I would like to know which (if any) api avast hooks to in Windows 7 for the real time protection features.
A couple of anti rootkit programs (namely Gmer and Rootkit Buster) showed many API hooks apparently comingo from avast. I alo ran TDSSKiller, which didn´t show any rootkit, which made me believe that the hooks I´m seeing are really from avast.
Anyone could confirm this and provide a list of legit api hooks by avast?
I´m not sure it is a virus. That´s what I´m trying to find out.
A full system scan with avast finds nothing, the same happens with Trendmicro Housecall. But as I mentioned befor, the last time I checked for rootkits with Rootkit Buster I got a few entries like this:
A recently installed avast on my Windows 7 machine, so I´m guessing that these are API hooks from avast, but I´m just trying to confirm everything is ok.
@saos, yes, avast hooks several system APIs (as other AVs or security programs). The most hooks are done from sandbox/autosandbox driver (aswSnx.sys) or behavior shield (aswSP.sys). GMER show you all hooked APIs and if you scan processes in GMER, then it’ll show you our injected DLL (snxhk.dll) in those processes.