Posted on 2013-12-28
Last Modified: 2014-01-08
I'm not sure if it is a problem, avg suggests it might be but might not.
Jow can I tell?

WindowsXP (ok I know, but I can't afford a new one)
First mention is IRP hook...sys...drivers...pciidex.sys

Avg says it can't remove it, but looking on tbe avg site it also says it mihht be repotted in error.
How can I tell?
How can I remove it if it needs removing?
What does it do that I should look out for?
  • 3
  • 2
  • 2
  • +1
LVL 17
ID: 39743807
That line should say 'might be reported in error'
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 250 total points
ID: 39743842
Likely false positive - see this link

You might want to create an offline scanner to check.  Burn the downloaded .iso to a CD and then change the boot order on your PC so the CD drive boots first.  Then just follow the on-screen instructions.
LVL 38

Accepted Solution

BillDL earned 250 total points
ID: 39744552
Robin, what a lot of people aren't aware of, or forget, is that often it's the process as it exists while loaded into memory that is infected rather than the actual file(s) on your hard drive.  In these instances you can subject the actual file to a scan by multiple AV applications (eg. via VirusTotal online scanner) and it will come back clean for all, but your installed application will keep on detecting the named file - in memory.

It's important to read the detection log to see whether it is referring to an infection in the memory area or in the file it names.

If this is an infection, then something is injecting it into this low-level driver process each time the system boots.  Often it is a rootkit in the MBR (Master Boot Record), but it can easily also be something as simple as an entry in one of your "Run" registry keys.

Start with the obvious.



Ensure all of the entries in these keys are legitimate ones that can be identified.  Of course, the MSCONFIG "startup" tab can be used to temporarily disable a startup.

Nothing suspicious in there?

RKill (terminates known malware processes):
(use download links further down the page)

Rogue Killer (same as RKill but more):

TDSSKiller by Kaspersky:

Avast MBR Scanner:
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 17
ID: 39752233
Just had a reminder about this. Sorry I haven't been back.
I am slowly working through the suggested solutions in the links supplied so far, but at the moment everything is saying it's clean except avg.
I'll take another look at the weekend, but won't be able to until then.
LVL 20

Expert Comment

ID: 39761353
I would suggest to clean uninstall and reinstall AVG.
That means you should use a monitoring software for install/uninstall process.
You need something like Total Uninstall or similar.
Just consider that might be AVG itself a  problem, if all the other anti viruses do not find the problem reported by AVG.

Additional to the anti-virus I always use antispyware and antiadware programs.
First I clean the temporary files with CClean.
Then I scan with some programs as: Spybot - Search & Destroy, SyHunter, Malwarebytes.
As antivirus I use the free Avast edition.
During years I found, at least in the past, that Avast consumes less resources than AVG. I do not know how is it now, because many years I used AVG, then I switched to Avast and I remained with it.
For special situations I use Kaspersky Rescue Disk or other similar form different companies as Avira, AVG..., but Kaspersky is good.
LVL 17
ID: 39765346
it ate my comment, briefly I'm closing this so it doesn't become a collection of helpful hints that I haven't tried yet.
I don't think removing the tool that reports the problem and replacing it with one that gives a clean report is a very ideal solution. I would like to remove the problem, not the tool that can see it.
LVL 20

Expert Comment

ID: 39765502
but you could try to reinstall your AVG with clean install/uninstall using monitoring software
LVL 38

Expert Comment

ID: 39765766
Thank you Robin.

It's most likely to be an AVG-centric "heuristics" detection, but you can never be too sure if it's a "red herring" or not, just like the Engine Warning light in my car.  I suspect it's the Lambda (O2) sensor at my cat, but could equally just be a leftover from when the exhaust blew ages ago and simply needs to be reset.  I cut the wires to the dashboard lights to make it go away, but now I can't see how fast I'm going, and when I blinded traffic cops while driving on full beam at 95mph on the M74 with my hazard lights blinking, I was pulled over and done ;-)

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Whether you believe the “gig economy,” as it has been dubbed, is the next big economic paradigm shift ( or an overstated trend (…
With the shift in today’s hiring climate (, many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
Articles on a wide range of technology and professional topics are available on Experts Exchange. These resources are written by members, for members, and can be written about any topic you feel passionate about. Learn how to best write an article t…
Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question