Hitman Pro Support and Discussion Thread

[Mops21]

Quote:

Originally Posted by erikloman

No need. We automatically get them due to auto upload.

Thank you

[erikloman]

Quote:

Originally Posted by lodore

Is there any possibility for hitman pro to add option to re enable task manager?

HitmanPro already repairs various policy settings, including the Task Manager policy (DisableTaskMgr). Are you referring to non-policy setting? We'll be more than happy to include it in the standard repair functions of HitmanPro.

[Mops21]

Hi Erik

I have another one for the withlisted

Need you the File for bcheck and for the analyse

SHA256: 31ca0250435a6df4f630765c1610afa433b421f598aca733f5f362121d3b1f17
SHA1: 650ed35900b667fba80071f33338fcfce52eb07e
MD5: 7782e143924e9688970a1df065693998
File size: 378.5 KB ( 387584 bytes )
File name: C:\Windows\System32\iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-06-14 12:56:44 UTC ( 1 Minute ago )

[lodore]

Quote:

Originally Posted by erikloman

HitmanPro already repairs various policy settings, including the Task Manager policy (DisableTaskMgr). Are you referring to non-policy setting? We'll be more than happy to include it in the standard repair functions of HitmanPro.

Im not sure how it was disabled but hitman pro repaired regedit but didnt repair task manager on a computer I fixed.

[erikloman]

Quote:

Originally Posted by Mops21

Hi Erik

I have another one for the withlisted

Need you the File for bcheck and for the analyse

SHA256: 31ca0250435a6df4f630765c1610afa433b421f598aca733f5f362121d3b1f17
SHA1: 650ed35900b667fba80071f33338fcfce52eb07e
MD5: 7782e143924e9688970a1df065693998
File size: 378.5 KB ( 387584 bytes )
File name: C:\Windows\System32\iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-06-14 12:56:44 UTC ( 1 Minute ago )

Done.

[erikloman]

Quote:

Originally Posted by lodore

Im not sure how it was disabled but hitman pro repaired regedit but didnt repair task manager on a computer I fixed.

Hmm. Maybe next time we can have a remote look? If you send me a PM then I usually can have a remote look right away.

[Mops21]

Quote:

Originally Posted by erikloman

Done.

Thank you very much

Need you the File for check and for the analyse

[lodore]

Quote:

Originally Posted by erikloman

Hmm. Maybe next time we can have a remote look? If you send me a PM then I usually can have a remote look right away.

Sure if it happerns again i can let you know.

[iammike]

All beta's running without problem on Win7 x64.

Just a feature request. I write my own programs and every time I run a scan Hitman Pro wants to upload them to the Scan Cloud. Is it possible to add an "ignore file" option, so on the next scan they are not detected anymore ?

Else, everything oke

[mrpink]

What's this?
Looks familiar lol

[mrtnptrs]

Quote:

Originally Posted by mrpink

What's this?
Looks familiar lol

I think that this is a copy of HitmanPro to earn money.
Surfright has copyright, now you can use it!

[gerardwil]

A few more EWS) :

[erikloman]

Quote:

Originally Posted by gerardwil

A few more EWS) :

EWS is not a scan you should run on regular basis.
That said, I'll whitelist these new files.

[gerardwil]

Quote:

Originally Posted by erikloman

EWS is not a scan you should run on regular basis.
That said, I'll whitelist these new files.

I know but I felt I have to let you know these

[poison]

Hi, maybe somebody can help me.. I did a scan today with Hitman Pro and got the following infection:



I have NOD32 and SUPERAntiSpyware Pro running real time along with Outpost Pro Firewall with Proactive Protection enabled and I have Malwarebytes Pro for on demand and none of those indicate I have an infection. I do have task manager replaced with Process Hacker, however, could that be the reason of the detection and it is a false positive or should I be worried?

It seems to be a registry key so I cannot get to the file to upload to Virus Total..

Thanks

[lodore]

Quote:

Originally Posted by poison

Hi, maybe somebody can help me.. I did a scan today with Hitman Pro and got the following infection:

Attachment 233399

I have NOD32 and SUPERAntiSpyware Pro running real time along with Outpost Pro Firewall with Proactive Protection enabled and I have Malwarebytes Pro for on demand and none of those indicate I have an infection. I do have task manager replaced with Process Hacker, however, could that be the reason of the detection and it is a false positive or should I be worried?

It seems to be a registry key so I cannot get to the file to upload to Virus Total..

Thanks

I have just installed process hacker and used the option to replace task manager and I get the same FP. I then ran a scan with the task manager replacement option turned off and nothing detected.

[erikloman]

Quote:

Originally Posted by lodore

I have just installed process hacker and used the option to replace task manager and I get the same FP. I then ran a scan with the task manager replacement option turned off and nothing detected.

We constantly fill the cloud with remnants. This one sneaked in. Solved the FP.

[poison]

Quote:

Originally Posted by lodore

I have just installed process hacker and used the option to replace task manager and I get the same FP. I then ran a scan with the task manager replacement option turned off and nothing detected.

Quote:

Originally Posted by erikloman

We constantly fill the cloud with remnants. This one sneaked in. Solved the FP.

Thanks!

[erikloman]

HitmanPro 3.6 Build 159 Released

Changelog

• ADDED: Windows 8 Release Preview support.
• ADDED: Detection and removal of XULRunner redirect scripts.
• ADDED: /fb command line switch to perform Force Breach.
• ADDED: HitmanPro switches the desktop to ensure visibility.
  Some Ransomware use a dedicated desktop to prevent applications from popping up.
• IMPROVED: Force Breach to kill more processes.
• IMPROVED: Force Breach now works under SYSTEM or SERVICE account.
• IMPROVED: Detection and removal of ZeroAccess/Sirefef CLSID variant.
• IMPROVED: Improved removal of MaxSS bootkit.
• IMPROVED: Improved Volume Boot Record (VBR) handling.
• FIXED: A problem where Default scheduled scan would not scan for cookies.
• FIXED: SafeBoot Minimal was not working.
• FIXED: Behavioral scoring on WOW64 uninstall keys.
• FIXED: Compatibility issue with Dataplex caching software from NVELO.
• UPDATED: Portugues language.
• UPDATED: Internal white lists.

Users are automatically updated to the new version.

We've also released a new brochure for use in corporate environments here:
http://files.surfright.nl/hmp-brochure-en.pdf

Also the command line reference has been updated to reflect this version:
http://dl.surfright.nl/hmp-command-l...erence-1_5.pdf

Both documents can also be found here:
http://www.surfright.nl/en/downloads/business

[Tarnak]

I am not sure about this after I updated... Perhaps I should report in the WSA/Prevx forum.

[erikloman]

Quote:

Originally Posted by Tarnak

I am not sure about this after I updated... Perhaps I should report in the WSA/Prevx forum.

Attachment 233425

I see a galore of threads in the HitmanPro.exe process writing in other process memory. This is NOT part of HitmanPro code so it must be malware doing this.

I addition I see HitmanPro is listing malware (red banner). The malware most likely injected itself in the HitmanPro.exe process and from there is injecting in other processes. That is what I can tell from the WSA event log.

[Tarnak]

HMP scan is only picking up the same detection that I previously, reported, and ignored - http://www.wilderssecurity.com/showp...postcount=4390

The only thing going on is the numerous writes of NVT - SocketSentinal in WSA SecureAnywhere while running a HMP scan. I just don't get it.

[erikloman]

Quote:

Originally Posted by Tarnak

HMP scan is only picking up the same detection that I previously, reported, and ignored - http://www.wilderssecurity.com/showp...postcount=4390

The only thing going on is the numerous writes of NVT - SocketSentinal in WSA SecureAnywhere while running a HMP scan. I just don't get it.

Then I don't understand the log of WSA as that states that either HitmanPro.exe is writing in other process space or SocketSentinel is writing into HitmanPro.exe process space.

[Tarnak]

As you can see just prior to upgrading HMP, I had first shutdown WSA. I found this is better because I have noted that if I don't, I get freezing of my system, caused by interaction with WSA.

The screenshot below shows the restart of WSA after the HMP upgrade.

Perhaps, I should post in both the other developers' threads, with reference to my posts, here.

[treehouse786]

Quote:

Originally Posted by Tarnak

As you can see just prior to upgrading HMP, I had first shutdown WSA. I found this is better because I have noted that if I don't, I get freezing of my system, caused by interaction with WSA.

WSA seems to affect alot legitimate programs (i had the same issue as you too) so i uninstalled WSA. it might ofer the best protection in the world but whats the point when you have to interact with it on a daily basis just to use your machine the way you want? anyway brilliant change-log eric

edit- i will giving away the 1 year WSA licence key. will send by PM to random members if my first PM gets no response.

re-edit= key given away