Hitman Pro - Legit or FP?

Discussion in 'other anti-virus software' started by whitedragon551, May 24, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551
    Offline

    whitedragon551 Registered Member

    Hitman Pro detected 3 files in my %appdata%\Local folder. The 3 files in question are:

    winvista.exe
    win2008.exe
    win7.exe

    All of them were flagged by the PrevX counterpart as Medium Risk Malware. Any ideas? I think they are clean and have something to do with the compatibility mode.

    Attached Files:

  2. pabrate
    Offline

    pabrate Registered Member

    I had few today as well, Hitman showed only Prevx detected those files, they were all FP's for sure.
    I guess new king of FP's is in town :)
  3. progress
    Offline

    progress Guest

    That's why I uninstalled Hitman Pro a few weeks ago ... :oops:
  4. whitedragon551
    Offline

    whitedragon551 Registered Member

    This isnt a thread about Hitmans FP rate. This is a thread about weather or not those 3 detections are legit or not?
  5. sg09
    Offline

    sg09 Registered Member

    Would you please tell us the Checksums.
  6. dawgg
    Offline

    dawgg Registered Member

    Or perhaps send the files to their viruslab - report@prevxresearch.com with a screenshot asking for confirmation may help.
  7. PC__Gamer
    Offline

    PC__Gamer Registered Member

    those have got 'infected' written all over them,

    i dont think any of the windows versions have those filenames anywhere, yet to have 3 versions of windows showing in your local directory, suspicious no?
  8. Gullible Jones
    Offline

    Gullible Jones Guest

    Umm yeah, those look like malware to me. How big are they? If they were e.g. apps for creating WinPE disks for the relevant OSes they'd probably be a few hundred megabytes each.
  9. whitedragon551
    Offline

    whitedragon551 Registered Member

    Sizes are attached for each. If they are infections Avira, Avast, Panda Cloud, A-Squared, Immunet Protect, and Clam AV-Immunet have all missed them.

    On VirusTotal and Jottie scan results are as follows:

    Win7.exe Jotti 1/19, VT 5/41
    Win2008.exe Jotti 1/19, VT 5/41
    WinVista.exe Jotti 1/19, VT 6/41

    On Jotti F-Prot was the only one to detect out of the 19 scanners. On VT it was PrevX, F-Prot, Antiy-AVL, and Authentium. The last scan with VT McAfee picked up WinVista.exe

    Attached Files:

    Last edited: May 25, 2010
  10. tipo
    Offline

    tipo Registered Member

    why would you uninstall hitman pro when prevx flagged those .exe`s as malware? o_O
  11. progress
    Offline

    progress Guest

    Because I got a lot of FP - most of the time .tmp files :D I think they should remove Prevx :rolleyes: But let's get back to topic ...
  12. AvinashR
    Offline

    AvinashR Registered Member

    BTW can you please let me know about these files? From where you got these malicious files? And if you are very much sure that these files are not suspicious, then could please upload these so called malicious files on rapidshare for me? I hope it won't be any problem..
  13. icr
    Offline

    icr Registered Member

    Info for win7.exe they have specified the MD5 compare with that of yours:)


    Info regarding win2008.exe
  14. whitedragon551
    Offline

    whitedragon551 Registered Member

    Ive already deleted them, but what about the winvista.exe?
  15. icr
    Offline

    icr Registered Member

    Same as win2008.exe its an activation crack
  16. whitedragon551
    Offline

    whitedragon551 Registered Member

    Weird. I got my copy of Win7 x64 Pro through MSDNAA from college. Regardless they are gone.
  17. AvinashR
    Offline

    AvinashR Registered Member

    Dragon,

    Can you please let me know from where you got these files?
  18. whitedragon551
    Offline

    whitedragon551 Registered Member

    I have no clue. This is a legit install from MSDNAA which supplies a unique key to each person who has an academic software account. My install is 100% legit.
  19. AvinashR
    Offline

    AvinashR Registered Member

    Are you sure? I mean have you received those files from MSDNAA server or somebody else forwarded those files to you?
  20. whitedragon551
    Offline

    whitedragon551 Registered Member

    I have no idea how they got there. If they are cracks or patches for the OS I didnt put them there. I have a legit Windows install.
  21. gerardwil
    Offline

    gerardwil Registered Member

    Found this info in Oasis (online Armor's database): http://www.tallemu.com/oasis2/

    My 2 cts (there is more info about win7.exe)

    Gerard
  22. Triple Helix
    Offline

    Triple Helix Webroot Product Advisor

    Last edited: May 26, 2010
  23. pbust
    Offline

    pbust AV Expert

    Can you post hashes for these files?

    Just the filenames don't mean anything.
  24. whitedragon551
    Offline

    whitedragon551 Registered Member

    Dont have hashes or MD5's. They got deleted. I can restore a Paragon image to VM if you want them that badly.
  25. AvinashR
    Offline

    AvinashR Registered Member

    It would be better if you can submit the files to Pedro or to another vendors, so that they can analyse it properly.
Thread Status:
Not open for further replies.