Author Topic: another IAT hook : should I worry ? how to remove ?  (Read 5747 times)

0 Members and 1 Guest are viewing this topic.

August 31, 2015, 07:40:31 AM

Abbadon

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
another IAT hook : should I worry ? how to remove ?
« on: August 31, 2015, 07:40:31 AM »
Hi, below my log. As you see there is some IAT hool. What should I do ?
thanks

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 8.1 (6.3.9200 ) 64 bits version
Démarré en  : Mode normal
Utilisateur : Albin [Administrateur]
Mode : Scan -- Date : 08/31/2015  07:17:35

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 7 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\klkbdflt2 (\SystemRoot\system32\DRIVERS\klkbdflt2.sys) -> Trouvé(e)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Trouvé(e)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1237517197-74558229-193843694-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 80 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xdbc7bc6 (jmp dword near [0xfff901a2]|call 0xdc37a1b)
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0xfffffffffff8ed15 (jmp dword near [0xfff8ed15])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueryInformationThread : Unknown @ 0xfffffffffff901d0 (jmp dword near [0xfff901d0])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0xfffffffffff8f3e2 (jmp dword near [0xfff8f3e2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0xfffffffffff8ff5f (jmp dword near [0xfff8ff5f])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetInformationThread : Unknown @ 0xfffffffffff901a2 (jmp dword near [0xfff901a2])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtGetContextThread : Unknown @ 0xfffffffffff8fa57 (jmp dword near [0xfff8fa57])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtSetContextThread : Unknown @ 0xfffffffffff8f021 (jmp dword near [0xfff8f021])
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0xfffffffffff8eede (jmp dword near [0xfff8eede])

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: LITEONIT LCM-256M3S +++++
--- User ---
[MBR] 74dec987ca56517407a93f7235236403
[BSP] 387e503a3a0716500845246d3caf6514 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] 97e87f6b199ef147396a8c1076e73ce3
[BSP] 15b83988fbc0cc4a1a6ddcb199774d92 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_01292015_084304.log - RKreport_DEL_01292015_084313.log - RKreport_DEL_01292015_084323.log - RKreport_DEL_01292015_084333.log
RKreport_DEL_01292015_084336.log - RKreport_DEL_01292015_084343.log - RKreport_DEL_01292015_085149.log - RKreport_DEL_06112015_224946.log
RKreport_DEL_06112015_224949.log - RKreport_DEL_06112015_224957.log - RKreport_DEL_07312014_073714.log - RKreport_DEL_08022014_182706.log
RKreport_DEL_10252014_103717.log - RKreport_DEL_10252014_103808.log - RKreport_SCN_01292015_084009.log - RKreport_SCN_01292015_084506.log
RKreport_SCN_06112015_222428.log - RKreport_SCN_07302014_232748.log - RKreport_SCN_08022014_144930.log - RKreport_SCN_08312014_204654.log
RKreport_SCN_10252014_103408.log

Reply #1August 31, 2015, 01:13:55 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: another IAT hook : should I worry ? how to remove ?
« Reply #1 on: August 31, 2015, 01:13:55 PM »
Hi Abbadon,

Welcome to Adlice.com Forum.
Those hooks are legit.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.