ThreatFire Driver File and NOD32

Discussion in 'ESET NOD32 Antivirus' started by jab2, Apr 18, 2009.

Thread Status:
Not open for further replies.
  1. jab2

    jab2 Registered Member

    Joined:
    May 6, 2008
    Posts:
    11
    When I downloaded and installed ThreatFire 4.1.0.25 yesterday I got an alert that I needed another file, a file concerning drivers called mchInjDrv.sys. and NOD32 quarantined it, but every time I reboot my computer NOD32 catches it again and deletes it. NOD32 says the reason is "Win32.Monitor.PCAgent application"

    Should I take it off the quarantine list and tell NOD 32 to let it load? ThreatFire runs and scans rootkits without it. I'm assuming this is some file that protects your drivers from being tampered with by trojans, but I thought I'd run it by ESET people to confirm it's okay to let it load.

    If anyone could enlighten me I'd appreciate it. Thanks.
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    This is a legitimate file used by ThreatFire. NOD32 detects it when detection of potentially unsafe applications is enabled. You should either exclude the file from scanning by NOD32 or, alternatively, disable the detection of potentially unsafe applications.

    This has been discussed previously in the following thread: -

    https://www.wilderssecurity.com/showthread.php?t=231865
     
  3. jab2

    jab2 Registered Member

    Joined:
    May 6, 2008
    Posts:
    11
    Thanks for the information.
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Hello

    Be aware this is very old hat but theres legitamacy to this particulat driver as been used by malware in the past, not sure if it still is or not, but FYI, MAMUTU also incorporates this "hidden" driver file so make sure you EXCLUDE IT!!!

    EASTER
     
Thread Status:
Not open for further replies.