Hook file?

I keep getting this file in the main directory on my C: drive.  It comes back after deleting it.  It's still there after running, symantec, Spybot, AVG antispyware and antirootkit.

Its a 1k file called "hook", its a word txt file that reads...

  29872334- 718561136 HIDING A FILE

Anyone know what this is?
Who is Participating?
Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to delete this file from safemode? Also, have you tried hijackthis?
Download hijackthis from the following location.

When you have downloaded hiajackthis, run a scan and then copy/paste the log file at www.hijackthis.de. When you have pasted your log file here, press the anaylze button. It will then show you all of the entries being either "Safe" or "Nasty".

Another thing you might want to check is the Add/Remove programs to make sure you dont have any installed software that might be causing to recreate this file after deleting it.

When you delete the file hold Shift and press delete.

Keep us updated
I would use sysinternals' filemon to see what process is writing/reading to/from it - and then use procmon (also from sysinternals) to kill it.

Also I recommend doing a scan of your C: drive with RootkitRevealer:


If it shows anything interesting copy-and-paste the first 30 lines or so of the log here.
Erik BjersPrincipal Systems AdministratorCommented:
There is probley something in one of the run or runonce keys in the registry that is puting this file back and it is more than likley a virus.

run your virus scan in safe mode and delete any infections you find, making note of the virus name(s) found.  

Then check the security responce site at symantec.com/securityresponce for removal instructions of any viruses found.

Also try running msconfig and uncheck any startup items that you do not recognize, if you have any questions about any of them post them here (include process or service name and startup location)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.