Hitman Pro - Legit or FP?

Discussion in 'other anti-virus software' started by whitedragon551, May 24, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    Hitman Pro detected 3 files in my %appdata%\Local folder. The 3 files in question are:

    winvista.exe
    win2008.exe
    win7.exe

    All of them were flagged by the PrevX counterpart as Medium Risk Malware. Any ideas? I think they are clean and have something to do with the compatibility mode.
     

    Attached Files:

  2. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I had few today as well, Hitman showed only Prevx detected those files, they were all FP's for sure.
    I guess new king of FP's is in town :)
     
  3. progress

    progress Guest

    That's why I uninstalled Hitman Pro a few weeks ago ... :oops:
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    This isnt a thread about Hitmans FP rate. This is a thread about weather or not those 3 detections are legit or not?
     
  5. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,541
    Location:
    Kolkata, India
    Would you please tell us the Checksums.
     
  6. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Or perhaps send the files to their viruslab - report@prevxresearch.com with a screenshot asking for confirmation may help.
     
  7. PC__Gamer

    PC__Gamer Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    526
    those have got 'infected' written all over them,

    i dont think any of the windows versions have those filenames anywhere, yet to have 3 versions of windows showing in your local directory, suspicious no?
     
  8. Umm yeah, those look like malware to me. How big are they? If they were e.g. apps for creating WinPE disks for the relevant OSes they'd probably be a few hundred megabytes each.
     
  9. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    Sizes are attached for each. If they are infections Avira, Avast, Panda Cloud, A-Squared, Immunet Protect, and Clam AV-Immunet have all missed them.

    On VirusTotal and Jottie scan results are as follows:

    Win7.exe Jotti 1/19, VT 5/41
    Win2008.exe Jotti 1/19, VT 5/41
    WinVista.exe Jotti 1/19, VT 6/41

    On Jotti F-Prot was the only one to detect out of the 19 scanners. On VT it was PrevX, F-Prot, Antiy-AVL, and Authentium. The last scan with VT McAfee picked up WinVista.exe
     

    Attached Files:

    Last edited: May 25, 2010
  10. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    why would you uninstall hitman pro when prevx flagged those .exe`s as malware? o_O
     
  11. progress

    progress Guest

    Because I got a lot of FP - most of the time .tmp files :D I think they should remove Prevx :rolleyes: But let's get back to topic ...
     
  12. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    BTW can you please let me know about these files? From where you got these malicious files? And if you are very much sure that these files are not suspicious, then could please upload these so called malicious files on rapidshare for me? I hope it won't be any problem..
     
  13. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Info for win7.exe they have specified the MD5 compare with that of yours:)


    Info regarding win2008.exe
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    Ive already deleted them, but what about the winvista.exe?
     
  15. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Same as win2008.exe its an activation crack
     
  16. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    Weird. I got my copy of Win7 x64 Pro through MSDNAA from college. Regardless they are gone.
     
  17. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Dragon,

    Can you please let me know from where you got these files?
     
  18. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    I have no clue. This is a legit install from MSDNAA which supplies a unique key to each person who has an academic software account. My install is 100% legit.
     
  19. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Are you sure? I mean have you received those files from MSDNAA server or somebody else forwarded those files to you?
     
  20. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    I have no idea how they got there. If they are cracks or patches for the OS I didnt put them there. I have a legit Windows install.
     
  21. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,713
    Location:
    NL
    Found this info in Oasis (online Armor's database): http://www.tallemu.com/oasis2/

    My 2 cts (there is more info about win7.exe)

    Gerard
     
  22. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    11,211
    Location:
    Ontario, Canada
    Last edited: May 26, 2010
  23. pbust

    pbust AV Expert

    Joined:
    Apr 29, 2009
    Posts:
    1,173
    Location:
    Spain
    Can you post hashes for these files?

    Just the filenames don't mean anything.
     
  24. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,116
    Location:
    USA
    Dont have hashes or MD5's. They got deleted. I can restore a Paragon image to VM if you want them that badly.
     
  25. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    It would be better if you can submit the files to Pedro or to another vendors, so that they can analyse it properly.
     
Thread Status:
Not open for further replies.