Please tell me if AVZ uses a temporary driver filename mchlnjDrv.sys?
After recently running AVZ, avast! AV found mchlnjDrv.sys and said it was a rootkit.
avast! was then unable to remove mchlnjDrv.sys (or even find it) when subsequent scan was done on reboot. And a search of my pc does not turn up mchlnjDrv.sys.
I think that it was possibly alerting on a temp driver file used by AVZ?
Does the AVZ scanner use that driver? Thank you!
P.S. I do not have Comodo FW on my pc, but I do have BOClean.
Many thanks for replies. Reason I did not submit logs is because I just wanted to know if AVZ loaded a temp driver named mchlnjDrv.sys.
My avz scan did not turn up a rootkit. It was avast! that alerted to this driver, and I know that mchlnjDrv.sys is used in some other security softwares, namely Comodo Personal Firewall. Trouble is, I don't have CPF, but I do have Comodo BOClean.
According to the CPF coder, "mchlnjDrv.sys is the part of the api hooking SDK CPF uses to inject its DLL appguard.dll to other applications.
It is loaded and extracted on demand by cmdagent.exe. So it is a safe driver.
It is used by many other security software which perform user space api hooking too. So you may also see it reported with other programs."
So this is why I asked, in case AVZ used this driver.
I'll keep investigating, checking with Comodo and avast! It could also be a false positive from avast!
If anyone thinks of anything else, please let me know.
Well, in this part of the forum you should provide 3 logs in order to investigate your system, remember to disable avast, other antyspyware before it!
Otherwise this topic will be closed