Author Topic: Advice on 3 IEAT hooks please  (Read 5140 times)

0 Members and 1 Guest are viewing this topic.

February 03, 2016, 02:07:51 AM

Spamlet

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Advice on 3 IEAT hooks please
« on: February 03, 2016, 02:07:51 AM »
Hi,

I'm new to this topic so forgive me if I'm asking a silly question.

When I scan with RKill it generally comes up with nothing but the same three hooks, which it says are malicious, but just leaves them for me to decide.  I have no idea how to find or delete them, or to check whether they are needed by something RKill doesn't know about, so I thought I had better show them here:

Hook.IEAT      IAT      Inl      explorer.exe @ kernel32.dll : ntdll!NtTerminateProcess    Unknown @ 0x779e03d0    
Hook.IEAT      IAT      Inl      explorer.exe @ KERNELBASE.dll : ntdll!NtTerminateThread    Unknown @ 0x779e03e0    
Hook.IEAT      IAT      Inl      explorer.exe @ rpcrt4.dll : ntdll!NtAlpcSendWaitReceivePort    Unknown @ 0x779e0470

I try to run fairly securely, with regular MWB scans, Avast, and Spybot's 'TeaTimer' on 'paranoid mode' to pick up things as fast as poss.  Rarely seem to get trouble, but, I do notice that Firefox sometimes seems to use up a lot of the processor and slow down; then, when I look in Process Explorer, there do seem to be an awful lot of threads that look like this sort of 'Terminate process, and wait', as if it was a loop that Firefox gets stuck into.  I do haave a lot of add ons in FF, but I've looked for this before, and, having them all disabled doesn't stop it, so I just put up with it and restart each time FF seems to get stuck. 

These hooks say they are in Explorer, so, probably not causing the FF, unless the two are dependent.
I do Use Classic Explorer, and Classic Start Menu, but, I used to see hooks related to this, and it said so in the scan, whereas this scan doesn't tell me much.

I'd appreciate it if anyone can tell me what they are, and how to remove them if they are causing the loops I mentioned.

Many thank.

Reply #1February 03, 2016, 04:50:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Advice on 3 IEAT hooks please
« Reply #1 on: February 03, 2016, 04:50:00 PM »
Hi Spamlet,

Welcome to Adlice.com Forum.
Theses IAT hooks are known false positives. We will fix this as soon as possible.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

Reply #2February 04, 2016, 02:50:13 AM

Spamlet

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: Advice on 3 IEAT hooks please
« Reply #2 on: February 04, 2016, 02:50:13 AM »
Thanks very much Curson!  :)

I thought they probably were OK, but it was nagging at me that I should check.

Many thanks for your prompt advice.

(y)

Reply #3February 04, 2016, 06:39:52 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Advice on 3 IEAT hooks please
« Reply #3 on: February 04, 2016, 06:39:52 PM »
Hi Spamlet,

You are very welcome. :)

Regards.