Everytime I start my PC
I get an HIPS asking me if I want to run mchinjdrv.sys
but there is no possibility to ALLOW or BLOCK it
since I don’t have it in c:\Windows\drivers
or nowhere else .
What should I do??
I have Comodo Firewall, Comodo Antivirus
This is a hidden legitimate 3rd party driver called “Mad Code Hook Injection Driver”. No, I’m not joking. CFP 2 (not sure about CFP 3… don’t think so) uses it, as do some other products… some of aSquared’s stuff does. It’s unpacked (from another DLL), loaded & then removed at runtime. So, you will not find it.
More information: Here & here.
That’s strange, because I have mchInjDrv.sys in WINDOWS\system32\drivers.
What I said was based on what CFP 2 did. If you previously installed another product that also used it, then perhaps… it was less careful. But, since it is visible… I recommend running it through one of the many on-line scanners. I say that, because originally (before it was taken down… this is a few years ago) there was also a free cut-down version… which was, unfortunately, abused by Malware writers (thus the take-down).
ClamAV and TheHacker detects it, so I guess it’s a FP.