Jump to content

possibility of FP mchInjDrv ?


mona7865
 Share

Recommended Posts

Can someone please confirm whether this could be a FP again ?

Malwarebytes' Anti-Malware 1.17

Database versie: 864

18:38:54 17/06/2008

mbam-log-6-17-2008 (18-38-45).txt

Scan type: Snelle Scan

Objecten gescand: 41322

Verstreken tijd: 4 minute(s), 56 second(s)

Geheugenprocessen ge

Link to post
Share on other sites

I think I can duplicate this. I am pretty sure I don't have a trojan.

Malwarebytes' Anti-Malware 1.17

Database version: 864

12:47:46 PM 6/17/2008

mbam-log-6-17-2008 (12-47-39).txt

Scan type: Quick Scan

Objects scanned: 38705

Time elapsed: 37 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi JeanInMontana,

Here is the log of another quick scan in English:

Malwarebytes' Anti-Malware 1.17

Database version: 864

20:48:00 17/06/2008

mbam-log-6-17-2008 (20-47-57).txt

Scan type: Quick Scan

Objects scanned: 41906

Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I ran a full scan with AVG 8.0 which detected nothing and RogueRemover Pro didn't detect anything either.

Thank you.

Mona.

Link to post
Share on other sites

same here.

if it helps , jumping to location shows the image path \??\C:\WINDOWS\TEMP\mc21.tmp.

i'm sure , (not 100%) , that this was a temp file created by microsoft/systernals rootkit revealer.

Malwarebytes' Anti-Malware 1.17

Database version: 864

19:20:40 17/06/2008

mbam-log-6-17-2008 (19-20-35).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 84672

Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I have this as well on my Desktop (only) XP.

Malwarebytes' Anti-Malware 1.17

Database version: 865

9:09:10 PM 6/17/2008

mbam-log-6-17-2008 (21-08-58).txt

Scan type: Quick Scan

Objects scanned: 41991

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ds

Link to post
Share on other sites

  • Root Admin

Well not sure as that file name comes up all over the web and from a long time ago. Would take more time to investigate

This is from another site.

Control Panel -> System -> Hardware -> Device Manager

Click on View -> Show Hidden Devices

This will add a new node to the list named "Non-Plug and Play Drivers"

Expand that tree. In that list of about 30 items, see if you can spot one relating to the mchInjDrv. If not sure, you can right-click on any entry, select "Properties" then "Driver" or "Details" and it tells you more about it.

Once you've located the relevant driver, you can also "Uninstall" it by right-clicking on it.

Link to post
Share on other sites

Good morning.

Just updated to version 867 and ran a quick scan; it doesn't show op anymore.

Malwarebytes' Anti-Malware 1.17

Database version: 867

6:00:32 18/06/2008

mbam-log-6-18-2008 (06-00-32).txt

Scan type: Quick Scan

Objects scanned: 41420

Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you very much for looking into this and solving it so quickly.

Mona.

Link to post
Share on other sites

from what i can gather from the net, please tell me if i'm wrong, the file mc21.tmp is a temporary file created when

a service uses the temporary driver MchIngDrv.

would RootkitRevealer be likely to use this or not?

i've scanned with the full arsenal (MBAM, SAS ,a2, avira,defender,spybot, AVG anti rootkit, blacklight) and nothing more than tracking cookies come up.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.