Printable View
Please tell me if AVZ uses a temporary driver filename mchlnjDrv.sys?
After recently running AVZ, avast! AV found mchlnjDrv.sys and said it was a rootkit.
avast! was then unable to remove mchlnjDrv.sys (or even find it) when subsequent scan was done on reboot. And a search of my pc does not turn up mchlnjDrv.sys.
I think that it was possibly alerting on a temp driver file used by AVZ?
Does the AVZ scanner use that driver? Thank you!
P.S. I do not have Comodo FW on my pc, but I do have BOClean.
MchlnjDrv.sys - It is not an AVZ driver. It is a trojan!
Please do the needed logs [url]http://virusinfo.info/showthread.php?t=9184[/url] , attach them and we will try to help you.
I'm not so sure. AVZ really use temporary drivers but the name is random.
[b]Mynorgeek[/b], you have to accomplish the Rules: [url]http://virusinfo.info/showthread.php?t=9184[/url]
Many thanks for replies. Reason I did not submit logs is because I just wanted to know if AVZ loaded a temp driver named mchlnjDrv.sys. :)
My avz scan did not turn up a rootkit. It was avast! that alerted to this driver, and I know that mchlnjDrv.sys is used in some other security softwares, namely Comodo Personal Firewall. Trouble is, I don't have CPF, but I do have Comodo BOClean.
According to the CPF coder, [I]"mchlnjDrv.sys is the part of the api hooking SDK CPF uses to inject its DLL appguard.dll to other applications. [/I]
[I]It is loaded and extracted on demand by cmdagent.exe. So it is a safe driver. [/I]
[I]It is used by many other security software which perform user space api hooking too. So you may also see it reported with other programs."[/I]
So this is why I asked, in case AVZ used this driver.
I'll keep investigating, checking with Comodo and avast! It could also be a false positive from avast!
If anyone thinks of anything else, please let me know. :)
[url]http://www.wilderssecurity.com/showthread.php?p=858604[/url]
Well, in this part of the forum you should provide 3 logs in order to investigate your system, remember to disable avast, other antyspyware before it!
Otherwise this topic will be closed :diablo:
Thank you. Sorry. :)