[psicutrinius]

Hi

Somebody at Windows Secrets forum pointed me to Geeks to Go for advice on the topic I had posted there. The fact is, as of now I cannot find much about this matter in the net (plus I am quite nerdy about this as well).

Thanks for any advice / enlightenment as to what the case might entail (and how to get rid of the message, in case it is a false positive (fingers crossed...)



I am using XPSP3 fully updated and AVG Internet Security 2011 also fully updated.

Running the antirootkit utility I get a warning:

Object name: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Detection name: Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C
Object type: file
SDK Type: Rootkit
Result: Object is hidden

When I instruct the utility to remove it, it requires rebooting. This done, however, here it appears again.

Have got in touch with the Support services but no news yet -about a week later.

GMER also detects it but it does not remove it either. Other antirootkits do not even find it.


Googling for either "NtUnloadKey hook -> uphcleanhlp.sys+0x75C" gives no practical results (there is ONE analogous post with no answer so far)


Any ideas? Also: Any comments as to what this bug does / can do / how nasty it is?

Any suggestions about a specialized forum / webpage to submit it will also be welcome.


psicutrinius

[Advertisements]

It's part of a Microsoft fix called User Profile Hive Cleanup Service.

http://www.microsoft...&displaylang=en

I'd say it's a false positive but you can always submit a questionable file to http://virustotal.com or http://jotti.com and find out what some 40 anti-virus companies think about it.

Ron

[RKinner]

It's part of a Microsoft fix called User Profile Hive Cleanup Service.

http://www.microsoft...&displaylang=en

I'd say it's a false positive but you can always submit a questionable file to http://virustotal.com or http://jotti.com and find out what some 40 anti-virus companies think about it.

Ron