Here we can finf info on the windows event id → http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4904
I get this alert when doing a SAS scan: Event ID:5038
\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys
Seems this is because driver is not digitally signed…and might be an older version that has not been removed…
What we have here is a poor man’s IDS solution, bur it is rather instructive when we wanr ro learn what is going on on the OS…
consider this posting also: http://forum.avast.com/index.php?topic=96160.0
polonus