Win32.Knokk Trojan

Win32.Knokk is known to be a dangerous backdoor Trojan program.  It is comprised of 65033 bytes, is written in C + + and is packed using UPX.  Once it has infiltrated, it will copy itself into this directory: % System% \ explore.exe.  The program will wait for directions from its author.  The author who is actually a hacker will send the program instructions on e-mail addresses of sites that he wants him to connect to.

Trojan: Generic.dx! Ijs
Mal / Generic-A
Win32/Knock.AA trojan

Backdoor Trojan

Recommended Action:
Remove at once.

For manual removal, you must follow these steps:
Delete the original file (its location depends on how the program originally penetrated your machine).

Change the key value Registry:
[HKLM \ software \ microsoft \ windows nt \ currentversion \ winlogon] “Shell” = “Explorer.exe”% System% \ explore.exe “” -> “Explorer.exe”

Delete this file
% System% \ explore.exe
For a stronger and more secure removal, you can use SpyZooka.  SpyZooka eliminates the need for hours of monotonous searching and removal.  SpyZooka does all the hard work for you.  With all features automated, all you need to do is click to run the scan and then SpyZooka will do the rest.

Download Free Scan

2 Responses

  1. Noah Carter says:

    Thanks for the article. I got this Win32.Knokk and I was able to delete the file using Spyzooka without the risk of infecting all my pc.

  2. Laurie Michaelson says:

    Last week I had a virus problem in my computer. I installed different virus removal software and checked. But virus did not remove. I asked suggestion to my friend. He suggested Spyzooka. Excellent software! Win32.Knokk was removed. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *