mchlnjDrv.sys - Trojan

waddie_2

I opened up a file and this popped up with my AVG anti virus and every time I reboot. I have researched this and can't seem to find a fix. I have run Hijack this but can't post the log yet. I have a-squared, reg cure and installed Reg Run that keeps saying my system is clean when this trojan just keeps popping up.

Online I have received one answer about the registry edits not finding or fixing and lots of information this can be a false postive, but I don't think this is the case in my situation.

Is there anyway to remove this Trojan ( mchlnjDrv.sys ), as I have cleared my pc now ready for a reformat as a last resort.


Any ideas? Thanks.

aliEnRIK

Download, update and quick scan with malwarebytes
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

waddie_2

Thanks I shall give this a try.

aliEnRIK

Dont clear the drive just because of ONE trojan waddie. See how it goes first.
Can you give me info on it? As in where it is on your drive, which program etc? (AVG should say when it finds it)

waddie_2

C:\WINDOWS\system32\Drivers\mchlnjDrv.sys

And of course its not there. No one who gets this trojan can find it. (AVG cannot heal or send it to the vault)

It apparently can be a false positive as it comes bundled with some security software, but I got it from a file (not security) accidentally opened, that's why I an suspicious its not a false positive.

I have backed up all my files off my C drive only (good to clear and sort files) and even disconnected from the internet as it appears this is a backdoor trojan whilst I did that.

My reformat is a last resort and something I will do as the pc I go was from Dell who gave me two drives and meshed them together (not what I was expecting or wanted and is locked from reformatting anyway, unless i remove that). If I reformat, it would be to clear this and other junk off my pc and partition it at the same time. (That was my idea and I said as a last resort).

waddie_2

Oh yeah, I am running a scan now - first a quick one and then a full one.

waddie_2

Ok, I have run the full scan now (nearly four hours) and it found four threats in total, two that I was surprised at as they are from a big company.

I rebooted, but this Trojan still pops up.

Any ideas?

This is the info for the Trojan...


Threat Name: Trojan Horse Small.AOQ

Location - C:\WINDOWS\system32\Drivers\mchlnjDrv.sys

aliEnRIK

Its a toughie
Try booting up in SAFE mode and run the AVG scan (Just in that folder for speed)

Try SPYBOT ~
http://www.safer-networking.org/en/download/index.html
UPDATE, IMMUNISE and SCAN

and try adaware ~
http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html
UPDATE and SCAN

What firewall do you use?

waddie_2

I'll have a look at all these now and in the meantime I have a router firewall, ISP firewall and use Zonealarm basic for a peronal firewall, but this was in a file and opened on the pc and then this trojan popped up.

I'll go look at all these links and get back to you.

waddie_2

And I removed Spybot a long time ago as it kept removing applications that were not spyware and Adaware I have but it doesn't find anything.

aliEnRIK

waddie wrote: »

but this was in a file and opened on the pc and then this trojan popped up.

I'll go look at all these links and get back to you.

Can you explain the 'file' you opened?

Just be aware that loaners link is for a free RESIDENT scanner (Meaning you need to power AVG off if you install it) ~ NEVER run 2 resident anti virus scanners at the same time