Comodo CIS detected this right after booting up today: C:\WINDOWS\SYSTEM32\DRIVERS\mchInjDrv.sys
I have it quarantined this file. I searched Microsoft, no results found. How to tell if this is a legit windows system file?
Comodo CIS detected this right after booting up today: C:\WINDOWS\SYSTEM32\DRIVERS\mchInjDrv.sys
I have it quarantined this file. I searched Microsoft, no results found. How to tell if this is a legit windows system file?
AFAIK, the thing that was flagged is adaware and should be deleted. CIS was only doing it’s job
Xan
Thanks eX.
Oh, wait
This is a FP probably. It’s used by many other antimalware software.
You don’t have A-squared do you ?
Moving this …
Xan
No eX, I used to use A-squared.
My current setup is CIS with all systems go, and I also use Spywareterminator (without realtime protection), Malwarebytes, and Threatfire (without realtime protection). I have disabled TF from starting up at system start and have also disabled real time protection, however I noticed it is still listed as a active process in CIS running processes list.
Are you able to analyze the file ? Or at least let it be analyzed,
please send it to the Comodo labs : Look here to know how
then send it to threatexpert : http://threatexpert.com/submit.aspx
and please post the reply here,
Thanks,
Xan
Too late, I deleted right after your first response, maybe next time.
And no problem with the system?
You said you quarantined it, so you should be able to recover it 88).
Oh djee, I messed up… :-[
Xan
Will respond after system restart. Too many things going on right now