Author Topic: Hooks  (Read 8480 times)

0 Members and 1 Guest are viewing this topic.

November 11, 2015, 07:51:23 PM

rambie

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Hooks
« on: November 11, 2015, 07:51:23 PM »
Not really a problem with RK, but a query.

[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!PeekMessageW : Unknown @ 0x7ffb5c5d0c98 (jmp 0xfffffffffd56e308)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!GetMessageW : Unknown @ 0x7ffb5c5d0d14 (jmp 0xfffffffffd56e6a4)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtMapViewOfSection : Unknown @ 0x7ffb5c5d0e96 (jmp 0xfffffffffc7efa46)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtUnmapViewOfSection : Unknown @ 0x7ffb5c5d0e56 (jmp 0xfffffffffc7ef9e6)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : Unknown @ 0x7ffb5c5d0ed6 (jmp 0xfffffffffc7ef806)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ffb5c5d0e15 (jmp 0xfffffffffc8179c5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtFreeVirtualMemory : Unknown @ 0x7ffb5c5d0f16 (jmp 0xfffffffffc7efb66)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAllocateVirtualMemory : Unknown @ 0x7ffb5c5d0f56 (jmp 0xfffffffffc7efc06)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!GetMessageA : Unknown @ 0x7ffb5c5d0d58 (jmp 0xfffffffffd56abc8)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!PeekMessageA : Unknown @ 0x7ffb5c5d0cd8 (jmp 0xfffffffffd563198)

These hooks have appeared in a report, I believe it was after installing a driver updater (slim) as I was not aware at the time that this was a no  no.
MBAM, ZA, Hitman Pro and SUPERAntispyware have not revealed any malware.
Does anyone recognize these entries or offer advice on whether to leave as is or do a win 8 refresh or reinstall?

rambie

Reply #1November 11, 2015, 07:54:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Hooks
« Reply #1 on: November 11, 2015, 07:54:25 PM »
Hi rambie,

Could you please copy/paste RogueKiller full report in your next reply ?

Regards.

Reply #2November 11, 2015, 11:00:28 PM

rambie

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Hooks
« Reply #2 on: November 11, 2015, 11:00:28 PM »
Here 'tis......

Reply #3November 12, 2015, 12:19:03 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Hooks
« Reply #3 on: November 12, 2015, 12:19:03 AM »
Hi rambie,

Those entries are legit.

Regards.

Reply #4November 12, 2015, 09:59:07 PM

rambie

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Hooks
« Reply #4 on: November 12, 2015, 09:59:07 PM »
Thank you very much for your time, will try to avoid these mistakes (for awhile)

rambie

Reply #5November 12, 2015, 10:37:25 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Hooks
« Reply #5 on: November 12, 2015, 10:37:25 PM »
Hi rambie,

You are very welcome.

Regards.