Author Topic: [IAT:Inl (Hook.IEAT)] Detection  (Read 3764 times)

0 Members and 1 Guest are viewing this topic.

June 27, 2017, 03:04:13 pm

Lobas

  • Newbie

  • Offline
  • *

  • 18
  • Reputation:
    0
    • View Profile
[IAT:Inl (Hook.IEAT)] Detection
« on: June 27, 2017, 03:04:13 pm »
Hi,

in my office, where I work as Software-, Hardware- and Network representative, at one workstation, RogueKiller PREMIUM detected 8 Rootkits from the type named in the title.

So, now I'm not sure what to do, how dangerous they are, and how to remove them, etc...

GMER proved the detection, but didn't marked them as dangerous.

Kaspersky TDSS Killer and Malwarebytes Anti-Rootkit BETA detected nothing, Dr. Web CureIt! and Comodo Cleaning Essentials nothing, too.

A lot of other Rootkit-Tools I read from in the Internet, didn't work properly, detected nothing and one even carried Malware with it.

I attach the Logs of RogueKiller and GMER.

I hope somebody is able to help me with that problem.

Thanks to you

Greetings

Lobas

Reply #1June 27, 2017, 03:08:33 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2435
  • Reputation:
    84
    • View Profile
Re: [IAT:Inl (Hook.IEAT)] Detection
« Reply #1 on: June 27, 2017, 03:08:33 pm »
Hi Lobas,

Thanks for supporting our product and welcome to Adlice.com forum.
These are likely legit hooks. Could you please attach RogueKiller JSON report with your next reply ?

Regards.

Reply #2June 27, 2017, 06:22:33 pm

Lobas

  • Newbie

  • Offline
  • *

  • 18
  • Reputation:
    0
    • View Profile
Re: [IAT:Inl (Hook.IEAT)] Detection
« Reply #2 on: June 27, 2017, 06:22:33 pm »
Hi Curson,

it did took some time time to get the JSON versions, too.

But how can they be legit hooks, if I haven't turned on "Show legit Hooks"?

Also the problem expanded, I discovered today. On a second workstation definitely, from the others I have until now no correct results, especially because the Premium License doesn't work on the central PC. Don't know why.

I attach you the other Logs I have already, JSON included.

Regards, Lobas

and thanks to you so far

Reply #3June 27, 2017, 07:18:38 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2435
  • Reputation:
    84
    • View Profile
Re: [IAT:Inl (Hook.IEAT)] Detection
« Reply #3 on: June 27, 2017, 07:18:38 pm »
Hi Lobas,

There is a difference between a kwown legit hooks and unknown hooks.

Unkwown hook :
Quote
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) kernel32!FreeLibrary : Unknown @ 0x7ffe945102f8 (jmp 0xffffffffbfff3458)

Known legit hook :
Quote
[IAT:Inl(Hook.IEAT)] (explorer.exe @ advapi32.dll) kernel32!GetLastError : C:\WINDOWS\system32\KERNELBASE.dll @ 0x753078c0 (jmp dword [0x76f3431c])

The "Show legit display" option display all hooks and the "Expert Mode" option only display unknown hooks.

Are you not able to activate RogueKiller Premium ?
Could you please give me the error message you get when activating it ?

Regards.

Reply #4June 27, 2017, 08:18:55 pm

Lobas

  • Newbie

  • Offline
  • *

  • 18
  • Reputation:
    0
    • View Profile
Re: [IAT:Inl (Hook.IEAT)] Detection
« Reply #4 on: June 27, 2017, 08:18:55 pm »
Hi,

thanks for the information. Like I understood you, I don't have to worry about this.

But the (eventually) infected computers decrease, since this problem appeared, in many of their skills.

They are getting much more slowly, Shutdown & Restart does take much more time, many programs, especially the ones needed absolutely for the functioning of the company, getting slowly and often crash totally or disappear completely and on one workstation the audio functionality has decreased to virtually nothing. Also the internet connection got very unstable. And the system control functions are doing how they want. And so on. All these problems occured just in time with the Hook detections. Everything very strange, in my opinion.

Because RK Premium: The Premium license works on 3 of 7 workstations (Just 5 oft them at the moment active). Haven't an explanation for that. Also I payed for it over PayPal, but until now I got no confirmation for the payment and still no money was debited.
I hope this problem can be solved soon, because RK Premium is needed on ALL workstaions in my company.

Thank and Regards, Thomas

P:S.: Will attach more GMER Logs as soon as they're available.

Reply #5June 27, 2017, 08:29:16 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2435
  • Reputation:
    84
    • View Profile
Re: [IAT:Inl (Hook.IEAT)] Detection
« Reply #5 on: June 27, 2017, 08:29:16 pm »
Hi Thomas,

Yes, you understood correctly, you don't have to worry about them.
If you experience license issues, please open a new support ticket using the Contact Form.

Regards.