Jump to content


Photo

Rootkit.Agent


  • Please log in to reply
6 replies to this topic

#1 darthsideous666

darthsideous666

    New Member

  • Members
  • Pip
  • 32 posts

Posted 30 April 2008 - 08:41 PM

I am getting this on my machines after a scan. I am not seeing it though when I run the developer version for reporting, as that scan comes up clean? It is only appearing with my paid version scan, on 2 different machines. I am up to date, what gives??????


Malwarebytes' Anti-Malware 1.11
Database version: 704

Scan type: Quick Scan
Objects scanned: 33151
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Rootkit.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
MBAM Pro
VIPRE Premium
PREVX SafeOnline

#2 MaB69

MaB69

    Regular Member

  • Experts
  • PipPip
  • 86 posts
  • Gender:Male
  • Location:France

Posted 01 May 2008 - 03:41 AM

Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB
Posted Image

#3 darthsideous666

darthsideous666

    New Member

  • Members
  • Pip
  • 32 posts

Posted 01 May 2008 - 04:10 AM

Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB


Hi MaB,

Thanks for the confirmation on this.

ds
MBAM Pro
VIPRE Premium
PREVX SafeOnline

#4 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 01 May 2008 - 06:29 AM

Ill fix this for the next update .

It seems that malware is using this for some reason .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 chalawah

chalawah

    New Member

  • Members
  • Pip
  • 3 posts

Posted 01 May 2008 - 07:03 AM

Ill fix this for the next update .

It seems that malware is using this for some reason .


I am getting the same result from a scan on my system. I have OA installed. From what I have read on the following post at Wilders mchInjDrv is not a problem but the .dll it injects may be. Read in particular page 3 post #58 from the author of madCodeHook

http://www.wildersse...ead.php?t=47024

A Google also results in mchInjDrv being used by Trojan Hunter and A2

Some caution though as per the Wilders thread, mchInjDrv can just as easily be used for malicious purposes.

As this is all on the boundaries of my experience does anyone have an idea on how I might 'see' mchInjDrv in action and find the .dll it is injecting and where? Is it possible to find out exactly what may have installed it somehow/

Best rgds.

#6 nosirrah

nosirrah

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 5,452 posts
  • Gender:Male
  • Location:Northampton, MA USA

Posted 01 May 2008 - 07:52 AM

Should be fixed .
Bruce Harrison
Vice President of Research

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 MaB69

MaB69

    Regular Member

  • Experts
  • PipPip
  • 86 posts
  • Gender:Male
  • Location:France

Posted 01 May 2008 - 09:21 AM

Should be fixed .


Hi,

705 fixed it

Thanks Bruce

Regards,

MaB
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users