Hook file?

Posted on 2007-08-01
Last Modified: 2013-11-22
I keep getting this file in the main directory on my C: drive.  It comes back after deleting it.  It's still there after running, symantec, Spybot, AVG antispyware and antirootkit.

Its a 1k file called "hook", its a word txt file that reads...

  29872334- 718561136 HIDING A FILE

Anyone know what this is?
Question by:aloyd18
    LVL 53

    Accepted Solution

    Have you tried to delete this file from safemode? Also, have you tried hijackthis?
    Download hijackthis from the following location.

    When you have downloaded hiajackthis, run a scan and then copy/paste the log file at When you have pasted your log file here, press the anaylze button. It will then show you all of the entries being either "Safe" or "Nasty".

    Another thing you might want to check is the Add/Remove programs to make sure you dont have any installed software that might be causing to recreate this file after deleting it.

    When you delete the file hold Shift and press delete.

    Keep us updated
    LVL 1

    Assisted Solution

    I would use sysinternals' filemon to see what process is writing/reading to/from it - and then use procmon (also from sysinternals) to kill it.
    LVL 32

    Assisted Solution

    Also I recommend doing a scan of your C: drive with RootkitRevealer:

    If it shows anything interesting copy-and-paste the first 30 lines or so of the log here.
    LVL 23

    Assisted Solution

    by:Erik Bjers
    There is probley something in one of the run or runonce keys in the registry that is puting this file back and it is more than likley a virus.

    run your virus scan in safe mode and delete any infections you find, making note of the virus name(s) found.  

    Then check the security responce site at for removal instructions of any viruses found.

    Also try running msconfig and uncheck any startup items that you do not recognize, if you have any questions about any of them post them here (include process or service name and startup location)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now