I am rather new here just to start out and I am also studing my ass off about computer security, but that is besides what I am getting @.
Just recently as of a few weeks ago I noticed that in my box there was a VIRUS.... well I was like hmmm that can't be cause I know of all of them in my computer and know exactly where they are located. Well anyways a few weeks back I did a Virus check on my OS by which is "WIN XP PRO" and it showed all of my reg' viruses, but it was diff' this time around, it found a new virus in my OS that I have never seen b/4. The virus is called "KeyHook.dll" it is suppost to I am assuming be undetectable but my Anit Virus Pro' found it. Now here is the thing I did some but not a whole lot of research on the file and it be a ".DLL" file I wouldn't have even considerd it being one, well as I was saying I browsed around on the net about it and found that it is a "Netbus" virus, and with that be all you would need is someones IP and you can get into there system cause if they have WIN XP home or Pro' I have found on each box that I have been on with either of the OS's I have found that file.
But I am just wondering why would windows have a relation with netbus? all that I could come up with is that they are using it for the Remote to System or something like that so that other can get into your computer and do what need's to be done on it/// ....
but if possible can some one give me some more info/input out this?
June 14th, 2002, 02:21 PM
Hrms..i'd say you got the file from somewhere or someone. Or maybe the windows installation you had or cd you had to install it, had the file attached to it.
Just my 2 cents...
June 14th, 2002, 02:24 PM
yea that is what I am assuming as well, but what I don't understand is t hat on these other box's that I have been on that I have not installed XP on has the file 2......
June 14th, 2002, 02:36 PM
Then maybe it's just on a cd that you use to install software on all of them? Or if you are referring to school/uni computers, then maybe it spreaded to your box from a floppy or email attachment.
June 14th, 2002, 04:28 PM
First of all dont worry, if it only found the dll, then netbus is likely not inside your computer.
Key Hooking is a method that allows a certain program to get the keyboard input from a specific window (hWnd) or system wide keyboard. If you want to use key hooking, you have to create dll and make the hooking from there (Thats how windows works). my guess is that KeyHook.dll is a file that used by some programs to do key hooking - programs like netbus (as you know netbus allows remote key logging. yes, using key hooking) and some other program/component you have installed.
Thats why your AntiVirus recognize it as virus (coz its part of netbus), but it is also a part of a legit program.