Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 2:44am
   Mischel Internet Security Forum
   TrojanHunter
   TrojanHunter Scanner (Moderators: Helena, Gavin_Coe, Magnus)
   mchInjDrv.sys detected as rootkit		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: mchInjDrv.sys detected as rootkit  (Read 112 times)
doubledown
Full Member
***





   


Posts: 142
mchInjDrv.sys detected as rootkit
« on: Apr 27th, 2008, 3:26pm »		 Quote Quote  Modify Modify
Hi,
 
My AV detected mchInjDrv.sys as rootkit on boot-up, I run TH and I know TH uses mchInjDrv.sys so I assume this is a FP by my AV.
 
TH Guard did not load on this boot-up when the AV alerted on mchInjDrv.sys so this looks to me a sign that the AV was detecting the mchInjDrv.sys as used by TH - not as used  by some kind of rookit or malware.
 
When I ran GMER it reports the following -  
 
---- Kernel code sections - GMER 1.0.14 ----
 
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys                                                      The system cannot find the file specified. !
 
Also when I search for mchInjDrv.sys in C:\WINDOWS\system32\Drivers\ it is not visible.
 
I assume this is nothing to worry about - would this be usual behaviour for the mchInjDrv.sys as used by TH?
 
Many thanks for any advice!
 
« Last Edit: Apr 27th, 2008, 3:28pm by doubledown » IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
Re: mchInjDrv.sys detected as rootkit
« Reply #1 on: Apr 27th, 2008, 3:57pm »		 Quote Quote  Modify Modify
Yes, mchInjDrv.sys is used by THGuard to inject code for self protection.  This is a false positive by your AV.  
 
 
Until your AV gets the FP fixed, uncheck in the THGuard settings "Protect Against Unauthorized Shutdowns".  That should permit THGuard to startup okay.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
doubledown
Full Member
***





   


Posts: 142
Re: mchInjDrv.sys detected as rootkit
« Reply #2 on: Apr 27th, 2008, 4:32pm »		 Quote Quote  Modify Modify
Thank you for your advice siliconman01 - very much appreciated!
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register