GLOBAL HOOK IS CAUSING ME TO GO INSANE.. HELP

I cant find those located anywhere in system32

and the comodo one results

FROM THE COMODO ONE

* CreateProcess Failed

[Verdict]

* Not Rated as Suspicious

[Description]

* Not Available

[Mutexes Created or Opened]

i only saw them in the hijack log file… i went in and couldnt find them… you want to Team viewer it??

pm send

Xan

After moderator eXPerience (who did everything possible and a great job helping me out) took over my computer fixing this and that… The Global Hook was a war… She had me reboot the system and run more checks and it came back… I then tried another approach (really her suggestion but just tweaked it) I unplugged internet! Then I ran in safe mode, scanned the system, deleted and fixed problems… Then rebooted in regular mode… Ran another scan and had nothing found but global hook was still there…(internet still unplugged)… Then hijackthis the log and clicked on the problemed files we been dealing with clicked FIX… and finally got rid of them (how I know?) i ran another Hijackthis Log and they were gone… I rebooted the system (plugged internet back in)… and I am now here typing this… lol so all in all a long hard battle but HOPEFULLY the GLOBAL HOOK war is over in a nutshell if you see this happen to your comp… Make sure you get (SuperAntiSpyware (SAS), Hijackthis, and definatley have Comodo) Scan all systems with out internet connection, fix all or delete all problems, then reboot and plug the internet back on and praise eXPerience and or me… lol

PS: reasoning behind unplugging the internet I am thinking the problem is in the Hook that if it knows it is getting erased or “fixed” that it will send a new or clone file in its place. Just a conclusion to my hypothesis!!! Hope this helps anyone in the future and if it comes back to mine… Well i will just scream and throw my computer out the window… YAYYYYYY!

Hi there,

This also looks like it’s stealing keystrokes etc, I would run a scan with GMER on it to see if it finds rootkit activity.
http://www.gmer.net/index.php

And of course if your sure all is gone, change all you passwords !
They could be send to a central server.

So that’s who Xan was helping over a remote connection. :-La Glad it is removed (though I’m still not sure how he did it ;)).

i would try and run that but i can’t read i think its russian or something…

but xan helped me out… i dont know how but it helped i got a couple pop ups but hit block request and havent seen it again yet…

I think that program might have a way to change languages, but I’m not sure.

It’s an English version and GMER is a well known anti-rootkit no need to worry about that.
Not everything that comes from Russia is bad, check How to Prevent Problems As A Newlywed – Rootkit Trends & Prevention Blog

No problem grfxdzine, I’m glad it’s resolved. Could you scan indeed another time with GMER like Ronny proposed ?

Xan

ps : I’m a he btw :wink:

Ganda, stay of this for a bit longer :slight_smile: I want to see what GMER says

Xan

I was starting to wonder. (:TNG)

Wanna test it ?

Xan

I didn’t see ganda posting. ???

What?

Ganda locked the topic and was writing the message

Xan

How did you know? Did he delete the message?

To stay on-topic: are you still insane? :slight_smile:

summary of gmer.exe scan

[attachment deleted by admin]

I thought we were released from this one :-X

Please download A-squared free. Install it and let it scan, please tell us what it pops-up, do not clean anything yet because it has a lot of False Positives

Xan

GMER log file looks clean.

what about the complete list being basically all in one file name KERNEL32.DLL is that weird or just normal…