Win32.Knokk is known to be a dangerous backdoor Trojan program.  It is comprised of 65033 bytes, is written in C + + and is packed using UPX.  Once it has infiltrated, it will copy itself into this directory: % System% \ explore.exe.  The program will wait for directions from its author.  The author who is actually a hacker will send the program instructions on e-mail addresses of sites that he wants him to connect to.

AKA:
Backdoor.Win32.Knokk.bo
Win32.Knokk.az
Win32.Knokk.cw
Win32.Knokk.bm
Win32.Knokk.66560
Win32.Knokk.j
Win32.Knokk.br
Win32.Knokk.bq
Trojan.Win32.Agent.cvif
Trojan: Generic.dx! Ijs
Mal / Generic-A
Heuristic.WinPE-Statistical
W32/Downldr2.GJAY
Trojan.DownLoad.41045
Win32/Knock.AA trojan
Trojan.Generic.2714691
BKDR_KNOCK.A

Category:
Backdoor Trojan

Recommended Action:
Remove at once.

For manual removal, you must follow these steps:
Delete the original file (its location depends on how the program originally penetrated your machine).

Change the key value Registry:
[HKLM \ software \ microsoft \ windows nt \ currentversion \ winlogon] “Shell” = “Explorer.exe”% System% \ explore.exe “” -> “Explorer.exe”

Delete this file
% System% \ explore.exe
For a stronger and more secure removal, you can use SpyZooka.  SpyZooka eliminates the need for hours of monotonous searching and removal.  SpyZooka does all the hard work for you.  With all features automated, all you need to do is click to run the scan and then SpyZooka will do the rest.