Questions

hooktool.dll

+
0 Votes
Locked

hooktool.dll

parajau
When downloading "endtaskpro.exe" from a TechRepublic post, Avast! stopped it claiming that "hooktool.dll" was present and it is a trojan named "Win32:dialer-gen". Some site stated that there were no evidence that it was a risk, however.
What's your take on it? Did TechRepublic posted a malware?
  • +
    0 Votes
    ThumbsUp2

    You have to remember, spammers frequent this site and post links to all sorts of cr@p. If the members didn't catch the post and mark it as SPAM (to have it removed), it's still sitting out there waiting to catch someone.

    Also remember, TR has no control over other web sites. It's entirely possible someone posted a link to a tool and THAT site has been hacked and infected.

    So, please tell us where you found the post with the download.

    +
    0 Votes
    parajau

    I understand all that. I wasn't scolding, only alerting, sorry for that.
    The post was the one presenting the freeware "Endtaskpro". The DLL is inside that executable.
    My interest is in knowing if hooktool.dll really is a threat, or a false positive. See
    http://www.threatexpert.com/files/HookTool.dll.html
    I'm sure you're interested, too.
    I'm also sending that file to Avast!

    +
    0 Votes
    ThumbsUp2

    I'll ask one more time. Alerting is fine, if it's warranted. There have been over 17,000 posts here in the last 30 days. So, finding the post which is 'the one presenting the freeware "Endtaskpro"' isn't an easy task.

    So, what thread were you reading at the time?

    If we can't find the post, we can't determine if you were pointed to where a malicious file was located, which would warrant an alert, or if the link was indeed pointing to the 'correct' program which would seem to indicate a false positive has been generated.

    The web site you listed says, among other things:

    Across all ThreatExpert reports, the file "hooktool.dll" has never been identified as a threat.

    and

    Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.

    and specifically mentions the path where the file is installed using 'endtask pro' (note the space in the name).

    +
    0 Votes
    parajau

    Your Newsletter
    January 09, 2009
    "TechRepublic Software Downloads"

    Title:
    "Remove potential spyware and block pop-up ads"

    First line:
    "EndTask Pro includes an advanced task manager"

    +
    0 Votes
    ThumbsUp2

    I guess it's a false positive and not some link posted in a forum as an advertisement to get you to come to 'their' site.

    +
    0 Votes
    OH Smeg

    Here I thought that CBS did so I assume that you own CBS, How's you off for a Loan then? I'm feeling very poor after Christmas.

    The people who answer questions here are not part of the TR Organization they are volunteers who spend freely of their time & effort in an attempt to help people so saying Your Newsletter is implying that the person you are responding to in some way works at TR. It's more your Newsletter than the Responders as you asked for it. :)

    But in this particular case I would think that this is a False Positive happens all the time with some software and some AV Scanners. For instance try downloading SuperCopier 2 and see what happens. It's an excellent copy utility for Windows but every AV product that I have used mark it as a Threat which it isn't.

    http://www.softpedia.com/progDownload/SuperCopier-Download-60363.html

    Col

    +
    0 Votes
    ThumbsUp2

    Yeah, yeah, yeah! I owns 'em. Didn't you know that?

    What I was trying to drag out of him was if he found the link to that program mentioned in one of those SPAM posts that hadn't been found/reported/deleted yet and which took him to another site outside of TR. :0 Gosh! THAT never happens here, does it?

    When he said it was in a TR newsletter, I just figured it must be legit then.

    Good thing though, cuz I'm too tired tonight to go fishin' for SPAM!

  • +
    0 Votes
    ThumbsUp2

    You have to remember, spammers frequent this site and post links to all sorts of cr@p. If the members didn't catch the post and mark it as SPAM (to have it removed), it's still sitting out there waiting to catch someone.

    Also remember, TR has no control over other web sites. It's entirely possible someone posted a link to a tool and THAT site has been hacked and infected.

    So, please tell us where you found the post with the download.

    +
    0 Votes
    parajau

    I understand all that. I wasn't scolding, only alerting, sorry for that.
    The post was the one presenting the freeware "Endtaskpro". The DLL is inside that executable.
    My interest is in knowing if hooktool.dll really is a threat, or a false positive. See
    http://www.threatexpert.com/files/HookTool.dll.html
    I'm sure you're interested, too.
    I'm also sending that file to Avast!

    +
    0 Votes
    ThumbsUp2

    I'll ask one more time. Alerting is fine, if it's warranted. There have been over 17,000 posts here in the last 30 days. So, finding the post which is 'the one presenting the freeware "Endtaskpro"' isn't an easy task.

    So, what thread were you reading at the time?

    If we can't find the post, we can't determine if you were pointed to where a malicious file was located, which would warrant an alert, or if the link was indeed pointing to the 'correct' program which would seem to indicate a false positive has been generated.

    The web site you listed says, among other things:

    Across all ThreatExpert reports, the file "hooktool.dll" has never been identified as a threat.

    and

    Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.

    and specifically mentions the path where the file is installed using 'endtask pro' (note the space in the name).

    +
    0 Votes
    parajau

    Your Newsletter
    January 09, 2009
    "TechRepublic Software Downloads"

    Title:
    "Remove potential spyware and block pop-up ads"

    First line:
    "EndTask Pro includes an advanced task manager"

    +
    0 Votes
    ThumbsUp2

    I guess it's a false positive and not some link posted in a forum as an advertisement to get you to come to 'their' site.

    +
    0 Votes
    OH Smeg

    Here I thought that CBS did so I assume that you own CBS, How's you off for a Loan then? I'm feeling very poor after Christmas.

    The people who answer questions here are not part of the TR Organization they are volunteers who spend freely of their time & effort in an attempt to help people so saying Your Newsletter is implying that the person you are responding to in some way works at TR. It's more your Newsletter than the Responders as you asked for it. :)

    But in this particular case I would think that this is a False Positive happens all the time with some software and some AV Scanners. For instance try downloading SuperCopier 2 and see what happens. It's an excellent copy utility for Windows but every AV product that I have used mark it as a Threat which it isn't.

    http://www.softpedia.com/progDownload/SuperCopier-Download-60363.html

    Col

    +
    0 Votes
    ThumbsUp2

    Yeah, yeah, yeah! I owns 'em. Didn't you know that?

    What I was trying to drag out of him was if he found the link to that program mentioned in one of those SPAM posts that hadn't been found/reported/deleted yet and which took him to another site outside of TR. :0 Gosh! THAT never happens here, does it?

    When he said it was in a TR newsletter, I just figured it must be legit then.

    Good thing though, cuz I'm too tired tonight to go fishin' for SPAM!