A NTOSKRNL-HOOK is a new difficulty computer users encounter these days. It is an infection hooked into the kernel of the operating system, known as a “rootkit”.I once wrote an article on hooking that you will find here. Unfortunately, nothing you do with the actual operating system on the hard drive will result in it being completely eliminated. Being a technique, hooking changes or improves the behavior of an operating system or application without having access to its source code.
Overall, ntoskrnl.exe is the kernel image for the family of Microsoft Windows NT operating systems. Also, it provides the Kernel and Executive layers of the Windows NT kernel space, and is in charge of various system services like hardware virtualisation, process and memory management, etc., making it the basic part of the system.
Apart from that ntoskrnl.exe is a critical process in the boot-up cycle of your computer, but should
never appear in WinTasks whilst in normal state. Bearing in mind that ntoskrnl.exe is known as the w32.bolzano and other variants. If this process appears in WinTasks, you must update your virus definitions at once.
Hooking is used for many purposes, like debugging and extending functionality. It can also be used by potentially malicious code. For instance rootkits, which are pieces of software that attempt to make themselves invisible by faking the output of API calls that would otherwise disclose their existence, use hooking techniques.
Resources:
Defining ntoskrnl.exe
What is hooking?
A NTOSKRNL-HOOK