Need help with Win32:Trojen-gen. {other}

Last night as I was editing my SBC Yahoo bookmarks, I clicked on a blogspace link. Immediately the background scanner (Avast) popped up a warning box stating “A virus was found!”
File name: C:\WINDOWS\system32\gebca.dll
Malware name: Win32:Trojan-gen. {Other}
Malware type: Virus/Worm
VPS version: 0603-0, 01/15/2006

Initially it moved the file to the chest without a hitch. However, when I started a system scan, it reported the same problem again in the system32 folder. When I clicked on “Move to Chest” I received the message that it “cannot access the file because it is being used by another process”. Repair, Move/Rename, and Delete all returned the same response. Restarting the computer did nothing.

I ran Twister Anti-TrojanVirus, and it returned an alert entitled “Found Adware” with the same filename, and the name Adware.Virtuemonde.q.bo.dll. It was unable to clean the file and attempting to Rename it brought back the “file being used by another process” message.

I attempted the System Restore with no change in the virus presence even after restarting the computer. I attempted to run Ad-Aware, but halfway through, the computer shut itself down completely. I attempted a boot time scan with Avast and had the same thing happen. I tried to have the file scanned online and got this message “the file you uploaded is 0 bytes. It is likely a firewall or piece of malware is prohibiting you from uploading file.”

I’m out of options… any help would be much appreciated!!

:slight_smile: Periander :

 Assuming you have either Win 2000 or Win XP, we
 recommend you use the good & FREE "Ewido" from
 www.ewido.net/en . There is a tutorial at :

www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf

I’m reloading files and programs onto a new computer (the old one having died New Year’s Eve - perfect end to a lousy year!) and this Win32:Trojan-gen. {VC} warning has popped up now at least a couple of dozen times. Including on files I am pretty sure are just fine.

In researching it, both here and Google, there seems to be a consensus, including a couple of items from Avast tech support, that this is a false alarm, a glitch in Avast itself. I’d already moved several of these to the chest when I began to get suspicious.

So, once and for all, is this real or is it a glitch in Avast?

Thanks,
J.R.

Hi Periander,

gebca.dll should not be on your computer.

Download virtumundobegone from here:
http://www.bullguard.com/forum/9/Easy-way-to-remove-Winfixer–V_25764.html

Follow the instructions and the problem might be fixed for ye.
Besides one AV scanner, you need one software firewall and free
ad- and spyware: Ad Aware, Spybot S&D and Spyware Blaster.

greets,

polonus

You may need to run VirtumundoBegone, a special tool available here:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
:o

gebca.dll seems to be part of this infection:

http://castlecops.com/postp694959.html

*Run Ewido after this tool.

*Drat Plonus beat me to it!

Hi Periander,

Twice identical advice, well who can go wrong here.
Get this crap from your comp, and see that you are decently protected against infection. Keep your computer updated, have the latest software running, use a alternate browser and the right protection programs (AV, AT, AS, FW = anti virus, anti trojan, anti scumware, firewall, and eventually System Monitoring).

greets

polonus

FwF good we share solutions here ;D

Thanks for all the help. I think that may have done the trick… I’ll see once the latest scan is done!

I was ready to throw the computer or myself out the window (I would have survived, as it’s on the first floor). So you saved the computer at least :slight_smile: