Hello - I spend much of my life on a computer, but, I am not particularly tech-savvy, and the language of these things is new to me, so, I hope my explanation will make sense.

I installed MBAM on my HP laptop recently, and it identifies as a “rootkit.agent” the following in my computer:

C:\Windows\System32\drivers\yjmqghc.sys

Type of file: System File (.sys)
Opens with: Unknown application
Location: C:\Windows\System32\drivers
Size: 698 KB (714,752 bytes)
Size on disk: 700 KB (716,800 bytes)
Created: ‎December-‎23-‎09, ‏‎11:27:56 PM

Nothing I have done has been able to delete this thing - I get messages “cannot read from file or disc”, “device attached to system is not working” and similar things when attempting to delete this using MBAM, GMER, MoveonBoot, and avast.

I’m starting to get blurry about which program says what about yjmqghc.sys but I a pretty sure it’s avast that says it is:

Win32:Malware-gen

I have Googled “yjmqghc” - and find absolutely nothing.

I appreciate very much any input, and your knowledge as to what is this thing, and how can I get rid of it (that’s if I should get rid of it, which seems to be what avast, MBAM et al indicate should happen).

thanks very much, Adrian

You could try rescue disc such as Avira. AFAIK the program does not produce a log which can be accessed after reboot, so write down any threats found and their locations. If it finds C:\Windows\System32\drivers\yjmqghc.sys as malicious it will probably rename the extension, to stop it becoming active after reboot.
http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

thanks, micky, for your time and suggestion!

I was just in the midst of doing another MBAM scan, the fifth or sixth time, and none of the previous attempts resulting in a successful deletion, but, this time - it did:

Malwarebytes’ Anti-Malware 1.42
Database version: 3414
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

30/12/2009 12:48:08 PM
mbam-log-2009-12-30 (12-48-08).txt

Scan type: Full Scan (C:|)
Objects scanned: 413269
Time elapsed: 1 hour(s), 54 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\yjmqghc.sys (Rootkit.Agent) → Quarantined and
deleted successfully.

I no longer see “yjmqghc.sys” in my computer, and, thankfully, this likely ends this particular quest.

Thanks again for your time and help!

Happy New Year!! Ad