Malware in Windows XP

Hello! Friends

I encounter this problem today. When I boot my PC, I keep on receiving this
security warning from my anti-virus software: Malware Win32 Trojan_gen
exists in the following path:

C:\WINDOWS\system32\Drivers\mchInjDrv.sys

I tried to delete or "move to chest" (as recommended) it. But it keeps
coming back when I reboot the PC. It is very irritating. How can I
permanently remove it? Is it harmful?

Thanks.

zhj23

zhj23 wrote:
> Hello! Friends
>
> I encounter this problem today. When I boot my PC, I keep on receiving this
> security warning from my anti-virus software: Malware Win32 Trojan_gen
> exists in the following path:
>
> C:\WINDOWS\system32\Drivers\mchInjDrv.sys
>
> I tried to delete or "move to chest" (as recommended) it. But it keeps
> coming back when I reboot the PC. It is very irritating. How can I
> permanently remove it? Is it harmful?


A quick Google for "mchinjdrv.sys" tells me that:

"MchInjDrv.sys is a driver for injecting code to other processes.
Publisher is legitimate: http://madshi.net
But it is often used by malicious software. Kill the file mchInjDrv.sys
and remove mchInjDrv.sys from Windows startup."

In addition to the doing the above, I suggest that you do:

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com...emoving_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Thanks for the info.

I have deleted the file. But still coming back on every reboot. Pls let me
know how to remove it from "Windows StartUp"? Thanks.

It is really driving me crazy.

zhj23

"Malke" wrote:

> zhj23 wrote:
> > Hello! Friends
> >
> > I encounter this problem today. When I boot my PC, I keep on receiving this
> > security warning from my anti-virus software: Malware Win32 Trojan_gen
> > exists in the following path:
> >
> > C:\WINDOWS\system32\Drivers\mchInjDrv.sys
> >
> > I tried to delete or "move to chest" (as recommended) it. But it keeps
> > coming back when I reboot the PC. It is very irritating. How can I
> > permanently remove it? Is it harmful?
>
>
> A quick Google for "mchinjdrv.sys" tells me that:
>
> "MchInjDrv.sys is a driver for injecting code to other processes.
> Publisher is legitimate: http://madshi.net
> But it is often used by malicious software. Kill the file mchInjDrv.sys
> and remove mchInjDrv.sys from Windows startup."
>
> In addition to the doing the above, I suggest that you do:
>
> Go through these general malware removal steps systematically -
> http://www.elephantboycomputers.com...emoving_Malware
>
> Include scanning with David Lipman's Multi_AV and follow instructions to
> do all scans in Safe Mode.
>
> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
> http://pcdid.com/Multi_AV.htm - download
>
> You can also check to see if there are targeted removal steps for your
> malware here:
> Bleeping Computer removal how-to's -
> http://www.bleepingcomputer.com/forums/forum55.html
>
> When all else fails, run HijackThis and post your log in one of the
> specialty forums listed at the first link above (not here, please).
>
> Standard caveat: If the procedures look too complex - and there is no
> shame in admitting this isn't your cup of tea - take the machine to a
> professional computer repair shop (not your local version of
> BigComputerStore/GeekSquad). Please be aware that not all local shops
> are skilled at removing malware and even if they are, your computer may
> be so infested that Windows will need to be clean-installed. Have all
> your data backed up before you take the machine into a shop.
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>

zhj23 wrote:
> Thanks for the info.
>
> I have deleted the file. But still coming back on every reboot. Pls let me
> know how to remove it from "Windows StartUp"? Thanks.
>
> It is really driving me crazy.

Read through the information I already gave you. In addition, it may be
that the file is not malicious at all but is connected with some
legitimate program/driver/process that you have installed. Only you know
what you have installed. Once you have determined that your computer is
virus/malware-free by going through the scanning processes already given
you, you can manage your Windows startup as follows:

Clean boot in Windows XP - http://support.microsoft.com/kb/310353
Clean-boot advanced troubleshooting in Windows XP -
http://support.microsoft.com/kb/316434
How to Troubleshoot By Using the Msconfig Utility in Windows XP -
http://support.microsoft.com/?id=310560


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

hi
i had a similar problem recently i managed to cure it by doing the following
type the file name into the serch page while using task manager to kill the
notification. i then deleted all copies that showed up i then mted recicly
bin and used the clean disk facility before runing the virus checker on full
scan .
i had to do this about 8 or 9 times to kill it alltogether. but i still
havent worked out how to get control panel and administrative rights back yet

"Malke" wrote:

> zhj23 wrote:
> > Thanks for the info.
> >
> > I have deleted the file. But still coming back on every reboot. Pls let me
> > know how to remove it from "Windows StartUp"? Thanks.
> >
> > It is really driving me crazy.
>
> Read through the information I already gave you. In addition, it may be
> that the file is not malicious at all but is connected with some
> legitimate program/driver/process that you have installed. Only you know
> what you have installed. Once you have determined that your computer is
> virus/malware-free by going through the scanning processes already given
> you, you can manage your Windows startup as follows:
>
> Clean boot in Windows XP - http://support.microsoft.com/kb/310353
> Clean-boot advanced troubleshooting in Windows XP -
> http://support.microsoft.com/kb/316434
> How to Troubleshoot By Using the Msconfig Utility in Windows XP -
> http://support.microsoft.com/?id=310560
>
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
>