Security Watch - [Resolved] Rootkit posted in the Security & Safety forums; I just downloaded and ran the AVG Anti-rootkit. It reported a file.
C:\Windows\systems32\Drivers\mcjInjDrv.sys
When I told the program to remove it, it warned me that removal might be dangerous in ...
My suggestion would be to create an image of your hard drive and save it to another hard drive or even DVDs (Acronis True Image lets you choose to split up the image to certain file sizes which would allow you to burn them to DVDs).
Then go ahead with the removal process.
All the research I've done on that file shows it to be a dangerous file. However, you may have spelled it wrong cause your exact spelling came up with nothing. The research I did was for mchinjdrv.sys.
Regardless, if you create a good image of your drive, the very worst case scenario is you remove the file, your OS becomes too corrupted to save, then you just load your image back up.
Also, back up all your important data separately to DVDs in case you have a problem with the image restore.
My suggestion would be to create an image of your hard drive and save it to another hard drive or even DVDs (Acronis True Image lets you choose to split up the image to certain file sizes which would allow you to burn them to DVDs).
Then go ahead with the removal process.
All the research I've done on that file shows it to be a dangerous file. However, you may have spelled it wrong cause your exact spelling came up with nothing. The research I did was for mchinjdrv.sys.
Regardless, if you create a good image of your drive, the very worst case scenario is you remove the file, your OS becomes too corrupted to save, then you just load your image back up.
Also, back up all your important data separately to DVDs in case you have a problem with the image restore.
Yea. Misspelled.
mchInjDrv.sys
That's it. Sorry, typing is not my forte. They almost kicked me out of the military because of it. But, I'm never that lucky...
Twilight Zone has just landed on my PC. When I run the AVG Anti-rootkit straight, I get the (hidden) mchInjDrv.sys file report almost immediately. I tried to delete the file and AVG Anti-rootkit could not delete the file. Then, I thought maybe it needs to be run as Admin. So, I ran it under Admin. Guess what, no file. Clean report.
This is just backward. That explains why AVG Anti-rootkit couldn't delete the file. It wasn't there. But, why report it when NOT ran as Admin?
The Event Viewer come up with an occurance of mchInjDrv
Source: Windows Defender
Event Id: 3004
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {BEB5FB92-6C1A-467A-9546-718420A2945C}
User: BlackKnight\XXXXXX
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:mchInjDrv
Alert Type: Unclassified software
Detection Type:
AVG Anti-Rootkit-Free came up clean. No presence of mchInjDrv.
A search of the HDDs for mchInjdrv came up clean as well.
The Windows Defender recorded...something.
How do I "analyze the software that made these changes" when you don't even know what the changes were. If it is saying the mchInjDrv make the changes, I can't even find that file.
PC Help Forum
» Security & Safety
» Security Watch
»
[Resolved] Rootkit
[Resolved] Rootkit
Linear Mode
