HKLM\System\Controlset001(CurrentControlSet)\Services\mchInjDrv

Discussion in 'other security issues & news' started by comrade89, May 16, 2006.

Thread Status:
Not open for further replies.
  1. comrade89

    comrade89 Registered Member

    Joined:
    May 16, 2006
    Posts:
    1
    Hallo,
    every time I clean my registry with RegSeeker, I will find these two entries, which I always delete, but they appear again and again:
    HKLM\System\ControlSet001\Services\mchInjDrv and
    HKLM\System\CurrentControlSet\Services\mchInjDrv.
    With both entries there comes the comment from RegSeeker:
    File or Path does not exist - Image Path:\??\C:\Windows\TEMP\mc22.tmp.
    The number of the TEMP file is always changing, sometimes it is mc21.tmp or something else. I am cleaning my system every time with CCleaner from TEMP files and cache entries. Is this the reason for creating another number for the TEMP file? What is mchInjDrv? Somewhere I have read it could be a trojan or some programs like SpySweeper (which I used), a² (I still have this) and other similiar programs use it. I ran several programs to check my PC (AntiVir, Spybot S&D, a², Ad-Aware SE, Pest Patrol, Ewido, Escan, HijackThis, Spyware Doctor, DrWebCureIt and several online scanners, also tools to find rootkits. Nothing was found and I also have no problems.
    Thank you very much for an answer.
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    I would very cautious in the future when using programs such as RegSeeker ;)

    A number of security applications such as Online Armor, Spyware Doctor, TrojanHunter, spysweeper, a2....etc....all add this registry entry. The "mchInjDrv" in "mchInjDrv" refers to madCodeHook which is a legitimate driver internally used by madCodeHook to inject dlls into other processes.

    Not so recent Wilders thread but still very much valid thread concerning this matter and a comment by the author of madCodeHook:

    Re: MchInjDrv
     
  3. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    Hi Bubba,

    I like Comrade89 also use "Regseeker" & have apps (Trojan Hunter, Spysweeper) that use "mchinjdrv" are you saying it would be wise to set "Regseeker" to ignore mchinjdrv? Would it be correct thinking, that when an application (Trojan Hunter, Spysweeper) start it/they replace the missing "mchinddrv.dll" file, & then when these programs close, & "Regseeker" is run, it cannot find a path for "mchinjdrv.dll" hence it flags mchinjdrv.dll for potential deletion? Also I have PG ver 3.2, all "global protection options" ticked, should i get a warning from PG when an app. wants to replace "mchinjdrv.dll?

    Thanks & Take Care
    rico
     
Thread Status:
Not open for further replies.