I'm not sure if it is a problem, avg suggests it might be but might not.
Jow can I tell?

WindowsXP (ok I know, but I can't afford a new one)
First mention is IRP hook...sys...drivers...pciidex.sys

Avg says it can't remove it, but looking on tbe avg site it also says it mihht be repotted in error.
How can I tell?
How can I remove it if it needs removing?
What does it do that I should look out for?
LVL 17
Thibault St john Cholmondeley-ffeatherstonehaugh the 2ndAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

BillDLConnect With a Mentor Commented:
Robin, what a lot of people aren't aware of, or forget, is that often it's the process as it exists while loaded into memory that is infected rather than the actual file(s) on your hard drive.  In these instances you can subject the actual file to a scan by multiple AV applications (eg. via VirusTotal online scanner) and it will come back clean for all, but your installed application will keep on detecting the named file - in memory.

It's important to read the detection log to see whether it is referring to an infection in the memory area or in the file it names.

If this is an infection, then something is injecting it into this low-level driver process each time the system boots.  Often it is a rootkit in the MBR (Master Boot Record), but it can easily also be something as simple as an entry in one of your "Run" registry keys.

Start with the obvious.



Ensure all of the entries in these keys are legitimate ones that can be identified.  Of course, the MSCONFIG "startup" tab can be used to temporarily disable a startup.

Nothing suspicious in there?

RKill (terminates known malware processes):
(use download links further down the page)

Rogue Killer (same as RKill but more):

TDSSKiller by Kaspersky:

Avast MBR Scanner:
Thibault St john Cholmondeley-ffeatherstonehaugh the 2ndAuthor Commented:
That line should say 'might be reported in error'
☠ MASQ ☠Connect With a Mentor Commented:
Likely false positive - see this link

You might want to create an offline scanner to check.  Burn the downloaded .iso to a CD and then change the boot order on your PC so the CD drive boots first.  Then just follow the on-screen instructions.
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Thibault St john Cholmondeley-ffeatherstonehaugh the 2ndAuthor Commented:
Just had a reminder about this. Sorry I haven't been back.
I am slowly working through the suggested solutions in the links supplied so far, but at the moment everything is saying it's clean except avg.
I'll take another look at the weekend, but won't be able to until then.
I would suggest to clean uninstall and reinstall AVG.
That means you should use a monitoring software for install/uninstall process.
You need something like Total Uninstall or similar.
Just consider that might be AVG itself a  problem, if all the other anti viruses do not find the problem reported by AVG.

Additional to the anti-virus I always use antispyware and antiadware programs.
First I clean the temporary files with CClean.
Then I scan with some programs as: Spybot - Search & Destroy, SyHunter, Malwarebytes.
As antivirus I use the free Avast edition.
During years I found, at least in the past, that Avast consumes less resources than AVG. I do not know how is it now, because many years I used AVG, then I switched to Avast and I remained with it.
For special situations I use Kaspersky Rescue Disk or other similar form different companies as Avira, AVG..., but Kaspersky is good.
Thibault St john Cholmondeley-ffeatherstonehaugh the 2ndAuthor Commented:
it ate my comment, briefly I'm closing this so it doesn't become a collection of helpful hints that I haven't tried yet.
I don't think removing the tool that reports the problem and replacing it with one that gives a clean report is a very ideal solution. I would like to remove the problem, not the tool that can see it.
but you could try to reinstall your AVG with clean install/uninstall using monitoring software
Thank you Robin.

It's most likely to be an AVG-centric "heuristics" detection, but you can never be too sure if it's a "red herring" or not, just like the Engine Warning light in my car.  I suspect it's the Lambda (O2) sensor at my cat, but could equally just be a leftover from when the exhaust blew ages ago and simply needs to be reset.  I cut the wires to the dashboard lights to make it go away, but now I can't see how fast I'm going, and when I blinded traffic cops while driving on full beam at 95mph on the M74 with my hazard lights blinking, I was pulled over and done ;-)
All Courses

From novice to tech pro — start learning today.