False Positive with AVG Free?

Forums » Up and Running » Security » Security » False Positive with AVG Free?


Uniqs: 1902	Share Topic:	RSS topic:	toggle: flat / full normal / watch	Posting:	Post a:	Post a:

Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal

Users open holes in company networks »
« Antivirus from usb drive?

sammysnake
Never Forget 911
Premium
join:2002-01-19
Salt Lake City, UT

·Qwest.net

·Comcast Formerly ..

False Positive with AVG Free?

I turned on my computer today and in the history log of AVG Free I had the following listed:

"2007/07/16 16:07:29" user="SYSTEM" source="Virus"
@HL_ReportFindRS filename> C:\WINDOWS\system32\drivers\mchInjDrv.sys
finding > @EID_Id_trj
virusname > BackDoor.Generic7.NZJ

Now I do a complete scan with AVG Free, AVG Anti-Spyware, Ad-Aware, Spybot, Windows Defender, and Trojan Hunter on a weekly basis every Friday night. All of these scans were done on 7/13 and all came up clean. The computer was not even turned on over the weekend.

I got the above after doing a manual update of AVG Free after turning on the computer this evening. No one had access to the computer all weekend.

Just for the hell of it I have redone all of the above scans and they all come up clean.

This has got me baffled.

Any suggestions?

Sammy

permalink · 2007-07-16 20:23:18 · Print ·

ezdsl join:2002-03-13 Austin, TX	Re: False Positive with AVG Free? I checked my AVG log and found what was reported to be a virus (don't remember exactly which as I'm at work at the moment) logged over the weekend. Today, I ran a full scan and nothing was found. I checked the AVG forums (»forum.grisoft.cz/freeforum/list.php?4) and found several false positives in the last couple of days. Glitch on a weekend update? Maybe???
	permalink · 2007-07-16 20:30:58 ·

caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
Spokane, WA

·WebBand

2 edits

It's "MadCodeHook" tool from a legit company, and can/may be used by malware...but is also used by legit programs.

Found this:

»www.softwaretipsandtricks.com/da···sys.html

quote:
MchInjDrv.sys is a driver for injecting code to other processes.
Publisher is legitimate:
»madshi.net
But it is often used by malicious software.
Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup.

Another thread at Kaspersky: »forum.kaspersky.com/lofiversion/···351.html

I guess it depends on what you have installed, or may have installed recently.

You could try uploading to Jotti or Virustotal for more checks.

-CaFF
--
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - A. Einstein

Need an Avatar? Check out Wafen's Avatar Pages

permalink · 2007-07-16 22:44:30 · Print ·

sammysnake
Never Forget 911
Premium
join:2002-01-19
Salt Lake City, UT

·Qwest.net

·Comcast Formerly ..

Re: False Positive with AVG Free?

said by caffeinator

:

It's "MadCodeHook" tool from a legit company, and can/may be used by malware...but is also used by legit programs.

Found this:

»www.softwaretipsandtricks.com/da···sys.html

quote:
MchInjDrv.sys is a driver for injecting code to other processes.
Publisher is legitimate:
»madshi.net
But it is often used by malicious software.
Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup.

I would attempt to uplaod to Jotti or Virustotal but I do not have a file called "mchInjDrv.sys" anywhere on my system.

permalink · 2007-07-17 02:22:24 · Print ·

your comment..

Forums » Up and Running » Security » Security	Users open holes in company networks » « Antivirus from usb drive?


Friday, 27-Nov 20:38:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF