Hello,

I’m french, excuse my english.

Avast tells me he has found a virus on my disk, the name is:
virus Win 32:Agent.KDC(tjr) cheval de Troie Version VPS 000772.2. 04/09/2007
I tryed quarantine and delete, the file always reappears.
I tryed scan, with quarantine, it is ok until I reboot then the advert reappears, I tryed another scan with delete option and reboot but the file always come back.
This trojan seems not to be very known cause I search in google to find information and I find nearly nothing.
I have let Avast do all the update it wants, to be sure before each scan I run the update tool.
What can I do ?
Thank you for your help.

What Operating System are you using ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

A search for the malware name often results in poor hits as there is no standard malware names so a search for the infected file name is often better.

It is likely that there is an undetected trojan on your system downloading or restoring this malware. What is your firewall as it should be able to protect against unauthorised outbound connections ?

What is the advert about ?

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.

1. If using winXP AVG anti-spyware (formerly Ewido) Resident scanner during trial On-Demand after trial ends. Or SUPERantispyware On-Demand only in free version. Or Spyware Terminator Resident scanner. Or a-Squared free On-Demand only with free version(if using win98/ME).

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
   If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

Sorry I forgot to say that it is windows Xp
I will try what you have answered me and give you the result.
thank you very much for your help.

No problem, let us know how you get on.

Welcome to the forums.

You’re welcome. Feel free to come back any time you need help.