possibility of FP mchInjDrv ?

mona7865 · June 17, 2008

Can someone please confirm whether this could be a FP again ?

Malwarebytes' Anti-Malware 1.17

Database versie: 864

18:38:54 17/06/2008

mbam-log-6-17-2008 (18-38-45).txt

Scan type: Snelle Scan

Objecten gescand: 41322

Verstreken tijd: 4 minute(s), 56 second(s)

Geheugenprocessen ge

JeanInMontana · June 17, 2008

I think I can duplicate this. I am pretty sure I don't have a trojan.

Malwarebytes' Anti-Malware 1.17

Database version: 864

12:47:46 PM 6/17/2008

mbam-log-6-17-2008 (12-47-39).txt

Scan type: Quick Scan

Objects scanned: 38705

Time elapsed: 37 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mona7865 · June 17, 2008

Hi JeanInMontana,

Here is the log of another quick scan in English:

Malwarebytes' Anti-Malware 1.17

Database version: 864

20:48:00 17/06/2008

mbam-log-6-17-2008 (20-47-57).txt

Scan type: Quick Scan

Objects scanned: 41906

Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I ran a full scan with AVG 8.0 which detected nothing and RogueRemover Pro didn't detect anything either.

Thank you.

Mona.

melboy · June 17, 2008

same here.

if it helps , jumping to location shows the image path \??\C:\WINDOWS\TEMP\mc21.tmp.

i'm sure , (not 100%) , that this was a temp file created by microsoft/systernals rootkit revealer.

Malwarebytes' Anti-Malware 1.17

Database version: 864

19:20:40 17/06/2008

mbam-log-6-17-2008 (19-20-35).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 84672

Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

nosirrah · June 17, 2008

mmmm , will look into it

seems odd to have a service point to a temp file

AdvancedSetup · June 17, 2008

I'll have to search my logs as I thought that ComboFix deleted that same file on a recent repair. C:\WINDOWS\TEMP\mc21.tmp

darthsideous666 · June 18, 2008

I have this as well on my Desktop (only) XP.

Malwarebytes' Anti-Malware 1.17

Database version: 865

9:09:10 PM 6/17/2008

mbam-log-6-17-2008 (21-08-58).txt

Scan type: Quick Scan

Objects scanned: 41991

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv (Trojan.Agent) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ds

AdvancedSetup · June 18, 2008

Well not sure as that file name comes up all over the web and from a long time ago. Would take more time to investigate

This is from another site.

Control Panel -> System -> Hardware -> Device Manager
Click on View -> Show Hidden Devices
This will add a new node to the list named "Non-Plug and Play Drivers"
Expand that tree. In that list of about 30 items, see if you can spot one relating to the mchInjDrv. If not sure, you can right-click on any entry, select "Properties" then "Driver" or "Details" and it tells you more about it.
Once you've located the relevant driver, you can also "Uninstall" it by right-clicking on it.

Tigger93 · June 18, 2008

Just ran it on Vista here and it didn't get anything. XP only maybe?

nosirrah · June 18, 2008

This will be gone next version , it would be nice of the whitehats that use this would make some changes so I could protect people from the blackhat version .

As it stands now they are identical .

mona7865 · June 18, 2008

Good morning.

Just updated to version 867 and ran a quick scan; it doesn't show op anymore.

Malwarebytes' Anti-Malware 1.17

Database version: 867

6:00:32 18/06/2008

mbam-log-6-18-2008 (06-00-32).txt

Scan type: Quick Scan

Objects scanned: 41420

Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Thank you very much for looking into this and solving it so quickly.

Mona.

JeanInMontana · June 18, 2008

I've never used the MS microsoft/systernals rootkit revealer AFAIK or can remember on this system. I reran a scan today before the scheduled update and scan and everything is the same location for me. New scan running now.

melboy · June 18, 2008

from what i can gather from the net, please tell me if i'm wrong, the file mc21.tmp is a temporary file created when

a service uses the temporary driver MchIngDrv.

would RootkitRevealer be likely to use this or not?

i've scanned with the full arsenal (MBAM, SAS ,a2, avira,defender,spybot, AVG anti rootkit, blacklight) and nothing more than tracking cookies come up.

possibility of FP mchInjDrv ?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information