Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: rambie on November 11, 2015, 07:51:23 pm

Title: Hooks
Post by: rambie on November 11, 2015, 07:51:23 pm
Not really a problem with RK, but a query.

[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!PeekMessageW : Unknown @ 0x7ffb5c5d0c98 (jmp 0xfffffffffd56e308)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!GetMessageW : Unknown @ 0x7ffb5c5d0d14 (jmp 0xfffffffffd56e6a4)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtMapViewOfSection : Unknown @ 0x7ffb5c5d0e96 (jmp 0xfffffffffc7efa46)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtUnmapViewOfSection : Unknown @ 0x7ffb5c5d0e56 (jmp 0xfffffffffc7ef9e6)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : Unknown @ 0x7ffb5c5d0ed6 (jmp 0xfffffffffc7ef806)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ffb5c5d0e15 (jmp 0xfffffffffc8179c5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtFreeVirtualMemory : Unknown @ 0x7ffb5c5d0f16 (jmp 0xfffffffffc7efb66)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAllocateVirtualMemory : Unknown @ 0x7ffb5c5d0f56 (jmp 0xfffffffffc7efc06)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!GetMessageA : Unknown @ 0x7ffb5c5d0d58 (jmp 0xfffffffffd56abc8)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!PeekMessageA : Unknown @ 0x7ffb5c5d0cd8 (jmp 0xfffffffffd563198)

These hooks have appeared in a report, I believe it was after installing a driver updater (slim) as I was not aware at the time that this was a no  no.
MBAM, ZA, Hitman Pro and SUPERAntispyware have not revealed any malware.
Does anyone recognize these entries or offer advice on whether to leave as is or do a win 8 refresh or reinstall?

rambie
Title: Re: Hooks
Post by: Curson on November 11, 2015, 07:54:25 pm
Hi rambie,

Could you please copy/paste RogueKiller full report in your next reply ?

Regards.
Title: Re: Hooks
Post by: rambie on November 11, 2015, 11:00:28 pm
Here 'tis......
Title: Re: Hooks
Post by: Curson on November 12, 2015, 12:19:03 am
Hi rambie,

Those entries are legit.

Regards.
Title: Re: Hooks
Post by: rambie on November 12, 2015, 09:59:07 pm
Thank you very much for your time, will try to avoid these mistakes (for awhile)

rambie
Title: Re: Hooks
Post by: Curson on November 12, 2015, 10:37:25 pm
Hi rambie,

You are very welcome.

Regards.