Hitman Pro Support and Discussion Thread

Erik explained it clearly - don't use the EWS option if you don't understand it. ;-)

 

Thank you. I will only to help him for improve Hitman Pro

 

I'm also getting Trojan.FakeAV alert on d3d9caps.dat.
Note: This time clicking on VT scan did work.
VT returned 0/38 detection ratio.
Jotti was 0/20.
VIPRE and MBAM said it is clean.

I was unable to see the file in History.
I had checked Ignore, so it should appear in History.

 

Not to worry, I can gladly send it to you if needed, it's not a very big file PTD.
From what I've read, I think the file may regenerate itself if deleted.

 

Also getting a hit on d3d9caps.dat.

Al

 

For the folks getting Trojan.FakeAV alert on d3d9caps.dat...
Could you check your History and see if your action is recorded there?
I Ignore the detection and nothing shows in History.
This is in XP, which so far seems to be where this detection occurs.

 

Same here (XP SP3)

 

Now that you mention it, none of the actions I have ever specified such as ignore or delete cookies have ever shown up in history. I assumed it had to do with my using an HMP that had not been activated. Could be that history is broken though.

Erik might be able to explain this.

Al

 

My account is activated.

 

Hmmmm. I guess it's broken then Anyone else seeing anything under the history tab?

Al

 

my post keeps disappearing how come

 

-- d3d9caps.dat feed back requested --

Several members are reporting that HMP alerts to this file, but no one can find any other scanner that has an issue with it. Feed back from Erik would be appreciated, I'm sure.

It has also been reported that the History feature is not working for some members, at least on XP.

I can also report that the HMP context scan comes up clean on d3d9caps.dat, while the default scan flags it. This is reproducible, as is the blank History feature.

Thanks very much.

 

I, too, got the D3d9caps.dat tonight and deleted before I checked this board. (I live in fear of spyware - lol). The deletion shows in my history.

Is this a file I'm going to need? Hopefully, it does regenerate, if so.

I'm running ESET NOD32 4.2.71.2. Scan tonight did not pick up the D3d file, but HMP did. I haven't had any problems for the past year at all. Run HMP and MBAM maybe once a week.

Thx.

 

Ignore is not an action that is recorded in History. Only files that are Deleted or Quarantined by HitmanPro Crusader service.

Cookies are not recorded either as they fall under Repair. They are not handled by the Crusader service but by HitmanPro.

 

The d3d9caps.dat file is classified as Remnant (a data file used by malware). This means that the file path was recorded while profiling malware files in our cloud. This means the file was dropped by malware. After a quick look it was created by several FakeAVs (hence the name that is reported).

HitmanPro only scans for Remnants during a Default scan. So they won't show up in a Quick scan.

FakeAV malware is using this file to store information:
http://www.threatexpert.com/report.aspx?md5=9d074874542cda7ae91b79a4890b2571
http://www.threatexpert.com/report.aspx?md5=a178083977255560a5e3b886e4f79ce7
http://www.sophos.com/en-us/threat-...pyware/Troj~FakeAV-FJC/detailed-analysis.aspx
(and a lot more)

But the d3d9caps.dat file is also used by Direct3D to store DirectX capabilities. On some systems the file is generated automatically. On most systems the file is not present at all.

I've disabled the remnant in our cloud so that it will no longer appear in the scan results.

Hope this helps.

 

I am running XP3 and XP2 in various snapshots...I have yet to see an alert for d3d9caps.dat by a HMP scan on my system

 

Yep, I'm pretty sure that it was created in my system (XP 32 SP3) when I reseted the hardware acceleration and changed some 3D settings on the Nvidia graphics card's control panel. I guess that if you, or some program in your computer, never did something similar it could be absent from your PC.

 

So you're saying that the reason I wasn't seeing this file flagged in the context scan is because the context scan will not alert on a remnant?

If that is the case, it does not seem right that a file described as 'malicious software' in the default scan should be given a free pass in the context scan. Just my opinion.

 

Thanks for the update, Erik. Not sure how this file got on my machine unless it was long, long ago when I downloaded DivX Player- which I never use, or it was a remnant from other malware which HMP now picked up.

Won't worry about it. Appreciate the response.

 

IMO any action a user decides on should be recorded. I did not realize that this was only a partial history with parts missing.

Al

 

I agree.
Maybe this could be taken as a suggestion for future builds.

 

is there a discount coupon for hitman pro. thanks.

 

Not that I have seen . If there is it is very rare. The discount is said to be in purchasing a multiple user license.

 

I believe this is a False Positive.

 

I've noticed that HitmanPro on XP does not remember the Ignore selection on found objects. This prevents the window from closing after scheduled scans. It would be nice if HMP remembered the Ignore option.
I don't know if this behavior is normal, and I don't know if it also happens in W7.