Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rootkit.Agent

Started by darthsideous666, Apr 30 2008 08:41 PM

Please log in to reply

6 replies to this topic

#1 darthsideous666

New Member

Members
32 posts

Posted 30 April 2008 - 08:41 PM

I am getting this on my machines after a scan. I am not seeing it though when I run the developer version for reporting, as that scan comes up clean? It is only appearing with my paid version scan, on 2 different machines. I am up to date, what gives??????

Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Quick Scan
Objects scanned: 33151
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBAM Pro
VIPRE Premium
PREVX SafeOnline

Back to top

#2 MaB69

Regular Member

Experts
86 posts

Gender:Male
Location:France

Posted 01 May 2008 - 03:41 AM

Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB

Back to top

#3 darthsideous666

New Member

Members
32 posts

Posted 01 May 2008 - 04:10 AM

Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB

Hi MaB,

Thanks for the confirmation on this.

ds

MBAM Pro
VIPRE Premium
PREVX SafeOnline

Back to top

#4 nosirrah

Forum Deity

Administrators
5,402 posts

Location:Northampton, MA USA

Posted 01 May 2008 - 06:29 AM

Ill fix this for the next update .

It seems that malware is using this for some reason .

Bruce Harrison
Vice President of Research

Follow us: Twitter, Become a fan: Facebook

Back to top

#5 chalawah

New Member

Members
3 posts

Posted 01 May 2008 - 07:03 AM

Ill fix this for the next update .

It seems that malware is using this for some reason .

I am getting the same result from a scan on my system. I have OA installed. From what I have read on the following post at Wilders mchInjDrv is not a problem but the .dll it injects may be. Read in particular page 3 post #58 from the author of madCodeHook

http://www.wildersse...ead.php?t=47024

A Google also results in mchInjDrv being used by Trojan Hunter and A2

Some caution though as per the Wilders thread, mchInjDrv can just as easily be used for malicious purposes.

As this is all on the boundaries of my experience does anyone have an idea on how I might 'see' mchInjDrv in action and find the .dll it is injecting and where? Is it possible to find out exactly what may have installed it somehow/

Best rgds.