IRP hook detection false positive?

Alan_Binch · December 10, 2014, 7:11pm

Graham McIntyre quote "But I can't see anywhere to provide these in this forum"…
If you upload to the AVG FTP server (http://kb.avg.com/articles/en_US/How_to/How-to-upload-a-file-to-our-FTP-server/) and provide AVG with the name of file here that should sufficient.
AVG Guru

Rob_Rhind · November 10, 2016, 8:04pm

Hi

Sorry to raise an old thread.
I have the same issue with each and the same nine driver references.
Was there an answer please?

Thanks

Edy_Van_Tol · December 7, 2016, 3:13am

Hi I also have a issue with hidclass.sys

Graham_McIntyre · December 10, 2014, 10:05pm

Thanks Alan. FTP seems to be down at the moment will have to try later

Graham_McIntyre · December 10, 2014, 10:05pm

Thanks Alan. FTP seems to be down at the moment will have to try later

Graham_McIntyre · August 7, 2015, 7:00am

Reported by AVG AntiVirus scan (v 2015.0.5577, database version 4235/8710, link scanner version 2529) as a threat following windows update today (10-12-2014)

I have sent the file for analysis, but it tells me that I won't receive a reply with results, I therefore won't know if the file is safe or not. I have a scan report, my system info, a GMER scan report and also my update history. But I can't see anywhere to provide these in this forum (I have sent these with the file to be analysed)

GMER didn't raise any issues

Please advise.

##Scan report###

"Whole Computer Scan"
"Medium severity";"9";"0";"9"
"Scanned folders:";"Scan Whole Computer"
"Started:";"10/12/2014, 12:19:50"
"Finished:";"10/12/2014, 12:21:30"
"Scanned items:";"12720"
"Launched by:";"User"

"Name";"Description";"Status";"Status";"Priority"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CLOSE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_READ -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_PNP -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CREATE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_POWER -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_WRITE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"

Rob_Rhind · November 10, 2016, 8:04pm

Hi

Sorry to raise an old thread.
I have the same issue with each and the same nine driver references.
Was there an answer please?

Thanks

Alan_Binch · December 10, 2014, 7:11pm

Graham McIntyre quote "But I can't see anywhere to provide these in this forum"…
If you upload to the AVG FTP server (http://kb.avg.com/articles/en_US/How_to/How-to-upload-a-file-to-our-FTP-server/) and provide AVG with the name of file here that should sufficient.
AVG Guru

Edy_Van_Tol · December 7, 2016, 3:13am

Hi I also have a issue with hidclass.sys

IRP hook detection false positive?

Announcements