darthsideous666

Rootkit.Agent

7 posts in this topic

I am getting this on my machines after a scan. I am not seeing it though when I run the developer version for reporting, as that scan comes up clean? It is only appearing with my paid version scan, on 2 different machines. I am up to date, what gives??????

Malwarebytes' Anti-Malware 1.11

Database version: 704

Scan type: Quick Scan

Objects scanned: 33151

Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Rootkit.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB

Share this post


Link to post
Share on other sites
Hi,

I have too this FP. FP because this driver is used by Online Armor and is legit in this case

Kind regards,

MaB

Hi MaB,

Thanks for the confirmation on this.

ds

Share this post


Link to post
Share on other sites

Ill fix this for the next update .

It seems that malware is using this for some reason .

Share this post


Link to post
Share on other sites
Ill fix this for the next update .

It seems that malware is using this for some reason .

I am getting the same result from a scan on my system. I have OA installed. From what I have read on the following post at Wilders mchInjDrv is not a problem but the .dll it injects may be. Read in particular page 3 post #58 from the author of madCodeHook

http://www.wilderssecurity.com/showthread.php?t=47024

A Google also results in mchInjDrv being used by Trojan Hunter and A2

Some caution though as per the Wilders thread, mchInjDrv can just as easily be used for malicious purposes.

As this is all on the boundaries of my experience does anyone have an idea on how I might 'see' mchInjDrv in action and find the .dll it is injecting and where? Is it possible to find out exactly what may have installed it somehow/

Best rgds.

Share this post


Link to post
Share on other sites
Should be fixed .

Hi,

705 fixed it

Thanks Bruce

Regards,

MaB

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.