I have just done a boot scan and removed a few unpleasant files but one I can’t remove so I told Avast to ignore it. The infected file is hiberfil.sys and the offending trojan is VBCrypt-AGT… I am currently using ebay and paypal to get rid of unwanted items so I can move house and I notice this trojan is aimed at banking so am concerned in case it can get at paypal accounts.

I need hiberfill.sys on my laptop so it can hibernate

I am running Windows XP

How can I get rid of this trojan?

I would be grateful for any help.

The hiberfil.sys file is a bit weird as it is massive and there is no way that you can upload to a site like virustotal for checking/confirmation (20/25MB upload limit) of the detection, the same would be true of submitting it to avast for analysis. It could be that in a large file like this you get a pattern match to a signature.

personally I would just disable Hibernate, reboot and delete the hiberfil.sys, reboot and then enable hibernate again, that should then recreate it.

Edit See http://www.howtogeek.com/howto/15140/what-is-hiberfil.sys-and-how-do-i-delete-it/
Or http://www.softwarepatch.com/tips/hiberfil-sys-xp.html

virustotal for checking/confirmation (20/25MB upload limit)

it will not help in this case.....but new virustotal have a new limit. 32mb

Thanks, I couldn’t remember the exact figure only that it would be inadequate for uploading hiberfil.sys.