Posted 30 April 2011 - 01:52 PM
I am using XPSP3 fully updated and AVG Internet Security 2011 also fully updated.
Running the antirootkit utility I get a warning:
Object name: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Detection name: Service function NtUnloadKey hook -> uphcleanhlp.sys +0x75C
Object type: file
SDK Type: Rootkit
Result: Object is hidden
When I instruct the utility to remove it, it requires rebooting. This done, however, here it appears again (also if I try in safe mode).
Have got in touch with the Support services but no news yet -about a week later.
GMER also detects it but it does not remove it either. Other antirootkits do not even find it.
Any ideas? Also: Any comments as to what this bug does / can do / how nasty it is... or (keeping fingers crossed: Is it a false positive?
Any suggestions about a specialized forum / webpage to submit it will also be welcome.
Thanks in advance.