MchinJdrv.sys in System 32 drivers folder(Win32:Trojan-gen.)

[robertden]

I keep getting the sirens upon startup for this entry.I remove it to the chest and delete it and turn off system restore and reboot and it is there again.It is not really there when I search.Other scanners don't detect it.I put it on the exclusion list but still the sirens go off.I have read on forums it is a bug and false positive with Avast.I sent it to Avast.If they don't release an update quickly I will switch to another anti-virus program.Any comments or anybody have same problem??

[maviso5]

Hello

Yer same problem here too i get mchInjDrv.sys is infected.....which everything else..i.e. Spyware Doctor, Spybot S+D etc.. finds my machine as clean as its always been...however avast for the last day or so flashes its nuts off..


Any advances?

Dan

[DavidR]

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.

[oldman]

I put it on the exclusion list but still the sirens go off.I have read on forums it is a bug and false positive with Avast.I sent it to Avast.If

There are two exclution lists. The on access, left click the "a" icon near the clock, select standard shield, customize button, advanced tab.

On demand, right click "a" icon, select program settings, exclutions.

[ret]

I have entered the entire Systems32 Driver Folder in both locations of avast as previously indicated.   A restart of the pc brings back the sirens and a warning that MchinJdrv.sys located in that same folder is a virus.   My question is, since I can't remove any of the Registry, and putting the file in the Chest doesn't work, because when the pc resets it reinstalls the file will Avast folks be releasing an update to fix this issue?

Oh yes I did run the cleaner offered here and it did not find the virus.

[DavidR]

That is a bad decision and could leave you vulnerable as that folder has in the past been used to plant malware, when doing exclusions you should be as precise/unique as possible. If it only effects one file then you should exclude only that file.

You may have a problem with your entry, what would be helpful is to post the complete text of the exclusion and we can check it.

However, you could copy and paste this C:\WINDOWS\SYSTEM32\DRIVERS\etc\MchinJdrv.sys into the Exclusions lists, especially the Standard Shield, Customize, Advanced, Add list as that is what is detecting it on-access.

[ret]

Okay an update.   I have removed and replaced the entries as you posted David  C:\WINDOWS\SYSTEM32\DRIVERS\etc\MchinJdrv.sys  and still Avast warns of a virus.  Am I missing something in your post?

Also in your suggested entry you have a folder called (etc).   My virus is not in any folder so I once again changed the exclustion to read  C:\WINDOWS\SYSTEM32\DRIVERS\MchinJdrv.sys  and on restart still get virus warning.

[DavidR]

Well you have to base your exclusion on the file and location being detected and I don't know what that is nor the exact text you entered do they match exactly ?

What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? 
Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

From this information you could copy and paste that path into the exclusions.

So if you post the avast alert path and the text of your exclusion then we can check.

[SirSad]

Same problem, still siren on start-up, still virus detect in directory C:/Windows/System32/drivers/MchinJdrv.sys 
Exclusion don't solves problem 

[Snagglegrain]

I believe the latest update has fixed the false positive.

[ret]

 C:\WINDOWS\system32\Drivers\mchInjDrv.sys     The antivirus id's the file as  mchInjDrv.sys   

[RejZoR]

Actually this thing is a Themida driver for well Themida protector/packer.

[ret]

Themida driver or not this has been 9 hours for me.   I read above post about update, downloaded it and no warnings.   Removed exclusions, restarted, no warnings.   I need something for a headache.   Thanks to whoever posted the fix.

[oldman]

 

   Thanks to whoever posted the fix.

Actually it was the avast team  [

[Maxx_original]

ehhh.. we'll add the file to our cleanset probably...