PDA

Просмотр полной версии : mchlnjDrv.sys



mynorgeek
12.04.2008, 19:58
Please tell me if AVZ uses a temporary driver filename mchlnjDrv.sys?

After recently running AVZ, avast! AV found mchlnjDrv.sys and said it was a rootkit.

avast! was then unable to remove mchlnjDrv.sys (or even find it) when subsequent scan was done on reboot. And a search of my pc does not turn up mchlnjDrv.sys.

I think that it was possibly alerting on a temp driver file used by AVZ?

Does the AVZ scanner use that driver? Thank you!

P.S. I do not have Comodo FW on my pc, but I do have BOClean.

kps
12.04.2008, 20:56
MchlnjDrv.sys - It is not an AVZ driver. It is a trojan!
Please do the needed logs http://virusinfo.info/showthread.php?t=9184 , attach them and we will try to help you.

AndreyKa
12.04.2008, 23:40
I'm not so sure. AVZ really use temporary drivers but the name is random.
Mynorgeek, you have to accomplish the Rules: http://virusinfo.info/showthread.php?t=9184

mynorgeek
13.04.2008, 01:03
Many thanks for replies. Reason I did not submit logs is because I just wanted to know if AVZ loaded a temp driver named mchlnjDrv.sys. :)

My avz scan did not turn up a rootkit. It was avast! that alerted to this driver, and I know that mchlnjDrv.sys is used in some other security softwares, namely Comodo Personal Firewall. Trouble is, I don't have CPF, but I do have Comodo BOClean.

According to the CPF coder, "mchlnjDrv.sys is the part of the api hooking SDK CPF uses to inject its DLL appguard.dll to other applications.

It is loaded and extracted on demand by cmdagent.exe. So it is a safe driver.

It is used by many other security software which perform user space api hooking too. So you may also see it reported with other programs."

So this is why I asked, in case AVZ used this driver.

I'll keep investigating, checking with Comodo and avast! It could also be a false positive from avast!

If anyone thinks of anything else, please let me know. :)

RiC
13.04.2008, 08:25
http://www.wilderssecurity.com/showthread.php?p=858604

drongo
13.04.2008, 09:41
Well, in this part of the forum you should provide 3 logs in order to investigate your system, remember to disable avast, other antyspyware before it!
Otherwise this topic will be closed :diablo:

mynorgeek
14.04.2008, 00:33
Thank you. Sorry. :)