Sign In
Create Account
1
I am getting this on my machines after a scan. I am not seeing it though when I run the developer version for reporting, as that scan comes up clean? It is only appearing with my paid version scan, on 2 different machines. I am up to date, what gives??????
Malwarebytes' Anti-Malware 1.11
Database version: 704
Scan type: Quick Scan
Objects scanned: 33151
Time elapsed: 4 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Rootkit.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#1
Posted 30 April 2008 - 08:41 PM
-
- Members
-
- 32 posts
New Member
MBAM Pro
VIPRE Premium
PREVX SafeOnline
VIPRE Premium
PREVX SafeOnline
Back to top
#2
Posted 01 May 2008 - 03:41 AM
-
- Experts
-
- 86 posts
Regular Member
- Gender:Male
- Location:France
Hi,
I have too this FP. FP because this driver is used by Online Armor and is legit in this case
Kind regards,
MaB
I have too this FP. FP because this driver is used by Online Armor and is legit in this case
Kind regards,
MaB
#3
Posted 01 May 2008 - 04:10 AM
-
- Members
-
- 32 posts
New Member
MaB69, on May 1 2008, 04:41 AM, said:
Hi,
I have too this FP. FP because this driver is used by Online Armor and is legit in this case
Kind regards,
MaB
I have too this FP. FP because this driver is used by Online Armor and is legit in this case
Kind regards,
MaB
Hi MaB,
Thanks for the confirmation on this.
ds
MBAM Pro
VIPRE Premium
PREVX SafeOnline
VIPRE Premium
PREVX SafeOnline
#4
Posted 01 May 2008 - 06:29 AM
-
- Administrators
-
- 5,399 posts
Forum Deity
- Location:Northampton, MA USA
Ill fix this for the next update .
It seems that malware is using this for some reason .
It seems that malware is using this for some reason .
#5
Posted 01 May 2008 - 07:03 AM
-
- Members
-
- 3 posts
New Member
nosirrah, on May 1 2008, 09:29 PM, said:
Ill fix this for the next update .
It seems that malware is using this for some reason .
It seems that malware is using this for some reason .
I am getting the same result from a scan on my system. I have OA installed. From what I have read on the following post at Wilders mchInjDrv is not a problem but the .dll it injects may be. Read in particular page 3 post #58 from the author of madCodeHook
http://www.wildersse...ead.php?t=47024
A Google also results in mchInjDrv being used by Trojan Hunter and A2
Some caution though as per the Wilders thread, mchInjDrv can just as easily be used for malicious purposes.
As this is all on the boundaries of my experience does anyone have an idea on how I might 'see' mchInjDrv in action and find the .dll it is injecting and where? Is it possible to find out exactly what may have installed it somehow/
Best rgds.
#6
Posted 01 May 2008 - 07:52 AM
-
- Administrators
-
- 5,399 posts
Forum Deity
- Location:Northampton, MA USA
Should be fixed .
#7
Posted 01 May 2008 - 09:21 AM
-
- Experts
-
- 86 posts
Regular Member
- Gender:Male
- Location:France
nosirrah, on May 1 2008, 01:52 PM, said:
Should be fixed .
Hi,
705 fixed it
Thanks Bruce
Regards,
MaB
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
