Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C


  • Please log in to reply
5 replies to this topic

#1 Hotfootks

Hotfootks

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 April 2011 - 03:33 PM

Hiya,

I am using AVG free edition 2011 for my antivirus. On 04/08/2011 there was a software update, and now I am getting a reading that says the detection name is Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C and it is found in C:\Windows\system32\Drivers\uphcleanhlp.sys. It says that the object is hidden, and cannot be healed or removed. I tried a Panda rootkit scan, and it did not show any infections or problems. I am using Windows XP service pack 3. Is this something I should be concerned about or not?

Edited by Budapest, 12 April 2011 - 04:26 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 Tim Hanks

Tim Hanks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 11 May 2011 - 05:38 PM

I am experiencing the same problem. (uphcleanhlp.sys +0x6D0)

#3 wideawake

wideawake

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 13 May 2011 - 02:20 PM

I too, have been notified by AVG: "";"C:\WINDOWS\system32\Drivers\uphcleanhlp.sys";"Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C";"Object is hidden"
I wonder if this is a genuine threat?

#4 wideawake

wideawake

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 13 May 2011 - 02:26 PM

Using Sophos Anti-Rootkit for full scan did not turn up uphcleanhlp.sys +0x75C which was discovered by AVG Internet Security Suite latest ver 10.0.1375

#5 Hotfootks

Hotfootks
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 13 May 2011 - 02:32 PM

Hiya,

I reposted my question and did get some help, and also moved to the Am I infected? What do I do?" forum and got some help. Here is the link for that interaction:

http://www.bleepingcomputer.com/forums/topic394395.html/page__p__2226043__fromsearch__1#entry2226043

This is not a malicious finding, as I was told that not all rootkit readings are malicious.

Hope this helps,
Karen

#6 wideawake

wideawake

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 13 May 2011 - 11:00 PM

Thanks Karen- It is as I hoped and suspected.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users