Hitman Pro - Legit or FP?

Discussion in 'other anti-virus software' started by whitedragon551, May 24, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Hitman Pro detected 3 files in my %appdata%\Local folder. The 3 files in question are:

    winvista.exe
    win2008.exe
    win7.exe

    All of them were flagged by the PrevX counterpart as Medium Risk Malware. Any ideas? I think they are clean and have something to do with the compatibility mode.
     

    Attached Files:

  2. pabrate

    pabrate Registered Member

    I had few today as well, Hitman showed only Prevx detected those files, they were all FP's for sure.
    I guess new king of FP's is in town :)
     
  3. progress

    progress Guest

    That's why I uninstalled Hitman Pro a few weeks ago ... :oops:
     
  4. whitedragon551

    whitedragon551 Registered Member

    This isnt a thread about Hitmans FP rate. This is a thread about weather or not those 3 detections are legit or not?
     
  5. sg09

    sg09 Registered Member

    Would you please tell us the Checksums.
     
  6. dawgg

    dawgg Registered Member

    Or perhaps send the files to their viruslab - report@prevxresearch.com with a screenshot asking for confirmation may help.
     
  7. PC__Gamer

    PC__Gamer Registered Member

    those have got 'infected' written all over them,

    i dont think any of the windows versions have those filenames anywhere, yet to have 3 versions of windows showing in your local directory, suspicious no?
     
  8. Umm yeah, those look like malware to me. How big are they? If they were e.g. apps for creating WinPE disks for the relevant OSes they'd probably be a few hundred megabytes each.
     
  9. whitedragon551

    whitedragon551 Registered Member

    Sizes are attached for each. If they are infections Avira, Avast, Panda Cloud, A-Squared, Immunet Protect, and Clam AV-Immunet have all missed them.

    On VirusTotal and Jottie scan results are as follows:

    Win7.exe Jotti 1/19, VT 5/41
    Win2008.exe Jotti 1/19, VT 5/41
    WinVista.exe Jotti 1/19, VT 6/41

    On Jotti F-Prot was the only one to detect out of the 19 scanners. On VT it was PrevX, F-Prot, Antiy-AVL, and Authentium. The last scan with VT McAfee picked up WinVista.exe
     

    Attached Files:

    Last edited: May 25, 2010
  10. tipo

    tipo Registered Member

    why would you uninstall hitman pro when prevx flagged those .exe`s as malware? o_O
     
  11. progress

    progress Guest

    Because I got a lot of FP - most of the time .tmp files :D I think they should remove Prevx :rolleyes: But let's get back to topic ...
     
  12. AvinashR

    AvinashR Registered Member

    BTW can you please let me know about these files? From where you got these malicious files? And if you are very much sure that these files are not suspicious, then could please upload these so called malicious files on rapidshare for me? I hope it won't be any problem..
     
  13. icr

    icr Registered Member

    Info for win7.exe they have specified the MD5 compare with that of yours:)


    Info regarding win2008.exe
     
  14. whitedragon551

    whitedragon551 Registered Member

    Ive already deleted them, but what about the winvista.exe?
     
  15. icr

    icr Registered Member

    Same as win2008.exe its an activation crack
     
  16. whitedragon551

    whitedragon551 Registered Member

    Weird. I got my copy of Win7 x64 Pro through MSDNAA from college. Regardless they are gone.
     
  17. AvinashR

    AvinashR Registered Member

    Dragon,

    Can you please let me know from where you got these files?
     
  18. whitedragon551

    whitedragon551 Registered Member

    I have no clue. This is a legit install from MSDNAA which supplies a unique key to each person who has an academic software account. My install is 100% legit.
     
  19. AvinashR

    AvinashR Registered Member

    Are you sure? I mean have you received those files from MSDNAA server or somebody else forwarded those files to you?
     
  20. whitedragon551

    whitedragon551 Registered Member

    I have no idea how they got there. If they are cracks or patches for the OS I didnt put them there. I have a legit Windows install.
     
  21. gerardwil

    gerardwil Registered Member

    Found this info in Oasis (online Armor's database): http://www.tallemu.com/oasis2/

    My 2 cts (there is more info about win7.exe)

    Gerard
     
  22. Triple Helix

    Triple Helix Webroot Product Advisor

    Last edited: May 26, 2010
  23. pbust

    pbust AV Expert

    Can you post hashes for these files?

    Just the filenames don't mean anything.
     
  24. whitedragon551

    whitedragon551 Registered Member

    Dont have hashes or MD5's. They got deleted. I can restore a Paragon image to VM if you want them that badly.
     
  25. AvinashR

    AvinashR Registered Member

    It would be better if you can submit the files to Pedro or to another vendors, so that they can analyse it properly.
     
Thread Status:
Not open for further replies.