Please tell me if AVZ uses a temporary driver filename mchlnjDrv.sys?
After recently running AVZ, avast! AV found mchlnjDrv.sys and said it was a rootkit.
avast! was then unable to remove mchlnjDrv.sys (or even find it) when subsequent scan was done on reboot. And a search of my pc does not turn up mchlnjDrv.sys.
I think that it was possibly alerting on a temp driver file used by AVZ?
Does the AVZ scanner use that driver? Thank you!
P.S. I do not have Comodo FW on my pc, but I do have BOClean.
MchlnjDrv.sys - It is not an AVZ driver. It is a trojan!
Please do the needed logs http://virusinfo.info/showthread.php?t=9184 , attach them and we will try to help you.
Месть - мечта слабых, прощение - удел сильных.
Поддержать проект можно здесь
I'm not so sure. AVZ really use temporary drivers but the name is random.
Mynorgeek, you have to accomplish the Rules: http://virusinfo.info/showthread.php?t=9184
Many thanks for replies. Reason I did not submit logs is because I just wanted to know if AVZ loaded a temp driver named mchlnjDrv.sys.
My avz scan did not turn up a rootkit. It was avast! that alerted to this driver, and I know that mchlnjDrv.sys is used in some other security softwares, namely Comodo Personal Firewall. Trouble is, I don't have CPF, but I do have Comodo BOClean.
According to the CPF coder, "mchlnjDrv.sys is the part of the api hooking SDK CPF uses to inject its DLL appguard.dll to other applications.
It is loaded and extracted on demand by cmdagent.exe. So it is a safe driver.
It is used by many other security software which perform user space api hooking too. So you may also see it reported with other programs."
So this is why I asked, in case AVZ used this driver.
I'll keep investigating, checking with Comodo and avast! It could also be a false positive from avast!
If anyone thinks of anything else, please let me know.
Well, in this part of the forum you should provide 3 logs in order to investigate your system, remember to disable avast, other antyspyware before it!
Otherwise this topic will be closed
*Нажми и выполни, если хочешь чтобы помощь улучшилась и ускорилась
*MyFirefox Portable
special avz @ rapidshare.com
md5: 2091925798B7909E010E3F7E328C5F0D
Thank you. Sorry.
Ваши права в разделе
