Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
November 30, 2009, 03:00:37 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
338829
Posts
37502
Topics
85108
Members
Latest Member:
spriggig
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Learn about Computer Security and Interact with Security Experts
HIPS (Host Intrusion Prevention Systems)
nonexisting driver
« previous
next »
Pages:
[
1
]
Author
Topic: nonexisting driver (Read 4472 times)
Borisweden
Newbie
Offline
Posts: 1
nonexisting driver
«
on:
May 18, 2008, 10:26:48 AM »
Everytime I start my PC
I get an HIPS asking me if I want to run mchinjdrv.sys
but there is no possibility to ALLOW or BLOCK it
since I don't have it in c:\Windows\drivers
or nowhere else .
What should I do??
I have Comodo Firewall, Comodo Antivirus
and Threatfire
Logged
kail
Autonomous
Global Moderator
Comodo's Hero
Offline
Posts: 5323
I'm not a complete idiot, some bits are missing.
Re: nonexisting driver
«
Reply #1 on:
May 18, 2008, 12:13:56 PM »
Hi Borisweden
This is a hidden legitimate 3rd party driver called "Mad Code Hook Injection Driver". No, I'm not joking. CFP 2 (not sure about CFP 3.. don't think so) uses it, as do some other products.. some of aSquared's stuff does. It's unpacked (from another DLL), loaded & then removed at runtime. So, you will not find it.
More information:
Here
&
here
.
Logged
Vista Business x32+SP2 with CIS 3.12 & Firefox 3.5 & Becky! 2.52
__
A positive and polite attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
Ragwing
Global Moderator
Comodo's Hero
Offline
Posts: 3451
Re: nonexisting driver
«
Reply #2 on:
May 18, 2008, 12:24:05 PM »
Quote from: kail on May 18, 2008, 12:13:56 PM
It's unpacked (from another DLL), loaded & then removed at runtime. So, you will not find it.
That's strange, because I have mchInjDrv.sys in WINDOWS\system32\drivers.
Logged
Forum Policy
FAQs
kail
Autonomous
Global Moderator
Comodo's Hero
Offline
Posts: 5323
I'm not a complete idiot, some bits are missing.
Re: nonexisting driver
«
Reply #3 on:
May 18, 2008, 12:47:13 PM »
What I said was based on what CFP 2 did. If you previously installed another product that also used it, then perhaps.. it was less careful. But, since it is visible.. I recommend running it through one of the many on-line scanners. I say that, because originally (before it was taken down.. this is a few years ago) there was also a free cut-down version.. which was, unfortunately, abused by Malware writers (thus the take-down).
Logged
Vista Business x32+SP2 with CIS 3.12 & Firefox 3.5 & Becky! 2.52
__
A positive and polite attitude may not solve all your problems, but it will annoy enough people to make it worth the effort.
Ragwing
Global Moderator
Comodo's Hero
Offline
Posts: 3451
Re: nonexisting driver
«
Reply #4 on:
May 18, 2008, 03:46:42 PM »
ClamAV and TheHacker detects it, so I guess it's a FP.
MD5: 9971aa2d16cb558358d6f6f3b5055cba
Cheers,
Ragwing
Logged
Forum Policy
FAQs
Tags:
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to help Comodo?
-----------------------------
=> Help Spread the Word - Official Comodo banners and logos
=> How can you help Comodo? (Please we do need you!)
===> Help spread the word! (Please read and help)
===> Comodo website issues for submitting website problems only
=> Please tell us your views and Vote here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Overview - CIS
===> Help - CIS
=====> Anti Virus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> Anti Virus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> Anti Virus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
===> Wishlist - CIS
=====> Anti Virus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> GUI -Graphical User Interface - Wishlist
===> Bug Report - CIS
=====> Anti Virus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> Other - General - GUI etc Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
=> Comodo Dragon - CD
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Overview - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless world!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to you)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Computer Firewalls
=> Anti Virus/Malware Products/Other Security products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> HIPS (Host Intrusion Prevention Systems)
=> Anti Phishing solutions
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments (not product related)
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> tiếng Việt / Vietnamese
===> Slovenský / Slovak
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archive Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
Page created in 0.043 seconds with 17 queries.
Powered by SMF 1.1.10
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com
Author