Jump to content
Ahiga

Trojan.Mad Code Hook Injector

Recommended Posts

SAS found 11 threats of the Trojan.Mad Code Hook Injector via the Critical Point Scan.

Is this a false positive or a real threat. I've read conflicting reports several of which

say the MCHINJDRV is needed for security.

Should I delete these or keep them?

Thanks

Bill

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 08/09/2011 at 04:13 PM

Application Version : 5.0.1108

Core Rules Database Version : 7538

Trace Rules Database Version: 5350

Scan type : Critical Point Scan

Total Scan Time : 00:03:02

Operating System Information

Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 679

Memory threats detected : 0

Registry items scanned : 34300

Registry threats detected : 11

File items scanned : 4009

File threats detected : 0

Trojan.Mad Code Hook Injector

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\LogConf

Share this post


Link to post
Share on other sites

This is a driver that is used by both good and bad software. Unfortunately, even if a driver installed by a legit application, if that driver allows malicious software access to your system, it's a significant security loophole that we detect as bad. I would contact the software vendor that installed the driver on your system (if it was, in fact, installed by legit software) and inform them that the driver is being used for malicious purposes. You can always quarantine the item and restore it if it breaks one of your tools - at least then you'll know which application installed it.

Share this post


Link to post
Share on other sites

Thanks for your reply.

SAS did not report it again after a 2nd Critical Point Scan. I have removed it from my registry (backed up previous).

Not sure why SAS didn't find the same 11 threats prior to my deleting them on the 2nd pass. So far Comodo, MSSE,

Avast, SAS all seem to working normally.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...