Hitman Pro Support and Discussion Thread

[LegioXGemina]

Quote:

Originally Posted by erikloman

The problem with these keys is that they are also used by the SpamBlockerUtility installed by Hotbar (as per here).

I've disabled the keys in our cloud so that they should no longer be listed.

Can you verify?

I did a rescan and the problem was solved. Thanks!
The registry keys previously reported as malware by HitmanPro were referred to the "Toolbar Whitelist" installed by GData Antivirus 2012?
Thanks again for your technical assistance!

[Mops21]

Quote:

Originally Posted by Mops21

Have you the Files send them via E-Mail to you

Have you the Files from me

[erikloman]

Quote:

Originally Posted by Mops21

Have you the Files from me

I have them. I will have a look at them shortly. Thanks!

[Mops21]

Quote:

Originally Posted by erikloman

I have them. I will have a look at them shortly. Thanks!

Okay thank you very much for it.

Can you post your result of the Files, please

[Empath]

Quote:

Originally Posted by erikloman

That's not good. Do you have som e rollback software installed? Maybe we can have a remote look (using our QuickSupport tool) to see whats going on?

I got it working. I used an image to return everything back to pre-renew status. Then, in frozen mode of TimeFreeze, I re-activated. Everything worked, so I exited frozen mode while preserving changes made.

Next time, I'll know to wait until it's ready to expire. It now says it'll expire a year from yesterday. I still had time on my previous license 'till the 11th of next month. I lost almost a month of paid use. That could be a situation worth addressing in future licensing.

[erikloman]

Quote:

Originally Posted by Mops21

Okay thank you very much for it.

Can you post your result of the Files, please

I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.

[Mops21]

Quote:

Originally Posted by erikloman

I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.

Okay thank you very much for your Info about it check the Cloud for my Files and live me an ansäet for this

[Scott W]

Hi erik,

I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

Scott

[Blues7]

Quote:

Originally Posted by Scott W

Hi erik,

I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

Scott

I had it come up during a default scan a few days back, Scott, and reported it here as well as via the program. It hasn't come up since, however.

[Function]

http://i.imgur.com/iqOli.png

http://i.imgur.com/mY39Y.png

mbam.sys is a part of MalwareBytes Anti Malware

brnfilelock.sys is a part of Blueridge Appguard

SbieDrv.sys is a part of Sandboxie

nvlddmkm.sys is a part of Nvidia


The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

I think its showing a few false positives for me.

I am using Rollback RX so I assume that the Master Boot Record is to do with that.

I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

Currently going though all of my Snapshots to remove the emulation files to ensure its not a fault of Rollback RX.

[erikloman]

Quote:

Originally Posted by Function

http://i.imgur.com/iqOli.png

http://i.imgur.com/mY39Y.png

mbam.sys is a part of MalwareBytes Anti Malware

brnfilelock.sys is a part of Blueridge Appguard

SbieDrv.sys is a part of Sandboxie

nvlddmkm.sys is a part of Nvidia


The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

I think its showing a few false positives for me.

I am using Rollback RX so I assume that the Master Boot Record is to do with that.

Quote:

Originally Posted by Function

I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

Switch into Compatible Disk Access (under Settings -> Advanced).

Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

Hope this helps.

[Function]

Quote:

Originally Posted by erikloman

Switch into Compatible Disk Access (under Settings -> Advanced).

Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

Hope this helps.

Switch to Compatible Disk Access. Did the scan, nothing came up. All clean with this scan.

So should I always use Hitman Pro with Compatible Disk Access from now on?

Also I can't seem to find anyway to check for updates? Does it just automatically happen?

[erikloman]

Quote:

Originally Posted by Function

So should I always use Hitman Pro with Compatible Disk Access from now on?

Yes. For as long as you use Rollback RX.

Quote:

Originally Posted by Function

Also I can't seem to find anyway to check for updates? Does it just automatically happen?

HitmanPro is a behavioral scanner (local) and a cloud scanner (remote). The AV scanning is done remotely in cloud where the AVs are always up to date.

If there is a program update then HitmanPro will update automatically.

So you don't have to do anything. Just run it regularly or set a scan schedule under Settings -> Scan.

Hope this helps.

[jmonge]

i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it and destroy itthanks for making this wonderfull program is a very cool program to have always scaning in the system

[kardokristal]

Quote:

Originally Posted by jmonge

i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it and destroy itthanks for making this wonderfull program is a very cool program to have always scaning in the system

[erikloman]

HitmanPro 3.6 Build 153 Released

Changelog

• ADDED: Behavioral scan now detects spoofed memory mapped file names.
• FIXED: Solved a time zone issue when validating the license.
• IMPROVED: Several minor user interface issues.
• UPDATED: Internal white lists.

[Amit]

updating automatically right now ......

[erikloman]

HitmanPro 3.6 Build 154 BETA

Changelog

• ADDED: Detection and removal of Volume Boot Record / VBR bootkits.
• ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.

An hour ago we've released build 153 to address time zone issues related to license activation. The problem was introduced in build 152, which is now fixed.

We now also release BETA build 154 (it has been in our source control system for a while now) which is dedicated to detecting and removing Volume Boot Record / VBR bootkits like Cidox, Mayachok, Rovnix, etc. These bootkits run on both 32-bit and 64-bit systems and work much like MBR bootkits.

First reports on VBR bootkits date back to July 2011:
http://news.drweb.com/?i=1772&c=23&lng=en&p=2
http://blog.eset.com/2011/08/23/hast...oiting-the-vbr

You can now use HitmanPro to cleanup these VBR infections.



BETA
32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

[Amit]

updated to build 153....running smoothly here ........

[gerardwil]

....and 154 as well

[Page42]

Quote:

Originally Posted by erikloman

HitmanPro 3.6 Build 153 Released

Excellent! Installed on 2 machines & scans run.
Thank you for the constant improvements.
You are making your tool indispensable, Erik.
And I'm very much looking forward to having Volume Boot Record/VBR bootkits detection capability in Build 154.

[RSpanky]

Updated 153 and running great, AS ALWAYS

Build 153 detects AVG as suspicous

[erikloman]

Quote:

Originally Posted by tpro

Build 153 detects AVG as suspicous

What AVG suite are you using.

Quote:

Originally Posted by erikloman

What AVG suite are you using.

AVG IS 2012