False Positive with AVG Free?

Author	All Replies
sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT	False Positive with AVG Free? I turned on my computer today and in the history log of AVG Free I had the following listed: "2007/07/16 16:07:29" user="SYSTEM" source="Virus" @HL_ReportFindRS filename> C:\WINDOWS\system32\drivers\mchInjDrv.sys finding > @EID_Id_trj virusname > BackDoor.Generic7.NZJ Now I do a complete scan with AVG Free, AVG Anti-Spyware, Ad-Aware, Spybot, Windows Defender, and Trojan Hunter on a weekly basis every Friday night. All of these scans were done on 7/13 and all came up clean. The computer was not even turned on over the weekend. I got the above after doing a manual update of AVG Free after turning on the computer this evening. No one had access to the computer all weekend. Just for the hell of it I have redone all of the above scans and they all come up clean. This has got me baffled. Any suggestions? Sammy
	to forum · permalink · · 2007-07-16 20:23:18 ·
ezdsl join:2002-03-13 Austin, TX	I checked my AVG log and found what was reported to be a virus (don't remember exactly which as I'm at work at the moment) logged over the weekend. Today, I ran a full scan and nothing was found. I checked the AVG forums (»forum.grisoft.cz/freeforum/list.php?4) and found several false positives in the last couple of days. Glitch on a weekend update? Maybe???
ezdsl join:2002-03-13 Austin, TX	to forum · permalink · · 2007-07-16 20:30:58 ·
caffeinator Coming soon to a cup near you.. Premium join:2005-01-16 Spokane, WA ·WebBand 2 edits	reply to sammysnake It's "MadCodeHook" tool from a legit company, and can/may be used by malware...but is also used by legit programs. Found this: »www.softwaretipsandtricks.com/da···sys.html quote: MchInjDrv.sys is a driver for injecting code to other processes. Publisher is legitimate: »madshi.net But it is often used by malicious software. Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup. Another thread at Kaspersky: »forum.kaspersky.com/lofiversion/···351.html I guess it depends on what you have installed, or may have installed recently. You could try uploading to Jotti or Virustotal for more checks. -CaFF -- "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein Need an Avatar? Check out Wafen's Avatar Pages
	to forum · permalink · · 2007-07-16 22:44:30 ·
sammysnake Never Forget 911 Premium join:2002-01-19 Salt Lake City, UT	said by caffeinator : It's "MadCodeHook" tool from a legit company, and can/may be used by malware...but is also used by legit programs. Found this: »www.softwaretipsandtricks.com/da···sys.html quote: MchInjDrv.sys is a driver for injecting code to other processes. Publisher is legitimate: »madshi.net But it is often used by malicious software. Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup. Another thread at Kaspersky: »forum.kaspersky.com/lofiversion/···351.html I guess it depends on what you have installed, or may have installed recently. You could try uploading to Jotti or Virustotal for more checks. -CaFF I would attempt to uplaod to Jotti or Virustotal but I do not have a file called "mchInjDrv.sys" anywhere on my system.
	to forum · permalink · · 2007-07-17 02:22:24 ·


Saturday, 04-Jul 00:47:02	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com. page compression OFF