funny DLL!

Learn about Computer Security Virus/Malware Removal Assistance
#1

What is this?

http://img209.imageshack.us/img209/8921/comodofirewallblockdj3.png

#2

check this out KBHook.dll Windows process - What is it?
do you have Genius Wireless Keyboard ?

Melih

#3

Yes >> KBHook.dll << is located in the folder C:\Windows\System32. I have a Sony Vaio notebook, I have the normal notebook keyboard – I do have wireless mouse that I use… what should I do?

Thanx
Best Wishes

#4

Opinion seems to be divided on what the thing is, could be nothing or it could be something called NetSpy. But one thing I do know is that it is not a required Windows file.

My initial reaction would be to rename it (if possible or start in Safe mode if not) and check to make sure that the keyboard and mouse (both of them) still work.

If they do, no harm done at all.

As there is the possibility that it may be evil it would not hurt to use the Submit a file function within the firewall under Security/Tasks and let Comodo have a look as well.

Barry

#5

If you do a right click on the DLL and select PROPERTIES, you should be able to track down the manufacturer of the DLL. Download another copy from their website and compare. If its different, turf it. If its the same, leave it alone.

Cheers,
Ewen :slight_smile:

P.S. Generally a keyboard that has additional functionality with have a separate driver to enable the added functions.

#6

Here’s the property of kbhook.dll http://img237.imageshack.us/img237/769/kbhookrs7.png

#7

Sorry about delay - was sailing over the weekend.

The dll properties confirmed what the firewall suggested, there is no owner. This is not uncommon and cannot be used as a definite indicator of scumware of some sort. Equally the inability to remove the file may also be quite innocent, windows has the sometimes annoying ability to replace missing files on startup.

Suggest you try the following.

Start the system in safe mode (repeatedly press F8 on startup) and logon as Administrator.
Locate the file using Windows Explorer.
If not in list click “Tools”, “Options”, “View” and make sure that the Item “Show Hidden Files and Folder” is selected and remove the Check mark next to “Hide Protected Operating System Files”.
Delete the file.
Open “Control Panel”
Double click “System”
Click “System Restore”
Click to select “Turn off System Restore” and Click “OK”
Restart and check that file has been deleted.

If not, download “Hijackthis” from this location http://www.spywareinfo.com/~merijn/programs.php and save the file to a created directory on c: drive that you can find again.

Unzip the file and double click the .exe file created
Click “Do System scan and save log file”
The log will open in notepad after scan is complete. It can either be copied and pasted into this topic or attached as a file.

Good luck

Barry

#8

I found out what it is … it’s my Image Shack toolbar :slight_smile:

#9

Thats good. Glad it worked out.

Barry