"keyhook.exe" process installed by SIS 315 video card driver

Discussion in 'Computer Security' started by Eddie Crismond, Aug 11, 2004.

  1. Hello

    Windows task manager showed KEYHOOK.EXE running as process on a PC I was
    working with today. More than one result from Google indicated that this
    was associated with an SIS keyboard driver, designed to do some kind of
    filtering. But some indicated that this was full blown malware designed
    to log keystrokes.

    One description of keyhook.exe, and removal instructions can be found
    here...
    http://www.pestpatrol.com/pestinfo/b/backdoor_bo_plugin_keyhook.asp

    I didn't find any DLLs, but I did find the .exe, removed it, its
    associated registry entry, and then rebooted.

    Reading the setup.ini file in a zipped driver package that I downloaded
    for an SIS 315 based video card in this system, showed that keyhook.exe
    was apparently installed with this video cards driver.

    Here is a snippet from the setup.ini...
    [Utility.KeyHook]
    ID=Khooker
    Name=Khooker
    Display=0
    Select=5
    WriteReg="[RegWrite.KeyHook.Win9X]", "%OS_9X%"
    WriteReg="[RegWrite.KeyHook.WinNT]", "%OS_NT%"

    There are several other entries in the setup.ini related to keyhook.

    Here is the page where the driver was found...
    http://www.softwarepatch.com/utilities/sis315.html
    Which eventually takes you too...
    http://driver.sis.com/graphic/gpu/315/

    Does keyhook.exe have anything to do with keylogging, and if so, why
    would keyhook.exe be installed with a video card driver?

    Thank in advance
    Edward Crismond
     
    Eddie Crismond, Aug 11, 2004
    #1
    1. Advertising

  2. Eddie Crismond

    kony Guest

    On Wed, 11 Aug 2004 18:11:11 -0400, Eddie Crismond
    <> wrote:


    >Does keyhook.exe have anything to do with keylogging, and if so, why
    >would keyhook.exe be installed with a video card driver?


    keyhook could do whatever it's written to, with the keyboard
    input. In this particular case it appears to be used for video
    driver "hotkey" features. If user never knowns of (let alone
    uses) the features, there is no reason to leave it running.
     
    kony, Aug 12, 2004
    #2
    1. Advertising

  3. Howdy!

    "Eddie Crismond" <> wrote in message
    news:...
    > Hello
    >
    > Windows task manager showed KEYHOOK.EXE running as process on a PC I was
    > working with today. More than one result from Google indicated that this
    > was associated with an SIS keyboard driver, designed to do some kind of
    > filtering. But some indicated that this was full blown malware designed
    > to log keystrokes.


    Err - "John Smith was hired by the school as a teacher. But Google
    shows John Smith is a sex offender."

    There actually happens to be at least TWO programs named
    "keyhook.exe" out there ... and since you have the SiS video, it's a safe
    bet that you've got the SiS variant there.

    > Does keyhook.exe have anything to do with keylogging, and if so, why
    > would keyhook.exe be installed with a video card driver?


    Not THIS keyhook - it hooks into the keyboard processing chain to do
    hotkey settings.

    RwP
     
    Ralph Wade Phillips, Aug 12, 2004
    #3
  4. kony wrote:
    > On Wed, 11 Aug 2004 18:11:11 -0400, Eddie Crismond
    > <> wrote:
    >
    >
    >
    >>Does keyhook.exe have anything to do with keylogging, and if so, why
    >>would keyhook.exe be installed with a video card driver?

    >
    >
    > keyhook could do whatever it's written to, with the keyboard
    > input. In this particular case it appears to be used for video
    > driver "hotkey" features. If user never knowns of (let alone
    > uses) the features, there is no reason to leave it running.


    Good, thanks Kony. As I mentioned in the OP, its off now.
     
    Eddie Crismond, Aug 12, 2004
    #4
  5. Ralph Wade Phillips wrote:

    > Howdy!
    >
    > "Eddie Crismond" <> wrote in message
    > news:...
    >
    >>Hello
    >>
    >>Windows task manager showed KEYHOOK.EXE running as process on a PC I was
    >>working with today. More than one result from Google indicated that this
    >>was associated with an SIS keyboard driver, designed to do some kind of
    >>filtering. But some indicated that this was full blown malware designed
    >>to log keystrokes.

    >
    >
    > Err - "John Smith was hired by the school as a teacher. But Google
    > shows John Smith is a sex offender."
    >
    > There actually happens to be at least TWO programs named
    > "keyhook.exe" out there ... and since you have the SiS video, it's a safe
    > bet that you've got the SiS variant there.
    >
    >


    Great, thats what I was hoping, that it was benign.

    >>Does keyhook.exe have anything to do with keylogging, and if so, why
    >>would keyhook.exe be installed with a video card driver?

    >
    >
    > Not THIS keyhook - it hooks into the keyboard processing chain to do
    > hotkey settings.
    >



    Thanks
     
    Eddie Crismond, Aug 12, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. paul s

    Re: Odd sound problem with integrted SiS 7012

    paul s, Jul 12, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    717
    Michael
    Jul 12, 2003
  2. Phil B

    sis 650 chipset.....

    Phil B, Oct 30, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    2,510
    Robbo
    Oct 30, 2003
  3. John.E

    Gigabyte/SIS RAID issues

    John.E, Feb 3, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    1,028
    John.E
    Feb 4, 2004
  4. Mike
    Replies:
    3
    Views:
    2,360
    Rita Lemelin
    Apr 29, 2005
  5. Daniel

    Pine SIS 315E - 32MB PCI Video Card

    Daniel, Sep 16, 2004, in forum: NZ Computing
    Replies:
    6
    Views:
    4,104
    Daniel
    Sep 18, 2004
Loading...

Share This Page