Hi there hope someone can help.

I am getting an avast warning window saying "suspicious file found (using a hueristic method) C:\WINDOWS\SYSTEM32\process.exe I have run an avast scan, windows defender scan and Spybot search & destroy scan but nothing has shown up. Any advice anyone??

This to better establish if there is a “Bancos” infection?

Files

1a) Copies itself to one of the following files in the standard Windows directory:
process.exe

Explanation location C:\Windows or C:\Windows\System
This means the standard install path of Windows or Windows\Sytem . This depends on type and version:

C:\Windows for (Windows 95/98/Me/XP) of C:\Winnt for (Windows NT/2000).
C:\Windows\System for Win95/98/Me & c:\Windows\System32 for Win2000, XP en NT)

Registry

2a) Changes the registry-key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

With a value:

“process.exe” = “%Windir%\process.exe”

2b) Changes the registry-key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UserData

and adds value:

“UID” = “[Generated ID]”

polonus

There are several topics on this, http://forum.avast.com/index.php?topic=38236.0 and http://forum.avast.com/index.php?topic=40899.0, to start you off.