Spyware, Viruses, & Security forum

General discussion

Trojan horse Dropper.Agent.8.B

by Basil Hall / August 8, 2005 4:22 PM PDT

Just checked my nightly AVG results and found I had been infected with the above Trojan. AvG registered two.

One had already been placed in the virus vault and had a blue box under the heading T.

File Name: CISvc.exe
File path: C:\WINDOWS\$ Nt service pack Uninstall$
Healable: no
Source: backup copy
Staus: infected

The second one I moved myself from Test Results to the virus vault. There it showed a red box under T.

File Name: CISCV.EXE_
File path: C:\WINDOWS\1386\
Healable: No
Source: Moved object
Status: infected.

Could someone please tell me what all this means. Am I still infected, did I do the right thing by putting the second trojan in the virus vault, have I lost vital programs because they couldn't be healed, and what do I do now?


Discussion is locked
You are posting a reply to: Trojan horse Dropper.Agent.8.B
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Trojan horse Dropper.Agent.8.B
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
I wouldn't delete this
by MarkFlax Forum moderator / August 8, 2005 8:05 PM PDT

It seems that cisvc.exe is a valid Microsoft process used to keep Windows XP or Windows 2000 running smoothly. I have not seen any reports of a virus infecting this file, or a trojan of the same name.

Are you sure of the two names you gave? You say CISvc.exe and CISCV.exe, (the c and the v are transposed).

Have a look at this site;
and scroll down to cisvc.exe for more details.

I am not sure why AVG would have reported this but for the time being do not delete it as you may need to restore it from the Quarantine area. .

Hopefully the experts here will give you better advice. If you are going to close down your computer today before anyone else answers, I would restore both items from the quarantine area before closing down in case starting the computer up again the next time comes across any problems.

Good luck


Collapse -
I am also curious about the
by roddy32 / August 8, 2005 10:00 PM PDT
In reply to: I wouldn't delete this

2 different spellings on this. If it is a typo, that's fine but if it is not, it would make it more suspicious. I'm not finding much information on this trojan and seeing as we have 3 people with more or less the same detection, the possibilty of a false positive grows. I would suggest that Basil, Rick, and ehtsnet all do some other scans for some second and thrid opinions.

Download an anti-trojan scanner (any of the following)

The Cleaner Pro 30 days trial - http://www.moosoft.com

TrojanHunter - http://www.misec.net/ (trial)

Also do an online scan at one or all of these.
Housecall (using IE with Active-X)

Housecall (all browsers using java)


Collapse -
AVG found 3 files on 8-8-05
by Rick Beach / August 8, 2005 8:21 PM PDT

same trojan as you had basil. One is in the same file as the first one you listed. The other 2 are in system restore volumes. The file names are (A0018256.dll&A0019289.exe)

Hope someone can tell us what to do with these files,

False positives maybe??????????????????? I couldn't be that lucky....

Collapse -
Trojan Horse Dropper.Agent.8.B
by ehtsnet / August 8, 2005 8:55 PM PDT

Also have the same Trojan Horse. I followed AVG directions and place trojan in the virus vault. My question would it make a diffference between AVG free or AVG Pro.

Next step is to email AVG.

Collapse -
by Alan Copeland / August 8, 2005 10:15 PM PDT

I have AVG Pro 7.0 with all updates installed. AVG has not found anything since at least 7/31/05 (as far back as I checked). I have the paid version. Running XP Home.

Collapse -
by saltaireappraisals / August 8, 2005 10:35 PM PDT

I ran AVG Free and it found the same problems you have on both my home computers.

Collapse -
Basil, do NOT delete the files !
by Marianna Schmudlach / August 8, 2005 11:48 PM PDT

I found a discussion on the AVG free forum:


Dear Sir/Madam,
> Thank you for your email.
> Yesterday, we noticed a false alarm on file
> C:\Windows\System32\cisvc.exe
> This file was detected as a
> Dropper.Agent.8.B
> in Windows XP with Service Pack 1, but this false is already fixed
> by the latest update. Please update your AVG and run a Complete Test
> again. In case that there will be still some infection,
> please run AVG program (basic or advanced interface) and
> choose Test Results from Results menu (you can also use F6 key
> to get the same). Now you can see the list of finished tests, double
> click the latest one (by date) and you will get the full list of
> detected viruses (if there were any), including the path, the name
> and status of infected object. When it is opened, go back to
> main AVG program screen -> Program menu -> Export... item (or you
> can user Ctrl+S shortcut to get Save as... option). Please send
> this created file for further analysis.
> Thank you.
> Best regards,
> Alena Kasparkova

end quote


Collapse -
(NT) (NT) Thanks everyone. M does this mean I should restore them
by Basil Hall / August 9, 2005 5:13 AM PDT
Collapse -
(NT) (NT) Yes Basil.
by roddy32 / August 9, 2005 5:19 AM PDT
Collapse -
by sirius2k / August 9, 2005 9:27 AM PDT

Hello everybody,

My AVG scan removed the files
c:\windows\system32\cisvc.exe and

How do I get them back?

Collapse -
Hi sirius2k
by roddy32 / August 9, 2005 10:11 AM PDT
In reply to: dropper.agent.8.B

There are a considerable amount of threads going on this at the AVG Free Forum. This is a search of the forum where I'm sure you can find a recommendation from AVG. Here is the link BUT CNET has a spam filter that does not allow the word free in the URL so copy and paste this entire 2 line URL and the put the http:// in front of it (there is NOT www on this link).


Collapse -
Dropper.Agent.8.B - false positive from AVG
by sirius2k / August 9, 2005 11:19 AM PDT
In reply to: Hi sirius2k

Thanks Roddy32.

Everything is now restored and running as normal.

Collapse -
(NT) (NT) That's great, you're welcome. :)
by roddy32 / August 9, 2005 11:21 AM PDT
Collapse -
How do I
by Rick Beach / August 13, 2005 3:55 AM PDT

and should I restore these files? AVG states they are backup copys.Computer works fine with these files in AVG'S Virus Vault. Do I need to restore them or delete them? ,so AVG virus vault is empty.


Collapse -
Hi rick
by roddy32 / August 13, 2005 3:59 AM PDT
In reply to: How do I
Collapse -
Thanks but,
by Rick Beach / August 13, 2005 4:58 AM PDT
In reply to: Hi rick

there is sssssssooooooooooooo much stuff there about this that , that I am more lost now, than ever. About what to do. (Restore them or Delete them). Some files are shown as changed.

I guess if it ain't( BROKE) don't fix it..

IF YOUR COMPUTER WORKS BE HAPPY.............,because there is always someone out there that whats to F.U.Y.C..just because they can....

Collapse -
Changed files as listed
by Aotearoa / August 13, 2005 9:28 AM PDT
In reply to: Thanks but,
Collapse -
Oh well the link didn't work but
by Aotearoa / August 13, 2005 9:31 AM PDT

Look for the post by Hydrangea in the AVG virus and removal forum.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!