Katmouse, DLL Hook...

Since installing Comodo, I’ve installed a new verison of a mouse program called Katmouse. I’ve been using Katmouse for a year and had it installed when ever I first installed Comodo but don’t remember any warnings.

Now, everytime I access the Internet with my broswer or e-mail, I get a DLL Hook warning from Comodo. I can’t send the program for analysis because in order to access the Internet, I must grant access. Granting access immediately removes the warning.

I’ve searched the Internet and this forum for information on Katmouse being a keylogger but I can’t find anything.

Will someone please advise?

Thanks!

Or not!~

What version of CFP are you using? Can you export logs to html and post them here? Can you post a screen shot of the warning popup?

Here’s a good place to start learning about the firewall…

https://forums.comodo.com/index.php/topic,6167.0.html

A quick explanation about the various “hijacking” popups you get… These are due to the way applications communicate behind the scenes, share resources, and so on - all perfectly normal. Obviously, any activity that malware can emulate or hijack will try to be exploited. Thus, CFP monitors these things and alerts the user.

Problem is, aside from the Safelist, CFP doesn’t known the difference between good & bad; only suspicious activity. The rule of thumb from the developers is that if you know both applications in the alert, it is safe to Allow w/Remember, and you shouldn’t see that specific alert any further. The only time to be concerned is if you don’t know one or both applications in the alert…

If both applications are on the Safelist (and you’re using the Safelist), you shouldn’t see an alert. Safelist is enabled thru Security/Advanced/Miscellaneous/Do not show alerts for applications certified by Comodo. With v2.4, the Safelist is relatively small; with v3, this will be a considerable encrypted list of cryptographically signed applications.

In case you’re inclined to ask, no the user does not have access to the Safelist… this precludes tampering by malware as well…

LM

Here are two images. I have Comodo set to “ask permission”. Every program accessing the Internet generates a warning.

This program is located on snapfiles, and they say it’s free of adware.

Katmouse is mouse extension program and it’s possible that all it’s doing is hooking to programs so that it can extend mouse functionality. But how do I KNOW!

http://www.otnow.com/personal/katmouse/katmouse1.jpg

http://www.otnow.com/personal/katmouse/katmouse2.jpg

It is very common for mice & keyboards to hook or send messages; it’s part of how they operate. It’s always possible that this one does something untoward, though…

If you want to have a reasonable level of confidence, you can upload the file for testing. You can (from the firewall Application Monitor, by right-clicking on that entry) submit the file to Comodo for testing. You can also upload it to VirusTotal or
Jotti and it will be scanned by multiple AVs for you.

Also, do you have BOClean? If not, that might be a good application to add to your security collection. It’s not a file scanner; it’s a real-time memory monitor, and it has the ability to detect a whole bucketload of malware that potentially hide from regular scanners. KatMouse has been around long enough (since 2002, looks like) that if it’s bad, it should trigger an alert. On the other side, since it’s been around that long, a simple search on it should return people complaining. I did not, however, see any indication of such.

LM