nonexisting driver

Everytime I start my PC
I get an HIPS asking me if I want to run mchinjdrv.sys
but there is no possibility to ALLOW or BLOCK it
since I don’t have it in c:\Windows\drivers
or nowhere else .

What should I do??
I have Comodo Firewall, Comodo Antivirus
and Threatfire

Hi Borisweden

This is a hidden legitimate 3rd party driver called “Mad Code Hook Injection Driver”. No, I’m not joking. CFP 2 (not sure about CFP 3… don’t think so) uses it, as do some other products… some of aSquared’s stuff does. It’s unpacked (from another DLL), loaded & then removed at runtime. So, you will not find it.

More information: Here & here.

That’s strange, because I have mchInjDrv.sys in WINDOWS\system32\drivers.

What I said was based on what CFP 2 did. If you previously installed another product that also used it, then perhaps… it was less careful. But, since it is visible… I recommend running it through one of the many on-line scanners. I say that, because originally (before it was taken down… this is a few years ago) there was also a free cut-down version… which was, unfortunately, abused by Malware writers (thus the take-down).

ClamAV and TheHacker detects it, so I guess it’s a FP.
MD5: 9971aa2d16cb558358d6f6f3b5055cba