Jump to content

UPH cleanup - part of Anti-malware Kit

Caveman

By Caveman
in Malware Prevention & Security

 Share

Recommended Posts

Caveman Apprentice

Caveman

Posted
Posted

Up for discussion: What do you guys think, is this a potential problem in UPH Cleanup.

This is the result of a scan using " Sanity Check" , the results of the scan are posted here:The application says UPH is intercepting system services. I know its purpose but is theier arisk using the program causing a even bigger issue.

System routines are being intercepted

One or more system services are being intercepted on your system. This could be initiated by a rootkit or malware but there is also the possibility a security product is responsible for this. With the indications given you should find out if this is the work of a product that you have installed deliberately or not. Note that these SSDT hooks are very notorious because they rely on undocumented techniques and are incredibly difficult to implement right for a programmer. Even if they are installed by a legitimate product, these hooks very often are the cause of sudden unexpected reboots, blue screens, hangups and other misery. If you have more than one product installed which makes use of these techniques then your system is almost sure to be messed up.

The module uphcleanhlp.sys is hooking the kernel to intercept base system services.

Information about the responsible module uphcleanhlp.sys:

file path: c:\windows\system32\drivers\uphcleanhlp.sys

Link to comment
Share on other sites
  • Administrator
Tarun Grand Master

Tarun

Posted
  • Administrator
Posted

While I'm not fully aware of the exact methods UPHClean uses, I do know it is a completely safe program. After all, it's a part of Windows Vista by default.

Is "Sanity Check" the name of the program reporting this?

Link to comment
Share on other sites
Caveman Apprentice

Caveman

Posted
  • Author
Posted

While I'm not fully aware of the exact methods UPHClean uses, I do know it is a completely safe program. After all, it's a part of Windows Vista by default.

Is "Sanity Check" the name of the program reporting this?

Yes, that's the name "Sanity Check" I use it to check for hidden rootkits, but I should clarify, the program states that as a general rule programmers should not use that mehtod of hooking unless they are very very good, so as you say it's part of vista so probably no issue there. It was merely pointing out the methods which it used should only and can only be done by extremely good programmers, otherwise it is probably some sort of Rootkit activity of a general nature which could cause more problems as it could very easily make windows unstable.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...