What is Win32:Delf-GFH[Trj]

Viruses and worms
1

So I was logging on to Ebay, and I get this error message saying that the site had lost it’s web certification(or something to that effect). I figured this to be an error on my computers part. So I logged on.

A few minutes later Avast scanned this virus while running in the background

stBarPat.dat

I look at the file properties and its in my Documents and Settings/User/Local Settings/Application Data/CyberDefender folder

The Virus Description is: Win32:Delf-GFH[trj]

Every so often(while I’m trying to figure out what it is) Avast will warn me again saying that it’s detected the same file in the same folder.

The file ID’s are different and the modification times are different each time as well.

What do I do?

2

download Avira AntiVir Rescue System.
The Avira AntiVir Rescue System a linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to repair a damaged system, to rescue data or to scan the system for virus infections. Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer. The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available. You can download it from here.
it would help you to remove any locked and hidden file.

after that, Download, install and update these programs and then disconnect from Internet:

Malwarebytes Antimalware: http://www.malwarebytes.org/mbam.php
SUPERAntiSpyware: http://www.superantispyware.com/
SpyBot S&D: http://www.spybot.info/

scan your computer using them, also try to immunize your windows using SpyBot S&D. During installation of SpyBot S&D disable any resident.

after those steps above done, connect to internet and make sure to keep your avast! av updated to prevent any future infection and keep your windows fully patched with latest updates and service packs.

3

False Positive

Program: My Identity Defender

Publisher: CyberDefender

4

did you send that file to www.virustotal.com web site to see what other AV says about this? maybe it don’t be false positive and be infected. (got infection from some where)