«

Hello

Windows task manager showed KEYHOOK.EXE running as process on a PC I was
working with today. More than one result from Google indicated that this
was associated with an SIS keyboard driver, designed to do some kind of
filtering. But some indicated that this was full blown malware designed
to log keystrokes.

One description of keyhook.exe, and removal instructions can be found
here...
http://www.pestpatrol.com/pestinfo/b...in_keyhook.asp

I didn't find any DLLs, but I did find the .exe, removed it, its
associated registry entry, and then rebooted.

Reading the setup.ini file in a zipped driver package that I downloaded
for an SIS 315 based video card in this system, showed that keyhook.exe
was apparently installed with this video cards driver.

Here is a snippet from the setup.ini...
[Utility.KeyHook]
ID=Khooker
Name=Khooker
Display=0
Select=5
WriteReg="[RegWrite.KeyHook.Win9X]", "%OS_9X%"
WriteReg="[RegWrite.KeyHook.WinNT]", "%OS_NT%"

There are several other entries in the setup.ini related to keyhook.

Here is the page where the driver was found...
http://www.softwarepatch.com/utilities/sis315.html
Which eventually takes you too...
http://driver.sis.com/graphic/gpu/315/

Does keyhook.exe have anything to do with keylogging, and if so, why
would keyhook.exe be installed with a video card driver?

Thank in advance
Edward Crismond

On Wed, 11 Aug 2004 18:11:11 -0400, Eddie Crismond
<> wrote:


>Does keyhook.exe have anything to do with keylogging, and if so, why
>would keyhook.exe be installed with a video card driver?

keyhook could do whatever it's written to, with the keyboard
input. In this particular case it appears to be used for video
driver "hotkey" features. If user never knowns of (let alone
uses) the features, there is no reason to leave it running.

Howdy!

"Eddie Crismond" <> wrote in message
news:...
> Hello
>
> Windows task manager showed KEYHOOK.EXE running as process on a PC I was
> working with today. More than one result from Google indicated that this
> was associated with an SIS keyboard driver, designed to do some kind of
> filtering. But some indicated that this was full blown malware designed
> to log keystrokes.

Err - "John Smith was hired by the school as a teacher. But Google
shows John Smith is a sex offender."

There actually happens to be at least TWO programs named
"keyhook.exe" out there ... and since you have the SiS video, it's a safe
bet that you've got the SiS variant there.

> Does keyhook.exe have anything to do with keylogging, and if so, why
> would keyhook.exe be installed with a video card driver?

Not THIS keyhook - it hooks into the keyboard processing chain to do
hotkey settings.

RwP

kony wrote:
> On Wed, 11 Aug 2004 18:11:11 -0400, Eddie Crismond
> <> wrote:
>
>
>
>>Does keyhook.exe have anything to do with keylogging, and if so, why
>>would keyhook.exe be installed with a video card driver?
>
>
> keyhook could do whatever it's written to, with the keyboard
> input. In this particular case it appears to be used for video
> driver "hotkey" features. If user never knowns of (let alone
> uses) the features, there is no reason to leave it running.

Good, thanks Kony. As I mentioned in the OP, its off now.

Ralph Wade Phillips wrote:

> Howdy!
>
> "Eddie Crismond" <> wrote in message
> news:...
>
>>Hello
>>
>>Windows task manager showed KEYHOOK.EXE running as process on a PC I was
>>working with today. More than one result from Google indicated that this
>>was associated with an SIS keyboard driver, designed to do some kind of
>>filtering. But some indicated that this was full blown malware designed
>>to log keystrokes.
>
>
> Err - "John Smith was hired by the school as a teacher. But Google
> shows John Smith is a sex offender."
>
> There actually happens to be at least TWO programs named
> "keyhook.exe" out there ... and since you have the SiS video, it's a safe
> bet that you've got the SiS variant there.
>
>

Great, thats what I was hoping, that it was benign.

>>Does keyhook.exe have anything to do with keylogging, and if so, why
>>would keyhook.exe be installed with a video card driver?
>
>
> Not THIS keyhook - it hooks into the keyboard processing chain to do
> hotkey settings.
>


Thanks