mchlnjDrv.sys - Trojan

aliEnRIK

waddie wrote: »

And I removed Spybot a long time ago as it kept removing applications that were not spyware and Adaware I have but it doesn't find anything.

erm.......im not sure what you mean but loads of us on here use it with NO problems. Unless you mean the 'teatimer' setting blocked programs? The 'teatimer' setting is switched off by default. I recommend trying it anyways

aliEnRIK

loaner wrote: »

my link was for a free antivirus boot cd, (the best way to remove any virus), not for the companies resident scanner

(but clearly avg can't cope with many infections, just about every infection posted on here has avg as a scanner. So I would consider switching to avast or antivir).

ahhh, my bad

I read a post that avast cant cope with THIS trojan either. Avira ive not seen yet.

waddie_2

Tried as much of that as i could, just won't go away. The rescue cd is in german, even if you click it onto English just remain german - so thats a no go. Virus came from a torrent file, think I am just best off doing my reformat. I am very familiar with these although not on this pc and have spoken to Dell about it all already after sorting out other issues with them over the course of a year.

waddie_2

I'll take any more thoughts/comments on this before I start any reformat - I have to read my notes I made on phoning Dell to remove their "can't reformat" block they have put on my pc.

waddie_2

OK I will try that - thanks

waddie_2

OK tried it and all - followed all the instructions and then rebooted and the trojan still pops up.

skiddy2k

Seeing as its a .sys file in the Drivers folder, the chances are its one of the following:
a) a rootkit
b) a false-positive

You already think its not a FP, so we'll go with assuming its a rootkit.
1) Try to run GMER to determine if its a rootkit or not. If it is a rootkit, GMER would normally say when you run it "rootkit detected" and remove it. It may require you to restart your PC.
2) You may also wish to attempt to run Kaspersky's AVPTool - its a standalone on-demand scanner which is compatible with other antiviruses, so you do not need to uninstall AVG to run it (although I recomend you uninstall it after running it). Make all settings high and scan your PC in Safe Mode using it. Post back the results. Reason I want you to do this is because many online scanners do not detect rootkits. Also, rootkits often hide other malicious files on your computer, so you may have something else lying around.
3) Should the above 2 steps not work, I suggest you ask at a malware-removal forum for assistance, it should be curable with relative ease with the right tools, there are a few other more powerful tools you can use, but its better if they're only mentioned in malware-removal forums.

I do not often come to this forum, but will try to keep an eye on this thread for the next few days.

jackthenipper

type the trojan name into yor searh facility, the delete all folder that its in. then rebbot & check. IIf its gone then create a restore point.

waddie_2

loaner wrote: »

did it find it (if it didn't, there is a similar free scanner available from trend, bitdfefender and kaspersky, one of them is bound to deal with it)?

Before you started the scan, did you select the option to fix the virus, (it only searches by default)

Yes I tried that, but it didn't fix it. I will try the other methods now.

waddie_2

I tried a to do a couple of restores today - they are listed but it won't let me. Makes me even more susupicious and some things are showing a little different as well, like certain pages disappearing or changing for the last couple of days, makes me suspicious even more.