Announcement

Collapse
No announcement yet.

mchInjDrv.sys Trojan Horse

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mchInjDrv.sys Trojan Horse

    I tried posting this earlier but I dont think it worked so here I go again.

    When ever I try to run EAW, using the curerom created icon, NAV warns me that it has detected a virus. I assume it prevents curerom from loading because the program detects emulation and such again. It has been working fine up until now.

    Virus Report -
    Source: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    Click for more information about this virus : Trojan Horse

  • #2
    ...

    Here is a response from the author of curerom

    Originally Posted by sYk0
    C:\WINDOWS\system32\Drivers\mchInjDrv.sys
    is most definatly NOT a part of CureROM... i think that user has [other] issues on his pc.
    I agree with his/her reply. I realize you say the warning goes off when you click the icon. That does at first seem worrisome. The file you mentioned probably is some sort of trojan horse but you must have gotten infected some other way. I don't think CureROM is involved.

    If you still believe so please email the CureROM installation program to support@daemon-tools.cc (use an email attachment with .rar compression, not .ZIP). Mention the URL that you downloaded the CureROM installation file from and include a reference to this thread. DT Soft is not the author of the program you mentioned but if there are ever links posted on this forum to viruses or trojans the DAEMON Tools support team would like to know about it.
    the modern world:
    net helpmsg 4006

    Comment


    • #3
      I am also having this EXACT same thing happen to me with all the games I am using CureRom for (SWEAW, SWBF2 and SWJKJA). All of these games are now all of a sudden, right before they begin, popping up an error message through Norton about the "mchInjDrv.sys" being a Trojan.Horse. I don't think this is a coincidence.

      Comment


      • #4
        I was having thie problem. I think it was to do with the 1.30b version. I now have the 1.31 version and all is well.

        Comment


        • #5
          "mchInjDrv.sys" "is not"/"never was" a part of CureROM.
          The files installed are:
          CureROM\CureROM.exe
          CureROM\CureROM.dll
          CureROM\Readme.txt
          System32\madcodehook.dll
          and the CureROM animated cursor...

          below is an extract form the NSIS installer script for CureROM 1.3.0 + 1.3.0b and 1.31...
          SetOutPath "$INSTDIR"
          SetOverwrite on
          File "CureRom.exe"
          File "CureRom.dll"
          File "ReadMe.txt"
          SetOutPath "$SYSDIR"
          SetOverwrite ifnewer
          File "madCHook.dll"
          ...
          SetOverwrite on
          SetFileAttributes "Temp.ani" NORMAL
          File "Temp.ani"
          Note: "madcodehook.dll" may be reported as a virus by some Anti-virus products (i.e: Kaspersky)...
          "madcodehook.dll" is a legitimate software product, but some software authors use it for malicious purposes (CureROM DT does not use it for any malicious purposes), thus the next release of CureROM (2.0) will NOT be using this file anymore.

          I have pesonally tested all files that CureROM uses with:
          ZoneAlarm (Full Version + Latest Updates)
          Norton2005/2006 (Trial Version + Latest Updates)
          Kaspersky (Trial Version + Latest Updates)
          Panda (Trial Version + Latest Updates)
          and i have had no/zero reports of any trojan/virus...

          Where did you download your version of CureROM?
          Last edited by sYk0; 12.03.2006, 13:32.
          Mail:
          curerom @ daemon-tools.cc

          Comment


          • #6
            I got around this by downloading an older version.

            I went to CureRom.net and got the oldest version "1.2.2"

            Works fine with Sims2 Family Fun.

            Comment


            • #7
              hey

              umm just to what was said above im pretty sure that "madCHook.dll" is the same as "mchInjDrv" as in mad code hooks injection drive, i got it on my comp its coming up as adware and melware and stuff and apparently it can be used by trojans or something but some other programs like spy sweeper and anti spyware programs also use it so yea

              just letting you know

              Comment

              Working...
              X