I ran across this article http://www.ghacks.net/2016/07/17/spydetect-monitoring-spyware/ I installed it and it says I am being monitored by a2hooks64.dll under C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE https://postimg.org/image/5zhzr0qdd/
it is a fact that that hook file is on my PC. I guess I should rephrase the question, do Hook files record keystrokes? if so, why is Emsisoft using them?
Because Emsisoft's behavior blocker needs to inject this dll to monitor some processes, it isnt malware or keylogger by any means.
I've just checked my computer. It's not only Emsisoft is "spying". My Bitdefender Total Security and Zemana Antilogger are "spying" also.
Actually Emsisioft behavior blocker does monitor for keylogger activity. This Spydetect program could be doing a couple of things: 1. It is monitoring for any .dll injection into a process by an application and deeming that as potentially keylogger activity. Many security solutions do set a hook into running apps a part of their malware detection monitoring. 2. This Spydetect program might be erroneously detecting use of any API call code used by the above that is related to keystroke capture as suspect when in fact the security solution is indeed monitoring such API usage to determine if malicious keystroke activity is occurring. 3. This Spydetect program is misidentifying Win 10 telemetry activity that indeed does have the capability to capture keystroke activity.
Based on this, I would say my previous reply no. 1 is applicable. So for future reference, ignore any hook detection from Spydetect originating from legit security apps. Also I see problems with using Spydetect since it doesn't appear to have the ability to detect actual keystroke API call activity. As such, it will alert and misidentify legit process .dll injection.
It is monitoring only hook dlls. I unistalled Emsisoft and it passes the check. They should call this hook dll checker
its the behaviour blocker, you can exclude processes from monitoring which removes the hook, there was a bug in emsisoft that stopped the exclusion working but has very recently been fixed in the latest beta version (not yet fixed in stable).
It's very simple, if this tool reports about certain hooks that are used by trusted tools, then there is nothing to worry about. If you believe that a certain tool should not be using any hooks, then there is a problem. But it requires a bit of technical knowledge in order to make this call. But EAM is a trusted security tool, that monitors system security via this hook, so there is no problem.
Emsisoft is a trusted vendor so I wouldn't have uninstalled that on the basis SpyDetect reports legitimate hooking techniques. Other anti-malware/security software often use hooks as mentioned above in post #5.
To clarify, there is nothing wrong with the tool, but not all detected hooks are automatically malicious.
