Hitman Pro - Legit or FP?

Hitman Pro detected 3 files in my %appdata%\Local folder. The 3 files in question are:

winvista.exe
win2008.exe
win7.exe

All of them were flagged by the PrevX counterpart as Medium Risk Malware. Any ideas? I think they are clean and have something to do with the compatibility mode.

 

I had few today as well, Hitman showed only Prevx detected those files, they were all FP's for sure.
I guess new king of FP's is in town

 

That's why I uninstalled Hitman Pro a few weeks ago ...

 

This isnt a thread about Hitmans FP rate. This is a thread about weather or not those 3 detections are legit or not?

 

Would you please tell us the Checksums.

 

Or perhaps send the files to their viruslab - report@prevxresearch.com with a screenshot asking for confirmation may help.

 

those have got 'infected' written all over them,

i dont think any of the windows versions have those filenames anywhere, yet to have 3 versions of windows showing in your local directory, suspicious no?

 

Umm yeah, those look like malware to me. How big are they? If they were e.g. apps for creating WinPE disks for the relevant OSes they'd probably be a few hundred megabytes each.

 

Sizes are attached for each. If they are infections Avira, Avast, Panda Cloud, A-Squared, Immunet Protect, and Clam AV-Immunet have all missed them.

On VirusTotal and Jottie scan results are as follows:

Win7.exe Jotti 1/19, VT 5/41
Win2008.exe Jotti 1/19, VT 5/41
WinVista.exe Jotti 1/19, VT 6/41

On Jotti F-Prot was the only one to detect out of the 19 scanners. On VT it was PrevX, F-Prot, Antiy-AVL, and Authentium. The last scan with VT McAfee picked up WinVista.exe

 

why would you uninstall hitman pro when prevx flagged those .exe`s as malware?

 

Because I got a lot of FP - most of the time .tmp files I think they should remove Prevx But let's get back to topic ...

 

BTW can you please let me know about these files? From where you got these malicious files? And if you are very much sure that these files are not suspicious, then could please upload these so called malicious files on rapidshare for me? I hope it won't be any problem..

 

Info for win7.exe they have specified the MD5 compare with that of yours


Info regarding win2008.exe

 

Ive already deleted them, but what about the winvista.exe?

 

Same as win2008.exe its an activation crack

 

Weird. I got my copy of Win7 x64 Pro through MSDNAA from college. Regardless they are gone.

 

Dragon,

Can you please let me know from where you got these files?

 

I have no clue. This is a legit install from MSDNAA which supplies a unique key to each person who has an academic software account. My install is 100% legit.

 

Are you sure? I mean have you received those files from MSDNAA server or somebody else forwarded those files to you?

 

I have no idea how they got there. If they are cracks or patches for the OS I didnt put them there. I have a legit Windows install.

 

Found this info in Oasis (online Armor's database): http://www.tallemu.com/oasis2/

My 2 cts (there is more info about win7.exe)

Gerard

 

HMP does not use the full Prevx 3 engine and there database is not uptodate as fast as Prevx Database is! If you want to test download the free version of Prevx and run a scan! http://info.prevx.com/downloadcsi.asp And if Prevx detects them send and scan log and files as stated in this post: https://www.wilderssecurity.com/showthread.php?t=245129

HTH,

TH

 

Can you post hashes for these files?

Just the filenames don't mean anything.

 

Dont have hashes or MD5's. They got deleted. I can restore a Paragon image to VM if you want them that badly.

 

It would be better if you can submit the files to Pedro or to another vendors, so that they can analyse it properly.