Author Topic: Question about KeyHook.dll message  (Read 6642 times)

0 Members and 1 Guest are viewing this topic.

Toledo343

  • Guest
Question about KeyHook.dll message
« on: March 02, 2011, 01:09:10 AM »
Hello,

I have actually run into two virus alerts from Avast today.  First, I must admit I am not PC savvy so I hope anyone can help me with any advice on these two problems I am facing.  From reading some of the topics today it looks like I got hit with the false positive mscorlib.ni.dll.  When I turned on my computer right when Windows began to load I got hit with the message below.  I am a bit concerned because I was not given the option to move the file to the chest Avast just deleted it.  I don't know if this will cause any problems in the future.

This is the message that I received:
Trojan horse blocked
Object:  C:\Windows\assembly\NativeImages_v.2.0.50727_...\mscorlib.ni.dll
Infection:  Win32.spyeye-BG[TRj]
Action: Deleted
Process: C:\Programs Files(x86)\Intel\Intel(R)RapidStorag...\IAStorIcon.exe

The second problem that concerns me is that after the file was deleted Avast recommended that I run a boot scan.  During the boot scan Avast found another infected file.  I have a Lenovo computer and it looks like the infected file was found in one of my Lenovo files.  I was given the message below:

File C:\Program Files(x86)\Lenovo\Driver & Application Auto-installation\KeyHook.dll is infected by Win32:KeyHooker-E [PUP]

I chose to remove it to the chest.  I must point out that I am careful when I am online and I run my web browser through a sandbox so I was surprised to see this message.  This morning I was online I did not install anything I had to step out so I shut down my computer. A few hours later when I turned on my computer I got hit with the two problems above.  I am concerned that somehow I did get infect (which I have no clue how)or that these are both false positives.  Also, if these are two false positives I hope the end result did not cause damage to my system files.  Can anyone help me especially with the supposed Win32:KeyHooker?  Is this truly an infection I have no way of knowing.

doktornotor

  • Guest
Re: Question about KeyHook.dll message
« Reply #1 on: March 02, 2011, 01:11:09 AM »
Please use this thread for mscorlib.ni.dll false positive: http://forum.avast.com/index.php?topic=72687.0

As for the second one, add the file to exclusions (or disable PUP detection) if you are sure it's a legit file from Lenovo.

Toledo343

  • Guest
Re: Question about KeyHook.dll message
« Reply #2 on: March 02, 2011, 01:18:22 AM »
doktonotor,

Is there a way to somehow check to see if the keyhook.dll file is indeed infected with the Win32KeyHooker-E[PUP]?  The only thing I can go by is that I THINK it isn't but I am not sure.

doktornotor

  • Guest
Re: Question about KeyHook.dll message
« Reply #3 on: March 02, 2011, 01:22:12 AM »
PUP stands for potentially unwanted application. It's not a virus. Looks like a keyboard driver which is probably a bit too low level to pass PUP scan. You will probably lose some of the special keys functionality on your notebook if you let Avast quarantine it.