Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: Lobas on June 27, 2017, 03:04:13 pm

Title: [IAT:Inl (Hook.IEAT)] Detection
Post by: Lobas on June 27, 2017, 03:04:13 pm

in my office, where I work as Software-, Hardware- and Network representative, at one workstation, RogueKiller PREMIUM detected 8 Rootkits from the type named in the title.

So, now I'm not sure what to do, how dangerous they are, and how to remove them, etc...

GMER proved the detection, but didn't marked them as dangerous.

Kaspersky TDSS Killer and Malwarebytes Anti-Rootkit BETA detected nothing, Dr. Web CureIt! and Comodo Cleaning Essentials nothing, too.

A lot of other Rootkit-Tools I read from in the Internet, didn't work properly, detected nothing and one even carried Malware with it.

I attach the Logs of RogueKiller and GMER.

I hope somebody is able to help me with that problem.

Thanks to you


Title: Re: [IAT:Inl (Hook.IEAT)] Detection
Post by: Curson on June 27, 2017, 03:08:33 pm
Hi Lobas,

Thanks for supporting our product and welcome to forum.
These are likely legit hooks. Could you please attach RogueKiller JSON report with your next reply ?

Title: Re: [IAT:Inl (Hook.IEAT)] Detection
Post by: Lobas on June 27, 2017, 06:22:33 pm
Hi Curson,

it did took some time time to get the JSON versions, too.

But how can they be legit hooks, if I haven't turned on "Show legit Hooks"?

Also the problem expanded, I discovered today. On a second workstation definitely, from the others I have until now no correct results, especially because the Premium License doesn't work on the central PC. Don't know why.

I attach you the other Logs I have already, JSON included.

Regards, Lobas

and thanks to you so far
Title: Re: [IAT:Inl (Hook.IEAT)] Detection
Post by: Curson on June 27, 2017, 07:18:38 pm
Hi Lobas,

There is a difference between a kwown legit hooks and unknown hooks.

Unkwown hook :
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) kernel32!FreeLibrary : Unknown @ 0x7ffe945102f8 (jmp 0xffffffffbfff3458)

Known legit hook :
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) kernel32!GetLastError : C:\WINDOWS\system32\KERNELBASE.dll @ 0x753078c0 (jmp dword [0x76f3431c])

The "Show legit display" option display all hooks and the "Expert Mode" option only display unknown hooks.

Are you not able to activate RogueKiller Premium ?
Could you please give me the error message you get when activating it ?

Title: Re: [IAT:Inl (Hook.IEAT)] Detection
Post by: Lobas on June 27, 2017, 08:18:55 pm

thanks for the information. Like I understood you, I don't have to worry about this.

But the (eventually) infected computers decrease, since this problem appeared, in many of their skills.

They are getting much more slowly, Shutdown & Restart does take much more time, many programs, especially the ones needed absolutely for the functioning of the company, getting slowly and often crash totally or disappear completely and on one workstation the audio functionality has decreased to virtually nothing. Also the internet connection got very unstable. And the system control functions are doing how they want. And so on. All these problems occured just in time with the Hook detections. Everything very strange, in my opinion.

Because RK Premium: The Premium license works on 3 of 7 workstations (Just 5 oft them at the moment active). Haven't an explanation for that. Also I payed for it over PayPal, but until now I got no confirmation for the payment and still no money was debited.
I hope this problem can be solved soon, because RK Premium is needed on ALL workstaions in my company.

Thank and Regards, Thomas

P:S.: Will attach more GMER Logs as soon as they're available.
Title: Re: [IAT:Inl (Hook.IEAT)] Detection
Post by: Curson on June 27, 2017, 08:29:16 pm
Hi Thomas,

Yes, you understood correctly, you don't have to worry about them.
If you experience license issues, please open a new support ticket using the Contact Form (