Question

Locked

hooktool.dll

By parajau ·
Tags: Off Topic
When downloading "endtaskpro.exe" from a TechRepublic post, Avast! stopped it claiming that "hooktool.dll" was present and it is a trojan named "Win32:dialer-gen". Some site stated that there were no evidence that it was a risk, however.
What's your take on it? Did TechRepublic posted a malware?

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Can you tell us what post you found it in?

by ThumbsUp2 In reply to hooktool.dll

You have to remember, spammers frequent this site and post links to all sorts of cr@p. If the members didn't catch the post and mark it as SPAM (to have it removed), it's still sitting out there waiting to catch someone.

Also remember, TR has no control over other web sites. It's entirely possible someone posted a link to a tool and THAT site has been hacked and infected.

So, please tell us where you found the post with the download.

Collapse -

hooktool in Endtaskpro.exe

by parajau In reply to Can you tell us what post ...

I understand all that. I wasn't scolding, only alerting, sorry for that.
The post was the one presenting the freeware "Endtaskpro". The DLL is inside that executable.
My interest is in knowing if hooktool.dll really is a threat, or a false positive. See
http://www.threatexpert.com/files/HookTool.dll.html
I'm sure you're interested, too.
I'm also sending that file to Avast!

Collapse -

Yeah, but where did you find the post?

by ThumbsUp2 In reply to hooktool in Endtaskpro.ex ...

I'll ask one more time. Alerting is fine, if it's warranted. There have been over 17,000 posts here in the last 30 days. So, finding the post which is 'the one presenting the freeware "Endtaskpro"' isn't an easy task.

So, what thread were you reading at the time?

If we can't find the post, we can't determine if you were pointed to where a malicious file was located, which would warrant an alert, or if the link was indeed pointing to the 'correct' program which would seem to indicate a false positive has been generated.

The web site you listed says, among other things:

Across all ThreatExpert reports, the file "hooktool.dll" has never been identified as a threat.

and

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.

and specifically mentions the path where the file is installed using 'endtask pro' (note the space in the name).

Collapse -

hooktool.dll

by parajau In reply to Yeah, but where did you f ...

Your Newsletter
January 09, 2009
"TechRepublic Software Downloads"

Title:
"Remove potential spyware and block pop-up ads"

First line:
"EndTask Pro includes an advanced task manager"

Collapse -

Well then....

by ThumbsUp2 In reply to hooktool.dll

I guess it's a false positive and not some link posted in a forum as an advertisement to get you to come to 'their' site.

Collapse -

Thummy I never knew you owned TR

by OH Smeg In reply to Well then....

Here I thought that CBS did so I assume that you own CBS, How's you off for a Loan then? I'm feeling very poor after Christmas.

The people who answer questions here are not part of the TR Organization they are volunteers who spend freely of their time & effort in an attempt to help people so saying Your Newsletter is implying that the person you are responding to in some way works at TR. It's more your Newsletter than the Responders as you asked for it. :)

But in this particular case I would think that this is a False Positive happens all the time with some software and some AV Scanners. For instance try downloading SuperCopier 2 and see what happens. It's an excellent copy utility for Windows but every AV product that I have used mark it as a Threat which it isn't.

http://www.softpedia.com/progDownload/SuperCopier-Download-60363.html

Col

Collapse -

Yep, got 'em in my hip pocket!

by ThumbsUp2 In reply to Thummy I never knew you o ...

Yeah, yeah, yeah! I owns 'em. Didn't you know that?

What I was trying to drag out of him was if he found the link to that program mentioned in one of those SPAM posts that hadn't been found/reported/deleted yet and which took him to another site outside of TR. :0 Gosh! THAT never happens here, does it?

When he said it was in a TR newsletter, I just figured it must be legit then.

Good thing though, cuz I'm too tired tonight to go fishin' for SPAM!

Back to After Hours Forum
8 total posts (Page 1 of 1)  

Off-Topic Forums