Question about KeyHook.dll message

Hello,

I have actually run into two virus alerts from Avast today. First, I must admit I am not PC savvy so I hope anyone can help me with any advice on these two problems I am facing. From reading some of the topics today it looks like I got hit with the false positive mscorlib.ni.dll. When I turned on my computer right when Windows began to load I got hit with the message below. I am a bit concerned because I was not given the option to move the file to the chest Avast just deleted it. I don’t know if this will cause any problems in the future.

This is the message that I received:
Trojan horse blocked
Object: C:\Windows\assembly\NativeImages_v.2.0.50727_…\mscorlib.ni.dll
Infection: Win32.spyeye-BG[TRj]
Action: Deleted
Process: C:\Programs Files(x86)\Intel\Intel(R)RapidStorag…\IAStorIcon.exe

The second problem that concerns me is that after the file was deleted Avast recommended that I run a boot scan. During the boot scan Avast found another infected file. I have a Lenovo computer and it looks like the infected file was found in one of my Lenovo files. I was given the message below:

File C:\Program Files(x86)\Lenovo\Driver & Application Auto-installation\KeyHook.dll is infected by Win32:KeyHooker-E [PUP]

I chose to remove it to the chest. I must point out that I am careful when I am online and I run my web browser through a sandbox so I was surprised to see this message. This morning I was online I did not install anything I had to step out so I shut down my computer. A few hours later when I turned on my computer I got hit with the two problems above. I am concerned that somehow I did get infect (which I have no clue how)or that these are both false positives. Also, if these are two false positives I hope the end result did not cause damage to my system files. Can anyone help me especially with the supposed Win32:KeyHooker? Is this truly an infection I have no way of knowing.

Please use this thread for mscorlib.ni.dll false positive: http://forum.avast.com/index.php?topic=72687.0

As for the second one, add the file to exclusions (or disable PUP detection) if you are sure it’s a legit file from Lenovo.

doktonotor,

Is there a way to somehow check to see if the keyhook.dll file is indeed infected with the Win32KeyHooker-E[PUP]? The only thing I can go by is that I THINK it isn’t but I am not sure.

PUP stands for potentially unwanted application. It’s not a virus. Looks like a keyboard driver which is probably a bit too low level to pass PUP scan. You will probably lose some of the special keys functionality on your notebook if you let Avast quarantine it.