MchInjDrv

Discussion in 'ProcessGuard' started by Rainwalker, Sep 6, 2004.

Thread Status:
Not open for further replies.
  1. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Anyone else have this showing up lately ..... MchInjDrv o_O
    Any thoughts
     
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    This is used by those programs with injection based on MadCodeHook - usermode injection and hooking technologies. You should ALLOW this if you trust the program doing it - to prevent any incompatibilies

    If this happened with an unknown program or possible trojan, you can send the file to submit(at)diamondcs.com.au for analysis
     
  3. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Thanks Gavin....There are two 'trusted' problems that want to use it. One is Spy Sweeper. It has been trying for the past two days and i have been using SS a lot longer then that with no sign of that driver and have not received any updates for awhile. Same with the other program....only these past two days....seems a bit strange.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi RainWalker, It may be to do with your SS settings. Have you changed some setting in SS that might initiate another process? If so PG is probably catching that.
    I give SS all allows. ;)

    Pilli
     
  5. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Hey Pilli :) ....changed nutt'n ....Have YOU seen that driver request prior to allowing?
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yep, I'm sure I saw it the first time I fired SS up after install but I cannot find it now using windows explorer :(
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Pilli is right, i noticed it right after installing 3.0. :)
     
  8. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Ok....hate to keep beating that proverbial horse but isn't a bit odd you can't locate it
    :doubt:
     
  9. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Opps sorry Don.....meant to thank you for your comment :)
     
  10. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    BTW..i wrote Web...root yesterday and so far have heard nada.
     
  11. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You can't locate it because it is "dropped" by the EXE, then loaded into memory. It could likely then be deleted, the system only needs the memory image of the file
     
  12. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Yep, tested earlier. spysweeper.exe attempted to "drop" mchInjDrv after install and upon SS being run for the first time (at least for me)....I logged it :). I imagine it would be used for the Shields, judging by what Gavin said.

    Code:
    Wed 08 - 12:34:56 [DRIVER/SERVICE] c:\program files\webroot\spy sweeper\spysweeper.exe [652] Tried to install a driver/service named mchInjDrv
    Wed 08 - 12:34:56 [DRIVER/SERVICE] c:\program files\webroot\spy sweeper\spysweeper.exe [652] Tried to install a driver/service named mchInjDrv

    Regards,
    Jade.
     
    Last edited: Sep 8, 2004
  13. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I just received this from Webroot:

    Solution: We apologize for the trouble that you've had. Spy
    Sweeper does not have the ability to add drivers to your system, it is
    not necessary for use, however we will still look into the name of this
    file, and hopefully we can determine it's source. SHould we find any
    more information, we'll let you know.
     
  14. quaduong

    quaduong Guest

    Thankx for the info from webroot.
    In my view, it is kind of weird since they have made their softwares which they have not known details/components of softwares they have made?
    - is it that they have used some existing source code from others?
    - spysweeper 3x is infected already? it is kind of silly to say this, just anyway.

    Looking forward to experts to clarify it out.
    .
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi quaduong, I doubt the person responding had any idea about RainWalkers question and has passed it on to a tech for a proper and more authoritive response.
    I definately saw what Bowserman shows in his screenshot.
     
  16. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I will follow this up
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks Rainwalker, Don't you just love these little mysteries :D

    Cheers Pilli
     
  18. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Yes indeedy, and i always prefer to err on the side of paranoia :D
     
  19. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    Just to say i have heard nothing back from Webroot as of today o_O
     
  20. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Thanks for keeping us updated RainWalker :)
     
  21. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It might be that they have used the "Madshi" libraries and not noticed what it is actually capable of. Well.. it seems like the only explanation to me
     
  22. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    I understand this is 'Madshi' stuff but nonetheless .............waiting to hear...i'll try them again sometime soon...they outta be knowing what they are selling better then they appear to, before they put it on the market.
     
  23. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    UPDATE:
    Wrote them 2 days ago (9-15-04).....still nothing......waiting :p
     
  24. worldcitizen

    worldcitizen Registered Member

    Joined:
    May 15, 2003
    Posts:
    530
    I got the same so should I give Spy Sweeper all alows or what?

    Dave
     
  25. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I have found that SpySweeper needs the install driver / service allow.
    Watch the alerts to ensure the necessary allows.

    HTH Pilli
     
Thread Status:
Not open for further replies.