Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Winsock LSP issue on 64-bit

    About the Winsock LSP issue: it seems to be related to 64-bit only. Also it isn't a malware classification. It is just a repair of a part in Windows.

    Furthermore, we need to see this issue live on someone's system as we are totally unable to reproduce the issue that seems to affect a small number of users. Nevertheless we want to solve this!

    Again, please PM me if you have this issue and are willing to let me have remote look into the problem (we use TeamViewer QuickSupport).
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: Anyone tried out Hitman Pro?

    All of our cloud services are up and running. Our website though was unreachable for an hour on March 9 15:00 CET. This was due to broken ethernet port. The website is unrelated to the Hitman Pro Scan Cloud.

    In case when the Scan Cloud is down: Hitman Pro provides detection through the Suspicious indicator (yellow shield).

    When the cloud can be consulted, the Suspicious remark gets replaced by the identification of one of the partners. When the cloud is unavailable Hitman shows the Suspicious indicator.

    Also if you don't have an Internet connection, you can choose the Early Warning Scoring from dropdown menu at the Next button on the welcome screen. EWS lists more suspicious stuff, usually zero-day.

    If you do live infection tests: alway make sure you run with EWS.
     
  3. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Re: Anyone tried out Hitman Pro?

    How often is the cloud scan down?
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: Anyone tried out Hitman Pro?

    Our services are hosted by Equinix. In the last year it has been down once due to power outage in the entire city. The cloud was up but the uplinks were down. We have Peplink hardware in place to ensure that our cloud is reachable at all times over multiple ISPs. We are working on spreading our cloud over multiple countries.
     
  5. syk69

    syk69 Registered Member

    Joined:
    Feb 7, 2010
    Posts:
    183
    Re: Anyone tried out Hitman Pro?

    Good to know. But I still can't connect to the hitman pro website. Also I ran an earlier build 91 and it doesn't update to build 92 right now. I ran the scan on an infected machine using the EWS and all I got was suspicious rating no actual trojan or rootkit rating thats why I asked if the website is down if that means that also the cloud scanning services were down.
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Re: Anyone tried out Hitman Pro?

    Thanks for the response.
     
  7. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    Re: Winsock LSP issue on 64-bit


    Thank you so much for you accurate reply.
    Yes, this issue seems to be related only to Win 7 64 bit
    My Windows 7 Ultimate 32 bit is not affected and there is installed VMware Player 3.1, which I think it could be the culprit, since this issue appeared when I installed VMware Player 3.1 on Win 7 64 bit (and even after uninstalling nothing changed)
    At present I do not use TeamWeaver.
    However I'll send you a p.m if necessary.

    Once again thank you:)
     
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,405
  9. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    Re: Anyone tried out Hitman Pro?

    Thank you Saraceno:)

    http://www.teamviewer.com/download/index.aspx

    ;)


    I'm just downloading TeamViewer QuickSupport v 5.07.

    From the developer webpage It is also available, eitherway:
    Usually I do not allow even my girlfriend, my sister and my best friend to access to my computers.

    I'm used to another kind of approach when facing such issues, if erikloman would accept even via surfright quick support I'd prefer to send him a RSIT log and/or a HiJack Hunter log or whatever he would ask me.

    Since it seems that posting such logs is not allowed here

    Cheers:)
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: Anyone tried out Hitman Pro?

    I'll create a tool that you can run to identify the issue.
     
  11. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Re: Anyone tried out Hitman Pro?

    So what's the deal with HMP false positives?

    I see no indication of FPs being fixed by Surfright. If you select 'report as a false positive' all HMP does is add the detection(s) to a reg key which gets ignored on future scans. What good is that from a security standpoint?

    Al
     
  12. ternerito

    ternerito Registered Member

    Joined:
    Mar 10, 2010
    Posts:
    7
    Re: Anyone tried out Hitman Pro?

    I am an HTP customer, and I have one question. Is there a way for the x64 releases to get closer to the x86 ones? I believe the current x64 is now a couple of builds behind. thanks!
     
  13. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
  14. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    436
    Location:
    The Netherlands
    Re: Anyone tried out Hitman Pro?

    :blink: If that's true, then malware is also able to add itself to that specific registry key to avoid detection by HTP?
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: Anyone tried out Hitman Pro?

    True. If you know the encrypted format, you could.

    But the same applies to other AVs where you can exclude folders and specific files. That information must be stored somewhere. If you know HOW it is stored and know the encryption of THAT store, you could avoid detection by adding yourself.
     
  16. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Re: Anyone tried out Hitman Pro?

    That is all understandable. The point I was trying to make was that FPs are not being fixed on your Cloud because they are not being submitted for further analysis as reported by the user. You may want to be more clear about this by changing "Report as a False Positive" to "Ignore this detection for all future scans".

    Also, there is no way to undo one's decision without manually deleting the correct key in the registry.

    Al
     
    Last edited: Mar 13, 2010
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Re: Anyone tried out Hitman Pro?

    You are partial incorrect in stating "because they are not being submitted for further analysis as reported by the user".

    The file in question is rescanned more often (every 8 hours; for 2 months) and when enough users report the file as FP the file is no longer detected as malicious.

    In the very near future the reported FP will also be run through our malware analysis cloud. This is a high volume analysis system much like Anubis, ThreatExpert and Comodo Camas. Analysis results can also be requested directly from the Hitman Pro application. This is one of the features in our up coming Hitman Pro 3.6. More on this later.
     
  18. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    Re: Anyone tried out Hitman Pro?

    @ erikloman
    Hi,
    I'm sorry I'm late.
    First and foremost, thank you very much indeed for your efforts.
    I'll wait for your tool.

    In the meanwhile I discovered that VMware Player actually modifies Winsock LSP, please have a look:

    [HKLM] WinSock LSP UNKNOWN [000000000031] file: c:\program files(x86)\vmware\vmware player\vsocklib.dll [VMware Workstation] Version: 7.0.1 build-227600 - Owner: VMware, Inc.
    [HKLM] WinSock LSP UNKNOWN [000000000032] file: c:\program files(x86)\vmware\vmware player\vsocklib.dll [VMware Workstation] Version: 7.0.1 build-227600 - Owner: VMware, Inc

    (This is only a very partial log made with a tool developed by a friend of mine and which is still in alpha stage, but I think it is accurate enough- I hope this is not against the Forum Policy)

    Since VMware Player 3.1 path on Windows 7 64 bit is C:\program files(x86)\VMware\VMware Player, I suppose that:
    a) VMware Player doesn't ehr play well with Windows 7 64 bit
    b) HitMan Pro 3.5 64 bit thinks there is something wrong in Winsock2, even if it cannot know why perhaps because it has been developed to run in 64 bit OS.

    I'm not a developer. as a consequence my deductions can be wrong, even if it seems logic to me.
    I also think that if I unregister vsocklib.dll, HitMan Pro will no longer report Winsock2 as corrupted.

    Sorry for my english

    Cheers
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Re: Anyone tried out Hitman Pro?

    maybe it will defeat the purpose of this scaner but in my own opinion i think it will be nice to have real time protection in this program:)
     
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Re: Anyone tried out Hitman Pro?

    If it does I hope they make it easy to turn it off as most of use like to use it On-Demand only without another service running in the back ground! In my case I use NOD32 and Prevx 3.0 with SafeOnline and WinPatrol in real time and don't want another!

    Just My Opinion!

    TH
     
    Last edited: Mar 15, 2010
  21. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Re: Anyone tried out Hitman Pro?

    Same here.
     
  22. leofelix

    leofelix Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    175
    Location:
    Italy
    Re: Anyone tried out Hitman Pro?

    I'd prefer HitMan Pro will remain with no real time protection as well.

    Just my opinion, of course.

    ------------

    By the way.
    I have faced another (funny?) issue.
    I installed HitMan Pro in XP Mode (in my Windows 7 Ultimate ed 32 bit with VMware Player 3.1 installed: my CPU doesn't support hardware virtualization).
    I downloaded it from the developer website of course.

    do note please: I never download or run for no reason cracks/keygen or other illegal stuffs

    However for some reason according to HiTMan Pro 3.5 in XP mode I'm using a "counterfait" version.
    This is really funny, I wonder if this is a bug or another issue related to VMware Player.

    Please have a look at the screenshot

    Thank you

    ------------

    "Honi soit qui mal y pense" King Edward III:isay:
     

    Attached Files:

  23. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Re: Anyone tried out Hitman Pro?

    For me, more useful feature than real time protection would be scanning subdirectories when using rt clk context menu scan.
     
  24. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Re: Anyone tried out Hitman Pro?

    And also full system scans for paid users as Erik mention before!

    TH
     
  25. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    Re: Anyone tried out Hitman Pro?

    Hope they add it for free users too :doubt: , no need to upload suspicious files, just report them.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.