Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Remove the : thumb: from the link. Plus, there is no beta going on at the moment as already replied by others, there will be a new one in a few days.
    Hitman Pro does not offer realtime protection btw.
     
  2. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,342
    Location:
    USA
    Nice J, thanks :D
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    your welcome
     
  4. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    I just ran Hitman Pro on Beast Lock, which is a screen saver security program, and Hitman Pro says lock.exe contains a VIRUS!

    I got it from here:

    http://download.cnet.com/Beast-Lock/...-10537874.html

    Is this a false positive?

    According to virustotal, it comes up clean except for Emsisoft which say its a Virus.Win32.VBInject!IK, and Ikarus which says its Virus.Win32.VBInject and Jiangmin say its a Trojan/VB.lqj. But all the others say its clean.

    What is true?

    I assume Hitman Pro uses Emsisoft to check for Virus? But why does Symantec, Kaspersky, Avira, Nod32, Avast etc say Lock.exe is clean and Hitman Pro say its a VIRUS! What should I do? Can someone check the program and tell me if it's clean or a VIRUS?
     
    Last edited: Sep 22, 2011
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes it certainly sounds like an FP from Ikarus.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I've just checked the installer and DrWeb, NOD32 and PCTools find the file malicious (Win32.InstallCore).

    SHA-256: 16f8513fdb17993fc6f283a3ea9a02f6ea204988cbb1b3aa50b6fada24ce491e

    Still I am not convinced its malware so I've flagged the scan result as invalid to resolve the likely false positive.
     
  7. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Ok, thank you for your reply. :thumb:
     
  8. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
  9. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    According to Emsisoft website, they say that Emsisoft detects more threats than Hitman Pro. But how can that be true, seeing Hitman Pro uses Emsisoft?

    http://www.emsisoft.com/en/software/download/

    Notice the comparison chart at the bottom.
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Marketing of course, although EAM does have more components than HMP cloud version. You should check out the new MRG 2011 Flash Tests.
     
  11. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Link please?
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The digital signature on this file is invalid

    OK, we get this question a lot (see other posts in the thread). I will explain why eraser.exe is marked as Suspicious.

    DigitalSignature.png

    The author (or publisher) of Eraser has digitally signed its binaries using Code Signing.

    Code Signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.

    In other words: the signature confirms that it has not been modified since the signature!

    File infecting viruses (like Virut, Sality, etc.) add a copy of themselves into a file. Files that are digitally signed no longer match their digital signature when they are infected.

    Common sense: You should not trust software that has been modified.

    More information on Code Signing can be found here:
    http://en.wikipedia.org/wiki/Code_signing

    You can verify the findings of Hitman Pro by right-clicking on the Eraser.exe file and request its Properties.

    DigitalSignature2.png

    Hitman Pro does NOT mark files with an invalid signature as Malware. Instead it marks them as Suspicious. Its up to the end user to decide what to do with files that were meant to be used unmodified.

    If you don't want this Suspicious file to appear in the scan results, choose Mark this file as safe from the drop down arrow at the end of each row.

    Hope this helps.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
  14. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    Re: The digital signature on this file is invalid

    Thank you. I deleted and removed Eraser.exe
     
  15. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    That's why I gave you a link. The Google cached copy works fine.
     
  17. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    is there a way to Make Hitman Pro Load from USB Flash

    as a Live disk for highly infected system
    it will be an amazing feature

    just to scan even if it's from a dos command ??
     
  18. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    So how can emsisoft go from number#1 position to #8 in 12 months? Seems dodgy.

    And why isn't Hitman Pro in the test seeing it was in 2010?
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    The AV-market is developing endlessly.
     
  20. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Zemana Anti-Malware is a re-branded version of HMP with the same code, but different GUI.

    I'm sure it was there before, don't know why not in the cached copy.
     
  21. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I could be wrong but I believe HMP just scans what is in active memory while Emsi offers a more comprehensive on demand scan. I'm not sure if the Emsi figures refer only to an on demand test or not. So it's possible that the figures include real time and url blocking that HMP does not include.
     
  22. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    while you are right that EMSI AM does offer a more comprehensive scan, HMP does scan more than just what is in active memory.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    They also execute the samples in MRG Flash test, so if EAM doesn't detect it, the behaviour blocker might come in action.
     
  24. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Build 130 2011-09-28

    Improved detection of RDP Worm Morto.
    Improved detection of Sinowall/Mebroot.
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Got it!
    Thanks for the heads up.
    Thanks, Erik! :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.