HitMan Pro Software--where can I complain??

Hi Margaret,

This morning we sent you an email with a manual on how to create a bootable cd-rom with remote support function. With it, we can offer you assistance as if we a are at your location to investigate and solve the problem.
Let me know if and when you would be available for this.

Thanks!
Best regards,
Mark

 

Yes, I think that is safest. I could download all my stuff. I have lots of "little" utility programs or write them down, anyway. ( I know nothing about a register.) and 3rd party add-ons for photoshop, plus some other photoshop files and photoshop 3rd party files too. The reason I truly don't want to go back to original state is, wouldn't it have all the Dell Preloaded try-outs, etc, and one of antivirus suites (McAffe or Norton) that I would have to remove again ?? and then put on the one I have paid for and use. UUggh...that is days of work..

Oh, well...I have had good luck with this Dell. Think I had to use remote help only once..

 

Am really going to back up now. Think I downloaded a trial Acronis True Image. I need to consolidate some stuff on this laptop, and go through and delete files I don't need now--clean it up.

 

I haven't even gone to Thunderbird yet--didn't think anything important would be there.
Let me look at what you sent me this morning. I really prefer Flash drives, but they might be too small, and I do need to go and get some new disks. Wondering what to get. C/Ds or DVDs and those "rewritable" or whatever. Never burned a CD. Especially on this Aspire--don't think it is big enough to call a laptop, but don't know "proper name"..

I need to eat a little lunch and read your email, get items needed, etc. I do like the Linux idea
because after I try it, I might try to use it plus Windows. I noticed in all of them they had Firefox and Thunderbird...which I have used many years. But also the remote thing sounds good too.
I have just been stressed out for so long, I need to go with the SIMPLEST route for me to do. I need to be out of this stress. Only have a week till go to Dr. and see if he thinks I need to get on blood pressure meds because BP way too high for me this last 6 weeks.. The computer has been a huge frustration, but I have had other things happen also.

Later......

 

See how their live disk goes. But for burning, you'll want DVDs.

I use Infrarecorder to burn disk http://infrarecorder.org/?page_id=5

Here's a video on howto:
http://dai-videotutes.blogspot.com/2007/07/ifrarecorder-burning-iso.html

Funfact too, some mainboards nowadays are starting to come with Linux built into them to boot from, for cases like this. MSI for instance is doing it now.

They make USB external hard drives. I'm looking for one myself actually for backups. So that might be an option for you.

 

I assume I can download Infrarecorder from the site above..then look at video.

What is MSI ?? I don't know much. But I think I explained my issue with ADOBE CLOUD...I tell you I am ready to be flexible and learn.. Computer disasters can cause the person to really learn some STUFF..!!

Oh. I have 2 USB portable dives (Seagate) with 1 T on each, so I should have plenty of space to keep stuff. The aren't fast/made for an external hard drive, but I did read that they where the USB external hard drives were "coming"....

 

Yep. Lot of people use that to burn linux DVDs too, so it should work great.

MSI is a brand that makes mainboards and laptops. They don't make full blown desktops that I know of though. Other brands though will probably start including some form of Linux though to boot from. Probably help people one day that go through similar things where they can't boot into Windows for whatever reason.

 

https://app.box.com/s/41gkhvz264y6uttbt1xr

After at least a week's work, and hacking my own computer with Linux, I coped all the files I found in Hitman Pro, plus copied the log that "it" happened on by itself. It is just a windows .txt file--easy to read.....

Oh, btw, the email you sent me wasn't where Thunderbird receives files, so I couldn't open it. I sent a reply and told you back, but haven't seen another email with the file attached.

If you want to look at everything, then click on the box link above.

Margaret Pyron

 

I'm going to post the HitmanPro log so everyone can see what it deleted:

I don't get why it removed all that. Anyone here have any ideas? I think it's just a false positive, but man, the damage it did!

I sent Margaret a .zip with the missing files, hopefully that'll get the computer up and running.

 

^ My guess (but I could be wrong) a User Error

Why Scan Mode was EWS (Early warning Scoring) and instead of pressing "Report this is safe" the user pressed Delete or Quarantine.

My EWS scan also sees many files coming (especially after a Windows Update) but I don't press Delete, but "Report this is safe"

And under Advanced Setting in HitmanPro it says "a trained eye is required to filter out suspicious files" and "I am an expert, show EWS in the drop down for the Next button"

But let's wait for the reaction from the guys from HitmanPro.

Here an example of my Scan.

 

Pending delete files were marked for deletion and are gone now, right (Maybe HMP works in mysterious ways and it isn't the case)? If so I was quite right on what I guessed even though Mark said that it wasn't possible

Code:

C:\Windows\system32\DRIVERS\usbccgp.sys -> PendingDelete
C:\Windows\system32\drivers\usbehci.sys -> PendingDelete
C:\Windows\system32\DRIVERS\usbhub.sys -> PendingDelete
C:\Windows\system32\drivers\usbohci.sys -> PendingDelete
C:\Windows\system32\drivers\usbuhci.sys -> PendingDelete

 

That could be in a normal scan, but this was a EWS scan !.

Let's wait what the guys from HitmanPro have to say about this.

 

His wording suggests that it would never be the case be it an ews scan or a normal scan but again as you said we wait and see.

 

Even for it being an EWS scan, to delete the USB files to the point of not being able to restore it is pretty serious damage (however it happened)- cause even though Margaret quarantined there's obviously no means to easily restore them if you can't use the keyboard/mouse.

But yeah, see what they say.

 

Agree 100% but that's why EWS is for people who know what to do. In a Normal Scan, these files even wouldn't show (if they are not infected).

I wonder who activated that EWS setting under Advanced on her PC. My last scan (after the Win 8.1.1.1.1.1.1 update ) gave me about 4x files under EWS scan, my arm is still hurting from the "Report this file is safe" click

 

I always use the EWS scan mode at every startup and havent experienced any issues. But i do have to say that i check every file before i do anything.

 

Under any scan it shouldn't offer the option to delete system files!

 

It's normally safe to delete system files that are protected by Windows File Protection (WFP).

I still suggest that we wait for the guys who made HitmanPro to see what they say and why in this particular case WFP protected files could be deleted and are not restored.

Ps: I already send Erik an Email and let him know that the log files have been posted.
PsPs: My guess is that a boot from a Win DVD and the issue of a SFC /scannow command would have restored those missing System Files and made the PC usable again.

Edit: // Added Ps:

Ps: I guess it will take a while before they (HitmanPro) respond as I just saw that it's a special Holiday in the Netherlands the so called "Kings Day"

 

It's indeed "Kings Day" here in the Netherlands but I have some time to take a look at the data.
The user has enabled the Early Warning Scoring (EWS) feature, which is for security experts only. People that use this had to go to Settings > Advanced and then enable it below the following warning description:

Security experts can enable Early Warning Scoring (EWS) to list unknown files based on their threat severity score. EWS will reveal unknown zero-day malware and APTs, but a trained eye is required to filter out suspicious but benign files.​

Beneath it, there is the checkbox to enable this feature, which says:

[ ] I am an expert, show Early Warning Scoring (EWS) in the drop down for the Next button​

When HitmanPro comes up with unknown files, the default action is Ignore. The user manually changed the default action on these items to Delete, which caused the loss of USB connectivity.

If the files were not deleted but quarantined, the removed files can be recovered following this guide:
http://www.surfright.nl/en/support/recovery#quarantine

Since the removed files are protected by Windows Resource Protection (WRP), formerly known as Windows File Protection (WFP), HitmanPro would have restored safe version of these files. Found safe versions are checked with a whitelist of known safe versions. Since the removed files are not in the whitelist (if they were, they would not have been shown on-screen), HitmanPro will have looked for and recovered a previous version of these files -- this would mean that the USB related files should still be on the machine but the previous known (safe) versions are apparently no longer compatible due to updates of other files < but this is just a guess (which I am investigating).

Update: The log file of the user did not show any malware (Threats: 0), the Scan Results on screen would say: No threats found. In addition, there is no option to Delete an unknown file protected by WRP, only Replace and Quarantine - default is Ignore. If the user would opt to delete it anyway it will be replaced with a known safe version, even when Quarantined:




Fact remains: The Advanced tab is for, well, advanced users. In special cases our support team can instruct a normal user to enable features there but then they also receive clear instructions what to do and what not to do. Normal users should not enable Early Warning Scoring (EWS) when they are not a security expert with a trained eye to investigate the forensic information HitmanPro returns to filter out benign files. This warning is there for a reason and should not be ignored. And even when ignored, manual actions would be required to instigate potential damage.

 

Did you mention, you had used the EWS function ? While i sympathize with your predicament, it would appear you have gone out of your way, to delete benign files, that were never flagged as malicious. I feel that what has happened is your own fault.
I have just scanned with the EWS enabled, I have absolutely no idea why certain files appear on the scan results, further more I cannot even find a delete option.
This is because i am not an expert,.
Thanks for publishing the scan results, so this mystery could be solved

 

Am I the only who reads al the signs of "bogus post"?

Are we (at Wilders Security) so much a tribe of nerds that we collectively come to save Margaret Pyron who puts again and again another problem or deviation in face of the saving hero.

MARGARET IS LOOKING FOR A PLACE TO COMPLAIN, NOT FOR A SOLUTION

She must be laughing out loud, because she (he?) is so honest to mention this clearly in the thread title.

 

I tend to agree with you but not 100%, reason being that any Software can contain bugs, so that's why the call for the log files because we didn't exactly know what the h*ll was causing this.

But what I hate most about all of this, is that HitmanPro gets a bad name on the internet because of this and in the end it wasn't their fault but simply a user who didn't knew what he/she was doing.

"Got a lot of red warning lights, but choose to ignore them and finally crashed"

 

There are many users out there like Margaret - unfortunately! Seems most of us have enough problems w/o someone creating more for us on purpose.

 

"I think I downloaded...". Usually this kind of phrasing should set of alarm bells.
People who cannot accurately distinguish what they download, are either noobs or trolls. Simple.
Bold text and different font sizes also spell doom and disaster. Either the user is a noob and c/p's text all over the place and ends up with bold text and all kinds of fonts. Or something else is at play.
A serious need for attention, somewhat benign or just straight-out trollish.
When you cannot even be sure what you download, when you download, one should really not dabble with software functions, that are, as explicitly stated, for experts only.
Any mayhem, real or not, is self-induced.

 

Years of usenet have taught me the post style used when people are trolling.

Why else do you think I put this reply so early in the thread, but to alert the wary?