MS MVP]]

1. Who said it was a F/P?

2a. Are you running AVG v8.0.169 or v7.5.x?

After I did the restore, the file is now in its original location. But the
file is still in the Vault. Now, should I delete it from the vault or
empty
the vault?

2b. Is AVG still identifying the file as a keylogger?

3. AVG Free Forum: http://freeforum.avg.com/

 

[ggalv]

1. These are two postings that discusses this being as "false positive".
Does this seem right?

http://discussions.virtualdr.com/showthread.php?t=232995

http://forums.techguy.org/general-security/742952-trojan-horse-dropper-agent-joc.html

2a. I am running AVG v7.5 with the latest updates.

2b. After I restored the file, I right clicked the file with and did a scan
with AVG and AVG did not find any threat. Then I scan my whole computer and
AVG did not find any threat again.

3. Do you know what this file (knlwrap.exe) is for? Also, would having it
in the AVG vault and not in its original location for 3 weeks cause my
computer or some software not to function properly?

THANKS

 

[Daave]

From relevant discussions I've seen (including what you have posted), it
seems that this is indeed a false positive and with the most recent
definitions, AVG is no longer considering this malware. I believe there
was a keylogger years ago with the same file name.

I have no idea what this program does. It appears to be added with Roxio
Easy CD Creator 5. I doubt its absence would mess up your whole system.
It *might* affect Roxio, depending on what it does.

 

[ggalv]

I really appreciate the help I have been receiving in this forum the last few
days. I have never added Roxio Easy CD Creator to my computer. Do you know
of another possibility where this file came from or what it does?

THANKS

 

[Daave]

Have a look here:

http://www.file.net/process/knlwrap.exe.html

 

[PA Bear [MS MVP]]

Support for AVG v7.5 ended on 31 Aug-08; cf.
http://aumha.net/viewtopic.php?f=27&t=29379

Please seek support for this in AVG Forums.

That being said, if you (1) uninstall AVG v7.5, (2) download/install AVG
v8.0 [I do not recommend upgrading], (3) manually update AVG 8 to the
current definitions, (4) run a full system scan in Safe Mode and (5) AVG
doesn't identify C:\Program Files\Common Files\InstallShield\Engine\6\Intel
32\knlwrap.exe <=this file (and only that file/location), you should be OK.