Posted on 2013-12-28
Last Modified: 2014-01-08
I'm not sure if it is a problem, avg suggests it might be but might not.
Jow can I tell?

WindowsXP (ok I know, but I can't afford a new one)
First mention is IRP hook...sys...drivers...pciidex.sys

Avg says it can't remove it, but looking on tbe avg site it also says it mihht be repotted in error.
How can I tell?
How can I remove it if it needs removing?
What does it do that I should look out for?
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 17
ID: 39743807
That line should say 'might be reported in error'
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 250 total points
ID: 39743842
Likely false positive - see this link

You might want to create an offline scanner to check.  Burn the downloaded .iso to a CD and then change the boot order on your PC so the CD drive boots first.  Then just follow the on-screen instructions.
LVL 38

Accepted Solution

BillDL earned 250 total points
ID: 39744552
Robin, what a lot of people aren't aware of, or forget, is that often it's the process as it exists while loaded into memory that is infected rather than the actual file(s) on your hard drive.  In these instances you can subject the actual file to a scan by multiple AV applications (eg. via VirusTotal online scanner) and it will come back clean for all, but your installed application will keep on detecting the named file - in memory.

It's important to read the detection log to see whether it is referring to an infection in the memory area or in the file it names.

If this is an infection, then something is injecting it into this low-level driver process each time the system boots.  Often it is a rootkit in the MBR (Master Boot Record), but it can easily also be something as simple as an entry in one of your "Run" registry keys.

Start with the obvious.



Ensure all of the entries in these keys are legitimate ones that can be identified.  Of course, the MSCONFIG "startup" tab can be used to temporarily disable a startup.

Nothing suspicious in there?

RKill (terminates known malware processes):
(use download links further down the page)

Rogue Killer (same as RKill but more):

TDSSKiller by Kaspersky:

Avast MBR Scanner:
Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

LVL 17
ID: 39752233
Just had a reminder about this. Sorry I haven't been back.
I am slowly working through the suggested solutions in the links supplied so far, but at the moment everything is saying it's clean except avg.
I'll take another look at the weekend, but won't be able to until then.
LVL 21

Expert Comment

ID: 39761353
I would suggest to clean uninstall and reinstall AVG.
That means you should use a monitoring software for install/uninstall process.
You need something like Total Uninstall or similar.
Just consider that might be AVG itself a  problem, if all the other anti viruses do not find the problem reported by AVG.

Additional to the anti-virus I always use antispyware and antiadware programs.
First I clean the temporary files with CClean.
Then I scan with some programs as: Spybot - Search & Destroy, SyHunter, Malwarebytes.
As antivirus I use the free Avast edition.
During years I found, at least in the past, that Avast consumes less resources than AVG. I do not know how is it now, because many years I used AVG, then I switched to Avast and I remained with it.
For special situations I use Kaspersky Rescue Disk or other similar form different companies as Avira, AVG..., but Kaspersky is good.
LVL 17
ID: 39765346
it ate my comment, briefly I'm closing this so it doesn't become a collection of helpful hints that I haven't tried yet.
I don't think removing the tool that reports the problem and replacing it with one that gives a clean report is a very ideal solution. I would like to remove the problem, not the tool that can see it.
LVL 21

Expert Comment

ID: 39765502
but you could try to reinstall your AVG with clean install/uninstall using monitoring software
LVL 38

Expert Comment

ID: 39765766
Thank you Robin.

It's most likely to be an AVG-centric "heuristics" detection, but you can never be too sure if it's a "red herring" or not, just like the Engine Warning light in my car.  I suspect it's the Lambda (O2) sensor at my cat, but could equally just be a leftover from when the exhaust blew ages ago and simply needs to be reset.  I cut the wires to the dashboard lights to make it go away, but now I can't see how fast I'm going, and when I blinded traffic cops while driving on full beam at 95mph on the M74 with my hazard lights blinking, I was pulled over and done ;-)

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Stuck in voice control mode on your Amazon Firestick?  Here is how to turn it off!!!
With the shift in today’s hiring climate (, many companies are choosing to hire freelancers to get projects completed efficiently and inexpensively…
Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
Where to go on the main page to find the job listings. How to apply to a job that you are interested in from the list that is featured on our Careers page.

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question