Posted January 8, 200916 yr Up for discussion: What do you guys think, is this a potential problem in UPH Cleanup. This is the result of a scan using " Sanity Check" , the results of the scan are posted here:The application says UPH is intercepting system services. I know its purpose but is theier arisk using the program causing a even bigger issue. System routines are being intercepted One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up. The module uphcleanhlp.sys is hooking the kernel to intercept base system services. Information about the responsible module uphcleanhlp.sys: file path: c:\windows\system32\drivers\uphcleanhlp.sys
January 8, 200916 yr Administrator While I'm not fully aware of the exact methods UPHClean uses, I do know it is a completely safe program. After all, it's a part of Windows Vista by default. Is "Sanity Check" the name of the program reporting this?
January 11, 200916 yr Author While I'm not fully aware of the exact methods UPHClean uses, I do know it is a completely safe program. After all, it's a part of Windows Vista by default. Is "Sanity Check" the name of the program reporting this? Yes, that's the name "Sanity Check" I use it to check for hidden rootkits, but I should clarify, the program states that as a general rule programmers should not use that mehtod of hooking unless they are very very good, so as you say it's part of vista so probably no issue there. It was merely pointing out the methods which it used should only and can only be done by extremely good programmers, otherwise it is probably some sort of Rootkit activity of a general nature which could cause more problems as it could very easily make windows unstable.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.