Should I worry about this hidden driver on my system?

It doesn’t appear to be doing anything.

Okay, here’s the sitch. Being a good boy, I have multiple anti-malware programs running on my personal laptop. These include the for-pay version of AVG Anti-virus and the free version of Trend Micro Rootkit Buster, as well as a couple of different anti-spyware programs. I update and scan all of them at least once a day, as well as avoiding downloading bit-torrents and other such risky files. I tend to run AVG’s anti-rootkit feature manually, as the program advises me to minimize computer use while it’s running.

Looking over the AVG log, I notice a pattern. When run by itself, the AVG rootkit killer has not found any problems it did not resolve in several months. But if I run Trend Micro rootkit buster immediately before running the AVG rootkit killer, it often finds a hidden drive it describes thus:

“Object name”;“C:\Windows\system32\DRIVERS mcomm.sys”
“Detection name”;“Hidden driver”
“Object type”;“file”
“SDK Type”;“Rootkit”
“Result”;“Object is hidden”
“Action history”;""

When I see this I always follow the directions, including the immediate reboot,. If I run both AVG and Trend Micro immediately after the reboot the system seems to be clean. Nonetheless, AVG often, but not always, reports the presence of the above-referenced rootkit when I run the RootkitBuster & AVG in sequence as I have just described.

My system seems to be running fine. I’m not experiencing any hijacks in any of my three browsers (I use Firefox most of the time, Explorer for a few, and Chrome for a few others). Other than the anti-malware stuff, programs I use most often are, in no particular order, Excel, Powerpoint, Word, Realplayer, MS Media Player, and the Shorter OED, and the browsers; none of them is acting in any way peculiar. In general, every program on the system runs quickly and smoothly.

Should I care about this hidden driver?

ETA: I also run Windows Update daily and am certain everything is current there. My operating system is Vista Home Premium, and the personal laptop is a Toshiba Satellite L305.

I should also add that there is one so-called important Windows Update I deliberately skip: Office Genuine Advantage Notification. Though my copy of MS Office is legitimate, I don’t like the idea of that particular program.

Putting tmcomm.sys into Google yields this as the second link:

“Trend Micro internet security system driver file.”

So it’s interesting that Trend Micro is reporting it’s own file as a rootkit. You might want to contact them…

No, it’s AVG that’s reporting the Trend Micro file as naughty.

Ah! I put C:\Windows\system32\DRIVERS mcomm.sys as my search parameter instead of the last part. :smack:

That makes sense. Since the Trend Micro rootkitbuster isn’t resident, AVG only picks it up when I’ve just run the former–and, of course, Trend Micro doesn’t think anything about it is worrisome at all.