It was discovered in my last full system scan and it’s identified as: Win32:Injecter-J [trj]

here’s the result of my last scan:

http://isabelle.math.ist.utl.pt/~l50891/error.jpg

I’ve found a thread about the same problem here but it seams it was solved based on a log from HijackThis so here’s my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:30:44, on 23-02-2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Programas\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.santander.pt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0816&s=search&ap=b204

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer disponibilizado por Telepac, SA

O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\ycomp5_0_2_5.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: {0e1d95df-a57d-ed39-8704-02c2164490b3} - {3b094461-2c20-4078-93de-d75afd59d1e0} - C:\WINDOWS\System32\ybltgcgc.dll

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {5253697B-E89D-4A4E-9EA5-F85153803E6A} - C:\WINDOWS\System32\rqoll.dll (file missing)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\eotfagtl.dll (file missing)

O2 - BHO: (no name) - {d34b3c43-ffbf-474c-a03b-8863f8b2e79c} - C:\WINDOWS\system32\kbdqcx.dll (file missing)

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\ycomp5_0_2_5.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\eotfagtl.dll (file missing)

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [CPQEASYACC] C:\Arquivos de programas\Compaq\Easy Access Button Support\StartEAK.exe

O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe

O4 - HKLM..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O4 - HKLM..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe

O4 - HKLM..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\RunServices: [Microsoft Security Monitor Process] hel.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] “C:\Arquivos de programas\Messenger\msmsgs.exe” /background

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIÇO LOCAL’)

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Serviço de rede’)

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O12 - Plugin for .mp3: C:\Arquivos de programas\Internet Explorer\PLUGINS\npqtplugin3.dll

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203722643573

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4029.cab

O20 - AppInit_DLLs: C:\WINDOWS\System32__c0026F7A.dat

O20 - Winlogon Notify: eotfagtl - eotfagtl.dll (file missing)

O20 - Winlogon Notify: kbdqcx - kbdqcx.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Error Reporting Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)

O23 - Service: Group Policy Monitor (gpmsvc) - Unknown owner - C:\WINDOWS\system32\gpsvc.exe (file missing)

–

End of file - 6117 bytes

Hope you can help!

— EDIT —

Forgot to say why do I need help :

Can’t move the file to the chest, can’t delete it, can’t delete it in boot scan, if I delete it with recovery console it reapears.

There are couple of nasties in your HJT log … might be Vundo and/or some other trojan.

Please wait for someone with more experience than I to help you.

Help is no longer needed.

Solution was found: “format c:” :-\

It was to unstable and I need it fixed…

fix these items with HJT:

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
O2 - BHO: (no name) - {5253697B-E89D-4A4E-9EA5-F85153803E6A} - C:\WINDOWS\System32\rqoll.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\eotfagtl.dll (file missing)
O2 - BHO: (no name) - {d34b3c43-ffbf-474c-a03b-8863f8b2e79c} - C:\WINDOWS\system32\kbdqcx.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\eotfagtl.dll (file missing)
O4 - HKLM..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM..\RunServices: [Microsoft Security Monitor Process] hel.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32__c0026F7A.dat
O20 - Winlogon Notify: eotfagtl - eotfagtl.dll (file missing)
O20 - Winlogon Notify: kbdqcx - kbdqcx.dll (file missing)
O23 - Service: Error Reporting Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Group Policy Monitor (gpmsvc) - Unknown owner - C:\WINDOWS\system32\gpsvc.exe (file missing)

run a www.gmer.net scan

schedule the avast boot time scan and restart your machine

post the results here… btw: you should update critical parts of your system (windowsupdate, java etc.)

May be nod 32 or some kind of adaware will help you. Find an adaware by lavasoft, it might solve ye problem.