Is Emsisoft recording my keystrokes?

Discussion in 'privacy problems' started by Holysmoke, Aug 2, 2016.

  1. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    111
    I ran across this article http://www.ghacks.net/2016/07/17/spydetect-monitoring-spyware/

    I installed it and it says I am being monitored by a2hooks64.dll under C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE




    https://postimg.org/image/5zhzr0qdd/
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I'd trust Emsisoft much more then something like that.
     
  3. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    111
    it is a fact that that hook file is on my PC. I guess I should rephrase the question, do Hook files record keystrokes? if so, why is Emsisoft using them?
     
  4. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    784
    Because Emsisoft's behavior blocker needs to inject this dll to monitor some processes, it isnt malware or keylogger by any means.
     
  5. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I've just checked my computer.
    It's not only Emsisoft is "spying". My Bitdefender Total Security and Zemana Antilogger are "spying" also.

    Spying.PNG
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Actually Emsisioft behavior blocker does monitor for keylogger activity.

    This Spydetect program could be doing a couple of things:

    1. It is monitoring for any .dll injection into a process by an application and deeming that as potentially keylogger activity. Many security solutions do set a hook into running apps a part of their malware detection monitoring.

    2. This Spydetect program might be erroneously detecting use of any API call code used by the above that is related to keystroke capture as suspect when in fact the security solution is indeed monitoring such API usage to determine if malicious keystroke activity is occurring.

    3. This Spydetect program is misidentifying Win 10 telemetry activity that indeed does have the capability to capture keystroke activity.:eek:
     
    Last edited: Aug 2, 2016
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Based on this, I would say my previous reply no. 1 is applicable.

    So for future reference, ignore any hook detection from Spydetect originating from legit security apps. Also I see problems with using Spydetect since it doesn't appear to have the ability to detect actual keystroke API call activity. As such, it will alert and misidentify legit process .dll injection.
     
  8. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    111
    It is monitoring only hook dlls. I unistalled Emsisoft and it passes the check.

    They should call this hook dll checker
     
  9. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    748
    Location:
    UK
    its the behaviour blocker, you can exclude processes from monitoring which removes the hook, there was a bug in emsisoft that stopped the exclusion working but has very recently been fixed in the latest beta version (not yet fixed in stable).
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    It's very simple, if this tool reports about certain hooks that are used by trusted tools, then there is nothing to worry about. If you believe that a certain tool should not be using any hooks, then there is a problem. But it requires a bit of technical knowledge in order to make this call. But EAM is a trusted security tool, that monitors system security via this hook, so there is no problem.
     
    Last edited: Aug 2, 2016
  11. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,633
    Location:
    UK
    Emsisoft is a trusted vendor so I wouldn't have uninstalled that on the basis SpyDetect reports legitimate hooking techniques. Other anti-malware/security software often use hooks as mentioned above in post #5.
     
  12. Holysmoke

    Holysmoke Registered Member

    Joined:
    Jun 29, 2014
    Posts:
    111
    for the record I do believe Emsisoft is trusted and will not be using this spydetect tool.
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    To clarify, there is nothing wrong with the tool, but not all detected hooks are automatically malicious.
     
Loading...