Win32.Knokk Trojan
Win32.Knokk is known to be a dangerous backdoor Trojan program. It is comprised of 65033 bytes, is written in C + + and is packed using UPX. Once it has infiltrated, it will copy itself into this directory: % System% \ explore.exe. The program will wait for directions from its author. The author who is actually a hacker will send the program instructions on e-mail addresses of sites that he wants him to connect to.
AKA:
Backdoor.Win32.Knokk.bo
Win32.Knokk.az
Win32.Knokk.cw
Win32.Knokk.bm
Win32.Knokk.66560
Win32.Knokk.j
Win32.Knokk.br
Win32.Knokk.bq
Trojan.Win32.Agent.cvif
Trojan: Generic.dx! Ijs
Mal / Generic-A
Heuristic.WinPE-Statistical
W32/Downldr2.GJAY
Trojan.DownLoad.41045
Win32/Knock.AA trojan
Trojan.Generic.2714691
BKDR_KNOCK.A
Category:
Backdoor Trojan
Recommended Action:
Remove at once.
For manual removal, you must follow these steps:
Delete the original file (its location depends on how the program originally penetrated your machine).
Change the key value Registry:
[HKLM \ software \ microsoft \ windows nt \ currentversion \ winlogon] “Shell” = “Explorer.exe”% System% \ explore.exe “” -> “Explorer.exe”
Delete this file
% System% \ explore.exe
For a stronger and more secure removal, you can use SpyZooka. SpyZooka eliminates the need for hours of monotonous searching and removal. SpyZooka does all the hard work for you. With all features automated, all you need to do is click to run the scan and then SpyZooka will do the rest.
Thanks for the article. I got this Win32.Knokk and I was able to delete the file using Spyzooka without the risk of infecting all my pc.
Last week I had a virus problem in my computer. I installed different virus removal software and checked. But virus did not remove. I asked suggestion to my friend. He suggested Spyzooka. Excellent software! Win32.Knokk was removed. Thanks!