Somebody at Windows Secrets forum pointed me to Geeks to Go for advice on the topic I had posted there. The fact is, as of now I cannot find much about this matter in the net (plus I am quite nerdy about this as well).
Thanks for any advice / enlightenment as to what the case might entail (and how to get rid of the message, in case it is a false positive (fingers crossed...)
I am using XPSP3 fully updated and AVG Internet Security 2011 also fully updated.
Running the antirootkit utility I get a warning:
Object name: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Detection name: Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C
Object type: file
SDK Type: Rootkit
Result: Object is hidden
When I instruct the utility to remove it, it requires rebooting. This done, however, here it appears again.
Have got in touch with the Support services but no news yet -about a week later.
GMER also detects it but it does not remove it either. Other antirootkits do not even find it.
Googling for either "NtUnloadKey hook -> uphcleanhlp.sys+0x75C" gives no practical results (there is ONE analogous post with no answer so far)
Any ideas? Also: Any comments as to what this bug does / can do / how nasty it is?
Any suggestions about a specialized forum / webpage to submit it will also be welcome.
psicutrinius