Home Support

<  Back to Homepage

AVG Support Community

Share tips and solutions on AVG Products

Have a question?

Community topics

Browse by categories

AVG Gurus

These community experts are here to help

  • (AB) Alan Binch
  • (BA) Borislav Angelov
  • (VB) Vladimir Bartl
  • (SK) Subhadeep Kanungo
  • (MS) Miloslav Serba
ShowAll Questionssorted byRecent Activity
Graham McIntyreGraham McIntyre 

IRP hook detection false positive?

Reported by AVG AntiVirus scan (v 2015.0.5577, database version 4235/8710, link scanner version 2529) as a threat following windows update today (10-12-2014)

I have sent the file for analysis, but it tells me that I won't receive a reply with results, I therefore won't know if the file is safe or not. I have a scan report, my system info, a GMER scan report and also my update history. But I can't see anywhere to provide these in this forum (I have sent these with the file to be analysed)

GMER didn't raise any issues

Please advise.

##Scan report###

"Whole Computer Scan"
"Medium severity";"9";"0";"9"
"Scanned folders:";"Scan Whole Computer"
"Started:";"10/12/2014, 12:19:50"
"Finished:";"10/12/2014, 12:21:30"
"Scanned items:";"12720"
"Launched by:";"User"

"Name";"Description";"Status";"Status";"Priority"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_SYSTEM_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CLOSE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_READ -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_PNP -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_DEVICE_CONTROL -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_CREATE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_POWER -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"
"C:\Windows\system32\DRIVERS\HIDCLASS.SYS";"IRP hook, C:\Windows\system32\DRIVERS\hidusb.sys IRP_MJ_WRITE -> HIDCLASS.SYS +0x2710";"Infected";"Infected";"Medium"

 

 

Alan BinchAlan Binch
Graham McIntyre quote "But I can't see anywhere to provide these in this forum"....
If you upload to the AVG FTP server (http://kb.avg.com/articles/en_US/How_to/How-to-upload-a-file-to-our-FTP-server/) and provide AVG with the name of file here that should sufficient.
AVG Guru
Graham McIntyreGraham McIntyre
Thanks Alan. FTP seems to be down at the moment will have to try later
Rob RhindRob Rhind
Hi

Sorry to raise an old thread.
I have the same issue with each and the same nine driver references.
Was there an answer please?

Thanks 
Edy Van TolEdy Van Tol
Hi I also have a issue with hidclass.sys
Ask a question
Struggling with non-AVG technology? We can fix that, too!