“mirc.exe is trying to install global hook mirc.exe”
“A global hook is a windows feature which allows application such as media players, keyboard enhancement programs etc, to inject executable files (e.g. dll files) into other applications for various purposes. But this is also commonly exploited by malware programs for keylogging, screen capturing or controlling legitimate applications”
First of all, I don’t understand what it’s doing. But I always choose block. I read online somewhere global hook means it’s trying to inject .dll into a process. But there really isn’t a .dll located anywhere to inject it? So I’m confused. mirc.exe is trying to inject itself?
It happens with these versions
mIRC v6.21
mIRC v6.16
mIRC v7.29
Will I be okay, if it’s blocking it. If it manages to not block it once. What does it do? By the way if I don’t allow Global Hook. The shortcut keys don’t work, except for the older versions. I also want it to run in portable mode. So I don’t even want it to mess with registry key, or app data folders. So I can have multiple versions in multiple folders. Any advice on what global hook does? Or if it’s normal for mIRC, or what should I do? The mirc.exe doesn’t seem to be a virus, I checked it out on virustotal.com. Nothing detected.
Older versions check out as false positives: Not a Virus, etc.
Installing a Global Hook is not an uncommon action for any program both normal and malicious.
When you know that you downloaded the installer from mIRC from a trustworthy source you can safely allow it. When the installer or it’s executables have a digital signature you can check the validity of those to be sure there was not tampered with.
Thanks for your reply. Okay, yes you are right, aegisub, and mmg.exe, programs I know not to be trojans. Also tried to install global hooks.
I contacted Khaled, the creator of mirc.exe. And he told me it was normal for it to install hooks. Although he said mirc is using a local hook.
And he said if my firewall is reporting a global hook, then it’s not distinguishing between a local hook and global hook. Does comodo firewall distinguish the two correctly? I’m assuming it won’t pop up a defense alert for local hook. Not sure what the difference between the two.
I don’t know if Comodo correctly distinguishes. May be it puts the two phenomenons under the same alert. As long as you know for sure the programs you downloaded are untouched versions I would not worry.
According to Yahoo answers the two pheonomenons are set up in the way (similar in nature I guess):
If you are asking a programming question:
There are 2 types of hooks - global or local.
A local hook is one that monitors things happening only for a specific program (or thread).
A global hook monitors the entire system (all threads).
Both types of hooks are set up in the same way, the main difference being that for a local hook, the function to be called can be within the program it is monitoring, but with a global hook the function must be stored and loaded from a separate dll.
A local hook only works for a specific program but a global hook can be used by any program.
Source: Delphi Tutorials…
Yeah, that’s what I’m asking, if it can distinguish between the two. I never see an alert posted about local hook.
I upgraded my mIRC v6.16 folders to mIRC v6.35(via downloaded from mirc.com , so I know it’s legit) And I set folders to portable, and created a .bat telling it to launch portable. I installed mIRC6.35 in a virtual machine, and migrated the folders to OS to another hard drive. So it doesn’t mess with my registry. Good thing I did that because if I started 7.29 up, was resetting the evaluation period for my older versions. Kept on driving me nuts.
As for:
mIRC v7.29
When it started doing the global hook thing, is when I modified the .exe in a virutal machine with a program that has 23/45 detection on virustotal. Most picked it up as suspicious or mal/gen/win32pup, etc.
I was worried that what it did was inject a trojan into the .exe without me knowing, that set off the global hook. But when I scanned the modified mirc.exe in virustotal, nothing is showing up as trojans or malware. So I’m probably being paranoid.
But since then, I put the original .exe for mIRC v7.29 back in place. And it doesn’t say anything about global hook anymore.
So I know what you are saying, as long as they are untouched versions. I can stop worrying. Global hook is a common action for some programs. I had other legit programs as well, try global hook mmg.exe, aegisub.exe, etc. I denied access just in case.
The main concern is the creator of this program said global hook should not happen at all. Only local hook, so it’s very important to know if comodo defense can distinguish between the two.
There shouldn’t be any global hook alerts for 6.16 mirc.exe because I never did anything with those. And the creator has said it uses only local hook