MCHINJDRV - What is this?

[thorn108]

Hi
My firewall shows that avast!Web Scanner is trying to install a new driver or service: MCHINJDRV. What is that? Is there enything to worry about?

Thanks

[Lisandro]

Which is your operational system?
I can't find a driver called MCHINJDRV in my computer... 

[thorn108]

Its Windows XP Home Edition

[Lisandro]

I have XP Professional SP2+ and don't have a trouble...
Tryed to search again and did not find that file...
Are you sure it's correct spelled?
Can you post a screenshot of the error message?

[thorn108]

I've denied installing this driver/service so firewall message disappeared. The message about suspicious behavior was exactly: avast!Web Scanner is trying to install a new driver or service: MCHINJDRV. I found the information on the internet that MCHINJDRV has something common with trojan Backdoor.Win32.Delf.zc but I don't know why avast! Webscaner wanted to install this?

[Spiritsongs]

   Hi Thorn :

      Like you, I have Win XP Home Edition ; however, my
      firewall has not given me a similar "alert", so it appears
      something was "using" Avast Web Scanner "name" .
      If you click "Run", type "services.msc", click "OK" , what is
      the "Startup Type" setting for "Avast Web Scanner" ?
      Hopefully it is "Manual" . What firewall do you have ?

[Negeltu]

From CastleCops forum...

"There's a lot of concern at the moment about MchInjDrv. MchInjDrv is a third-party driver/library used by many security applications to provide process-protection. MchInjDrv (or the Mad code hook injection driver) provides a library to allow security product developers to inject a DLL into every process from kernel-mode.

Products we believe use it include spysweeper, a2 and Trojan Hunter. There may be more applications that use this legitimately.

If you trust the process asking to do this, and your sure it hasn't been compromised, then you can allow this driver to be registered for that process. "

[thorn108]

Hi
Thanks for informations.

I have ZoneAlarm firewall.
In "services.msc" setting for "Avast Web Scanner" is "manual".

I couldn't find any informations that avast! has something common with MchInjDrv
so I mistrust that and didn't allow to install.

Once again thanks for replies.
Hopefuly I'll find  confirmation that avast! uses MchInjDrv legitimately

[housi]

Hi
I've XP Pro SP2 a not such a file

[JimTheMuso]

I now have this problem due to FireThreat (formerly Cyberhawk). How can I tell Avast to ignore this particular file? I have tried to add the location of this file to the exclusions but, once it has done whatever it does, it cannot be found on the pc any more. I suspect it is deleted once it has finished but the warning every time I boot up is very annoying.

[AKAJohnDoe]

It is also a part of PC Tools Spyware Doctor, used as part of the keylogger.

[AKAJohnDoe]

Although, SOMETHING HAS CHANGED within the past two days, as AVAST! did not used to flag it at boot-up.