Is this really a virus?

Yesterday Avast updated its virus database and since then has been finding this virus all the time.

It says I have a trojan32 (other) in:

c:\windows\tgbcde\library32.dll

Now I don’t even have a directory called ‘tgbcde’ if I use the find function in windows XP it can’t find library32.dll.

If I start Avast 4.0 Home from the Simple User Interface it says this virus is their, I can’t delete it but can move it, if I choose move then all seems well until I reboot and it says it’s back in the original place.

Once it’s moved if Avast rescans the memory it says it’s okay.

I have rebooted and deleted it several times during the boot scan but it always says it’s back again. But you can’t delete it when you have booted up and you can’t even move or delete the one it put’s in the ‘moved’ folder. Which is the only one you can see on my computer.

Any ideas???

there is a new update.

I downloaded the update and it says it’s older than my version which is:

Vps: Already up to date (current version 0432-1)

Hi HypnoT0AD,
Welcome to the Forum.

Vps: Already up to date (current version 0432-1)
You're right that's the latest update as far as I know. I'm sure someone will be along shortly with additional help.

HypnoT0AD, did you try to confirm it by on-line scanning (see http://www.security-ops.tk/ for a lot of suggestions) :wink:

Hypno,

I hate to tell you this, but you really are infected.
You have the Trojan virus “Banker”.
It creates the folder that you have found and modifies your registry.

Read this for info and removal instructions.

http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=TROJ_BANKER.N

Good luck

Thanks for the information it was much appreciated.

The funny thing was the directory could not be found using the find/search function even if set to find hidden files/folders.

I found the directory using the command prompt and after changing the filenames and rebooting I could delete the files and directory.

I then deleted the registry entries as per the site you sent me too.

Seems these virus fools are getting more and more sneaky.

Cheers

:slight_smile: