Hitman Pro Support and Discussion Thread

[Page42]

Quote:

Originally Posted by erikloman

The lines in red explain why. Whitelisted.

FWIW, stdvcl32.dll is still appearing in the default scan.

[TomAZ]

Can someone explain the "Private Cloud" at the bottom of the Proxy Tab in the new version 164? If checked, is it used in place of the standard cloud -- or in addition to the standard cloud? Also, what is supposed to go in the box directly to the right of the check box?

[markloman]

Quote:

Originally Posted by TomAZ

Can someone explain the "Private Cloud" at the bottom of the Proxy Tab in the new version 164? If checked, is it used in place of the standard cloud -- or in addition to the standard cloud? Also, what is supposed to go in the box directly to the right of the check box?

Ssst! Hush hush It's a secret feature. Do not enter any data in the input field and leave the box unchecked. We'll reveal more about it later...

[Page42]

Quote:

Originally Posted by erikloman

You can upload suspicious or EWS items to VirusTotal. When a key is entered the VT-upload feature becomes available at the end of each row in the scan result view. Its a third-opinion.

This feature does not appear to be working for me on my XP box.
I entered my API key from VT and ran HMP 3.6.1 build 164 .
It once again flagged stdvcl32.dll (that was supposed to be whitelisted the other day), and although VirusTotal did appear as an option, when I clicked on it, nothing happened, and then HMP closed.

[TomAZ]

Quote:

Originally Posted by Page42

I entered my API key from VT and ran HMP 3.6.1 build 164 .
and although VirusTotal did appear as an option, when I clicked on it, nothing happened, and then HMP closed.

I've had this problem with VirusTotal as well on my XP machine. I've entered my API key too, but nothing happens.

[Page42]

I don't know if the problem exists also on W7 since I don't have that file on that box.
Maybe I should move it over there and test W7 too.

[TomAZ]

Quote:

Originally Posted by Page42

I don't know if the problem exists also on W7 since I don't have that file on that box.
Maybe I should move it over there and test W7 too.

My problem has not been specifically with that file, but rather in trying to use VT from within HMP on any file that has been flagged. It just doesn't seem to work for me.

[Page42]

Quote:

Originally Posted by TomAZ

My problem has not been specifically with that file, but rather in trying to use VT from within HMP on any file that has been flagged. It just doesn't seem to work for me.

I gotcha.
The only reason I mention that file is because it's the only one being flagged for me on two machines, so it's the only chance I've had to use the VT feature.

[Page42]

Quote:

Originally Posted by Page42

I don't know if the problem exists also on W7 since I don't have that file on that box.
Maybe I should move it over there and test W7 too.

I copied the same file to the Windows\System32 folder on my W7 machine and ran a scan.
HMP flagged it and the VT API key thing worked fine (the VT page opened).
So it looks like perhaps this is only happening on XP, SP3.

[TomAZ]

Quote:

Originally Posted by Page42

So it looks like perhaps this is only happening on XP, SP3.

That's exactly what I'm using -- XP SP3

[erikloman]

Quote:

Originally Posted by Page42

This feature does not appear to be working for me on my XP box.
I entered my API key from VT and ran HMP 3.6.1 build 164 .
It once again flagged stdvcl32.dll (that was supposed to be whitelisted the other day), and although VirusTotal did appear as an option, when I clicked on it, nothing happened, and then HMP closed.

I've white listed it (it wasn't, thought I did ).

You saw HitmanPro close after clicking on VT ? Sounds like an issue. Can you reproduce is several times?

[Page42]

Quote:

Originally Posted by erikloman

I've white listed it (it wasn't, thought I did ).

You saw HitmanPro close after clicking on VT ? Sounds like an issue. Can you reproduce is several times?

I reproduced it about 2-3 times last night before I posted about it.
I would be happy to try to reproduce it some more times as you have requested, but now that you have whitelisted that stdvcl32.dll file, nothing turns up on the scan anymore! What now? My machines are too clean. Maybe remove stdvcl32.dll from the whitelist?

[G1111]

Just updated to build 164.

[desert_by_night]

Hi everybody
Another great test of Force Breach.

-http://www.youtube.com/user/Britec09-

[volvic]

Does anyone know of any promotions / discount coupon for hitman pro. Thanks. (PS Pls pm me too if poss)

[Mops21]

Hi Eric

Can you whiteliste the files

SHA256: b2302e61453bf32cfb5e886a13eb8780c6837c0b22e41b7750278f38e523ec8a
SHA1: 698a2d9f00ef2320d36e23774629b088a1388ae5
MD5: ff9578aad7acd2df58082bf5046f1b28
File size: 10.6 MB ( 11111424 bytes )
File name: ieframe.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:51:19 UTC ( 1 Minute ago )

SHA256: cde65b1225216feb00cacd7e26bb3cecc9b9d71d8b272665660e80cbb83d1e41
SHA1: 8d4bcd23af079c85936ecf7e868e61e335cdaca4
MD5: c0b2de7cdb7cbd4b99c89444bccb34a7
File size: 378.5 KB ( 387584 bytes )
File name: iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:53:36 UTC ( 0 Minuten ago )

SHA256: ed2bbd925758a5b23461ea8dfb845e0f34973c4c336634f507f1bf5e952b8ec4
SHA1: 7755917939b8efd9614b48a1bc9f4a171141d578
MD5: 09b57458e671a236ae528763c7cc3a08
File size: 170.0 KB ( 174080 bytes )
File name: ie4uinit.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:55:20 UTC ( 0 Minuten ago )

[Page42]

Quote:

Originally Posted by Page42

This feature does not appear to be working for me on my XP box.
I entered my API key from VT and ran HMP 3.6.1 build 164 .
It once again flagged stdvcl32.dll (that was supposed to be whitelisted the other day), and although VirusTotal did appear as an option, when I clicked on it, nothing happened, and then HMP closed.

Quote:

Originally Posted by erikloman

I've white listed it (it wasn't, thought I did ).

You saw HitmanPro close after clicking on VT ? Sounds like an issue. Can you reproduce is several times?

Quote:

Originally Posted by Page42

I reproduced it about 2-3 times last night before I posted about it.
I would be happy to try to reproduce it some more times as you have requested, but now that you have whitelisted that stdvcl32.dll file, nothing turns up on the scan anymore! What now? My machines are too clean. Maybe remove stdvcl32.dll from the whitelist?

I'm still happy to test but need something to test it with.

[Adric]

I believe this is a false positive also...

[Mops21]

Quote:

Originally Posted by Mops21

Hi Eric

Can you whiteliste the files

SHA256: b2302e61453bf32cfb5e886a13eb8780c6837c0b22e41b7750278f38e523ec8a
SHA1: 698a2d9f00ef2320d36e23774629b088a1388ae5
MD5: ff9578aad7acd2df58082bf5046f1b28
File size: 10.6 MB ( 11111424 bytes )
File name: ieframe.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:51:19 UTC ( 1 Minute ago )

SHA256: cde65b1225216feb00cacd7e26bb3cecc9b9d71d8b272665660e80cbb83d1e41
SHA1: 8d4bcd23af079c85936ecf7e868e61e335cdaca4
MD5: c0b2de7cdb7cbd4b99c89444bccb34a7
File size: 378.5 KB ( 387584 bytes )
File name: iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:53:36 UTC ( 0 Minuten ago )

SHA256: ed2bbd925758a5b23461ea8dfb845e0f34973c4c336634f507f1bf5e952b8ec4
SHA1: 7755917939b8efd9614b48a1bc9f4a171141d578
MD5: 09b57458e671a236ae528763c7cc3a08
File size: 170.0 KB ( 174080 bytes )
File name: ie4uinit.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:55:20 UTC ( 0 Minuten ago )

Hi Eric

Any infos about it

[Mops21]

Quote:

Originally Posted by Mops21

Hi Eric

Can you whiteliste the files

SHA256: b2302e61453bf32cfb5e886a13eb8780c6837c0b22e41b7750278f38e523ec8a
SHA1: 698a2d9f00ef2320d36e23774629b088a1388ae5
MD5: ff9578aad7acd2df58082bf5046f1b28
File size: 10.6 MB ( 11111424 bytes )
File name: ieframe.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:51:19 UTC ( 1 Minute ago )

SHA256: cde65b1225216feb00cacd7e26bb3cecc9b9d71d8b272665660e80cbb83d1e41
SHA1: 8d4bcd23af079c85936ecf7e868e61e335cdaca4
MD5: c0b2de7cdb7cbd4b99c89444bccb34a7
File size: 378.5 KB ( 387584 bytes )
File name: iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:53:36 UTC ( 0 Minuten ago )

SHA256: ed2bbd925758a5b23461ea8dfb845e0f34973c4c336634f507f1bf5e952b8ec4
SHA1: 7755917939b8efd9614b48a1bc9f4a171141d578
MD5: 09b57458e671a236ae528763c7cc3a08
File size: 170.0 KB ( 174080 bytes )
File name: ie4uinit.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:55:20 UTC ( 0 Minuten ago )

Hi Eric

Any infos about it

[erikloman]

Quote:

Originally Posted by Mops21

Hi Eric

Any infos about it

EWS is showing files that got recently deployed/updated. This way you can find malware that was recently deployed. But you should ONLY run EWS when you are an expert AND suspect malware infection. If you don't suspect infection, don't run with EWS.

The above files belong to Internet Explorer and are most likely recently updated. If you choose More Information at the end of each row you'll see why they are listed.

Hope this helps.

[Adric]

Erik

RegfromApp gets flagged during a normal scan. I don't understand why so many AV products have problems with stuff that comes from Nirsoft. a-squared is one such product.

Al

[Adric]

deleted

[erikloman]

Quote:

Originally Posted by Adric

Erik

RegfromApp gets flagged during a normal scan. I don't understand why so many AV products have problems with stuff that comes from Nirsoft. a-squared is one such product.

Al

Google SafeBrowsing has a problem with it as well.

Every software publisher that treats itself seriously should digitally sign its publications.

I've white listed the file.

[jmonge]

very true