Ok Ive done a fresh install on my pc with legit software and so on.

mchInjDrv.sys is being queried by Comodo antivirus and general reports on the web sem to refer the file as MALWARE from 2004-2005 (its an old injector).

My belief and I fail to see why this has not been identified and confirmed by C.O.M.O.DO it is actually a file that is installed by COMODO Antivirus itself.

I am allowing the program but to be honest COMODO need to sort themselves out on this one as there seems a lot of confusion when searching the web. Fingers being pointed at other spyware/antivirus programs. I have only installed WINXP service pack 3, COMODO firewall, Threatfire and decided to try COMODO Antivurs BETA seems to be logical to run alongside COMODOs firewall.

How I arrived at the conclusion it is a COMODO file is for several reasons :

It has never been flagged before on my systems by any other antispyware/antivirus.
It is the FIRST time ever having seen or heard about this file (I appreciate this maybe coincidence).
And I noticed that several files were being flagged including; windows online update, explorer, firefox and even COMODOs firweall itself.

I believe COMODO users are due an explanation for peace of mind as no one appears to be entirely clear on what ‘‘mchInjDrv.sys’’ is and does.

Personally Im marking it as safe but not remembering till I get some confirmation.

I’m pretty sure its nothing to worry about however the behaviour and nature of the ‘injection’ file is concerning and should’ve been addressed by COMODO.

Looking forward to some clarification.

Hope my experience helps.

Links I found :

Further more I am finding worrying explanations from admins in the forum for example :
Global Moderator
Comodo’s Hero

This driver is a legitimate code injector, its a hidden driver. mchinjdrv stands for Mad Code Hook Injection Driver (seriously). The free version was taken down late 2005 (I think) because of abuse & that's the one you find in Malware. You don't find this one because it is not free. This driver is used by CFP (2.4, I don't think version 3 uses it.. Egemen?) & A-Squared products to name but a couple. Deleting it (if you can find it) is futile since its installed (by what uses it) dynamically at run-time. It is not an infection.

To conclude I believe COMODO have decided to use this in their BETA antivirus, it’s old scripting and should not be used.

Believe if you uninstall COMODO and try another firewall/antiviruses you will probably not experience it again.

Let me know if Im wrong.

Its about solutions, nothing more.

Hello MishMash,

COMODO Antivirus BETA 2.0 will never make it to the final version.

At this moment COMODO Internet Security is the new product for Antivirus/Firewall/Host Intrusion Prevention and Release Candidate 1 at the moment.

For most users it is pretty stable already, but a warning should be in place to not use this on production systems.

Maybe you could check this out.

And the problem with those “drivers” is that the “bad guy’s” where abusing it that’s why the “good guy’s” have to explain why they use it… same goes for remote administration tools, they almost always get flagged by AV’s and other scanners also.