Is MadInjection.rtk Unremoveable?

B

berikken

New member
I can read member "rokut" had the same question as me about this annoying "mchInjDrv.sys" file that keep on beeing written after reboot and I can see that he didn't get any respons either.

My question to the expertise panel:
Is MadInjection.rtk unremoveable???

So far on the internet I've found two ways that's suppose to work, but the problem is that none of them actually work???
What is this file and what does it do.....anyone....please ;-)
If it's harmeless I'll sleep better at night :-)

I quote from the file "mchInjDrv.sys" from what I can read:

-This program cannot be run in DOS mode
-B a s e N a m e d O b j e c t s \ m c h I n j D r v M a p
-Close YZwUnmapViewOfSection memcpy @ ExAllocatePoolWithTag ZwMapViewOfSection ZwOpenSection RtlInitUnicodeString %ObfDereferenceObject ïZwAllocateVirtualMemory ObOpenObjectByPointer rPsLookupProcessByProcessId ÛIofCompleteRequest PsSetCreateProcessNotifyRoutine ntoskrnl.exe

Is there anybody who can tell me what this file is doing from this???
 
Hello berikken,

berikken said:
I can read member "rokut" had the same question as me about this annoying "mchInjDrv.sys" file that keep on beeing written after reboot and I can see that he didn't get any respons either.
Click to expand...
rokut started a topic in the malware removal forum yesterday. http://forums.spybot.info/showthread.php?t=45811

Your topic started today: http://forums.spybot.info/showthread.php?t=45857

Volunteer analysts assist users as soon as they are able, otherwise there is this sticky.

Manual Removal Guide for MadInjection.rtk

Best regards. :)
 
Oki :-)
I've allready tried that manual removal guide and it didn't work for me, tried running in safe mode too and same result :-(

I'll try to be more patient in the future ;-) But there isn't so many places there's information about this little bugger :-) Hope some of you guru's can fix it.
Hated to see the @ and % in the "mchInjDrv.sys" file ;-)
 
I believe I finally got rid of it :-)

Guess I was lucky...The file doesn't appear in system32/driver anymore ;-)

I found this quote: it's used by programs which use MadCodeHook for code injection

And all I did was to make a registry search for anything called: MadCodeHook

I found 3 directories named "mchInjDrv" and since they only refered to MadCodeHook I just deleted them and made a reboot......voila...

:-)

I run win xp...
 
One last thing ;-)

Is there anybody here can tell me what programs use this? I understand that it only is in memory and it's been used for checking dll's but what programs?

That would probably make it much easier for others to find it in the registry?

I might have been just lucky and we'll se if it reappears later ;-)
 
You must log in or register to reply here.
Back
Top