What on erth is MCHINJDRV?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by claptrap, Mar 28, 2007.

  1. claptrap

    claptrap Private First Class

    For a few days now, every time I start my computer Zone Alarm pops up with "suspicious behaviour" warning, asking if I would allow GA311 (network card) to install a "new driver or service", the application is question being GA311.exe.

    So far, I have denied this every time and my computer has been working fine... except AdAware will crash alway at 60% of update cycle - I have downloaded and re-installed it without any improvement- although the file check seems to work fine. I have run Spybot, ZoneAlarm and Spython spyware checkers and Avast but no spyware or virus was found

    Today I had two OTHER programs trying to install this file, one being
    • Indexing Service filter daemon (application: cidaemon.exe) and
    • [FONT=&quot] [/FONT]Sytem root \System32\smss.exe. I connect to the internet via router.
    I googled this file name and got the following message from http://www.greatis.com
    "mchInjDrv.sys – Dangerous
    Mchinjdrv.sys
    MchInjDrv.sys is a driver for injecting code to other processes…
    …But it is often used by malicious software.
    Kill the file mchInjDrv.sys and remove mchInjDrv.sys from Windows startup."

    This is more or less a message I have received from other sites. Somehow I think this is malicious code, for all of a sudden all these services wanting to install the same file within minutes from each other. Needless to say, I haven’t allowed this file to install and everything has been working as usual - apart from Ad Aware

    Should I deny or allow this code installing and how do I stop the message popping up every time I’ll boot my pc?
     
    claptrap, Mar 28, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is part of your Netgear network card. You don't need to block it.


    They are valid Windows processes.

    You cannot always believe everything you read. Sometime things can be either good or bad. It depends on who/what is running it.

    MchInjDrv is a third-party driver/library used by many security applications to provide process-protection. MchInjDrv (or the Mad code hook injection driver) provides a library to allow security product developers to inject a DLL into every process from kernel-mode.

    Some tools thought to make use of this are Spy Sweeper, A2, and Trojran Hunter and there could be many more.
     
    chaslang, Mar 29, 2007
    #2
  3. claptrap

    claptrap Private First Class

    Thanks for that, I was worried that something had hijacked my pc and was using these programs to bypass my security... Now Zone Alarm isn't asking me about these any more :( That's the problem of its "learning mode" - yet it is asking every time I boot up, about my mouse drivers.
     
    claptrap, Mar 29, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not a Malware Forum issue and are you check the box to always do the same thing so it does not always ask you.
     
    chaslang, Mar 29, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds