Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman
    Offline

    erikloman Developer

    The scanning speed is indeed below par with the 3.6 beta's. We have been investigating the cause of this and I can report that we have found the culprit and the next build of 3.6 will be just as quick and 3.5!

    The next build will be out before the weekend.
  2. erikloman
    Offline

    erikloman Developer

    I solved the FP.
  3. erikloman
    Offline

    erikloman Developer

    Adding an icon to the context menu requires a Shell Extension dll. So its not so easy to do. We'll take it into consideration though.
  4. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    Re: HitmanPro 3.6 Build 134 - Beta 2

    Hi Erik,
    You haven't responded yet:
    I don't really need the context menu icon as it's located near the top of the list so it's easy to find anyway, but if you do decide to add an Shell extension DLL, please make sure it supports ASLR :)


    There is a little close button in the upper-right corner within the white window ;)
  5. erikloman
    Offline

    erikloman Developer

    Re: HitmanPro 3.6 Build 134 - Beta 2

    We'll take it into consideration.

    We've fixed this. 3.6 will not check for an update when it is performing a right-click scan. Thanks for pointing out the problem.
  6. ams963
    Offline

    ams963 Registered Member

    thx for the consideration :thumb:.....
  7. erikloman
    Offline

    erikloman Developer

    As said by BoerenkoolMetWorst there is a tiny [x] at the top of the panel.

    In build 135 (not yet released) we've enlarged the [X] and disabled the Next and Close button:
    Untitled.png

    Hope this helps.
  8. m00nbl00d
    Offline

    m00nbl00d Registered Member

    Thank you. :thumb:

    Thank you both. :thumb: When I ran HitmanPro I only had a couple hours of sleep, so... for sure I would miss as many tiny [x]s as there would be. :D
  9. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    Re: HitmanPro 3.6 Build 134 - Beta 2

    Nice, thanks :)
  10. MerleOne
    Offline

    MerleOne Registered Member

    Hi,

    I have 2 questions about hitman pro.

    I recently bought a license but have not activated it yet. When I chose to do so, the 1 Yr license will be running from activation date or from purchase date ? If it is activation date, have I to activate it within a certain delay ?

    Second question : I use a small app (an autohotkey-based one) from DonationCoder.com, named lowtosleep.exe. It allows me to stop my PC hibernating again after being awaken from hibernation.

    Hitman pro insists on finding it's a Trojan, and won't even let me report it as safe. How do I solve this false positive issue (I am 100% sure it is).

    LowtoSleep.exe can be found at http://www.donationcoder.com/Software/Skrommel/index.html#LowToSleep

    Thanks for your help.
  11. mrpink
    Offline

    mrpink Registered Member

    What version do you use? Latest beta does not detect it, in my system at least :)
  12. MerleOne
    Offline

    MerleOne Registered Member

    I have to check (using another PC right now). I downloaded the .exe 3 days ago from the main SurfRight website. And the update command said I had the latest version.

    Edited : it's 3.5.9 build 131
  13. PieterV
    Offline

    PieterV Registered Member

    I have some issues/suggestions with Hitmanpro product.

    First of all the ignore system of files:

    -If HitmanPro finds stuff and you put it on ignore and report them as safe. I have the idea, the files won't be sent to the cloudscanner nor the HitmanPro team to examine it. If I do a second scan, I won't get a file message again.

    Upload system:

    -I have Norton 2012 Internet security installed. Everytime HitmanPro finds one certain file from Norton and uploads it to HitmanPro. After a second scan, HitmanPro doesn't upload anything.

    So far so good, you would say? Well no.

    Go to regedit, click on computer and then search for HitmanPro. You will find a Hitmanpro folder. Delete that folder.

    And start again Hitmanpro. Now you will get a message you have to accept the terms and rules from Hitmanpro. Do a scan with Hitmanpro, every issue I marked here, Hitmanpro repeats it. Also the files I ignored and the Norton files HitmanPro wants to upload it.

    The Norton file goes for months now.
  14. erikloman
    Offline

    erikloman Developer

    The hash is sent to the cloud (check with a tool like Fiddler). The cloud counts how many people have done this and decides to re-evaluate the file or whether the file should be white listed.

    Locally the hash is added to the registry so that the file isn't shown in your the results.

    See the red line above: if you delete the entry from the registry then it is listed again as the cloud still lists the file as malware (cloud did not resolve the FP).

    Do you have an SHA-256 so we can check whether the file is indeed non-malicious?

    I hope this makes sense now?
  15. m00nbl00d
    Offline

    m00nbl00d Registered Member

    I apologize if this has been asked before, but it's 153 pages. I did a little search, but didn't find anything related to it.

    Basically, I was trying to see if I could find a way to create a shortcut, or some other way I would come up with (maybe context menu), to scan specific folders, instead of right-click the folders I want to scan, considering one of these folders could be a sub-folder, and to the best of my knowledge HitmanPro doesn't scan recursively, right? It would also save a few seconds. lol

    I couldn't find a command line parameter that would allow me that. I dowloaded a pdf file from SurfRight which contains a few parameters, but none seems to be what I'm looking for.

    I don't know what you folks think of such a parameter? Some parameter like /scanfolder (and also more than one in queue? probably not, considering it would be bad for the clould. lol But, scanning a single folder (/scanfolder) would be nice)?

    What do you think? Don't be too harsh on me... :D Anyway, just something that came to mind. :D
  16. krisiune
    Offline

    krisiune Registered Member

    Hitman pro screwed up my computer. I'd really love to know how to fix it. I can't back up, go into normal mode without it going into bsod death with number 0x0000008E, can't system restore or repair. What is it I can do to fix this problem now?:mad: :thumbd:
  17. erikloman
    Offline

    erikloman Developer

    I am sorry to hear this has happened. The problem is caused by a combination of the TDL4 (or variant) rootkit and the BCD (Boot Configuration Data) of Windows.

    TDL4 infects the Master Boot Record and makes a small in-memory change to the BCD (part of the registry) so that it can load its unsigned drivers in Windows. On a very small percentage of systems this change gets somehow persisted to the disk. This persistence is not done by the rootkit so it was very hard to reproduce the root of the problem. If you run your infected system for weeks and when Windows itself needs to make some small change to the BCD then the in-memory change (made by the rootkit) gets persisted along with Windows its alteration.

    As long as TDL4 is on the system the persistence of the BCD value isn't a problem as TDL4 makes sure Windows is loaded properly. But once TDL4 is removed by HitmanPro (or several other anti-malware applications) then this BCD value is causing the mentioned BSOD during boot.

    In HitmanPro 3.6 (beta versions available in this thread) we added the repair of the BCD -before- removing the TDL4 and its many variants.

    Luckily the problem can be easily fixed. Please email me (erik@surfright.com) so that we can repair this (of course for free).

    I am very sorry for the inconvenience.
    Last edited: Dec 16, 2011
  18. erikloman
    Offline

    erikloman Developer

    HitmanPro36.exe "C:\filetoscan.exe" "C:\foldertoscan\"

    The above command line scans the specified file and specified folder.

    In 3.5 make sure you end folders with a backslash. In 3.6 (build 135 or newer) this is no longer needed as HitmanPro will find out if it is a folder.

    Is this what you needed?
  19. PieterV
    Offline

    PieterV Registered Member

    Thanks makes sense now. How do I make a Hash file from those files?

    Is it a file in the regedit? Or do I need to use a program to make them as Hash files. Well I did try that, but I can't Norton uses does files. And in Safe Mode I can't either.

    I would love to send you a PM, since I am new member here, I can' sent PM's Message system is unavailable....

    http://www.imagebam.com/image/af0f1c164790401

    In that folder there are two files:

    cltLMS1.dat
    cltLMS2.dat
    Last edited: Dec 16, 2011
  20. erikloman
    Offline

    erikloman Developer

    You can also email me erik@surfright.com.

    For the SHA-256 of the file:
    Either run Hitman Pro 3.6 Beta 2 from this post. And choose More Information from the drop down at the end of the row of the file in question.

    Or you can use this tool called HashTab.
    http://implbits.com/HashTab/HashTabWindows.aspx

    When installed, right-click on the file in Windows Explorer and go the the tab File Hashes.
  21. PieterV
    Offline

    PieterV Registered Member

    Downloaded the tool. There are no HASH info at all. Other files work great, not on these ones.

    I will try HitmanPro again, but I first have to wait for a while. The file is already in the cloud. I can't do this in a row, Hitmanpro doesn't upload anything now.

    If you want, I can send you the files by e-mail too?
  22. erikloman
    Offline

    erikloman Developer

    I think Norton protects the files from being read. If this is true then sending the files to me will not work either.

    But nonetheless, you can try sending them to me by email or use this service: www.wetransfer.com and specify my email erik@surfright.com.
  23. PieterV
    Offline

    PieterV Registered Member

  24. MerleOne
    Offline

    MerleOne Registered Member

  25. erikloman
    Offline

    erikloman Developer

    A license start upon activation date (not from purchase date).

    I am unable to reproduce your findings. Do you have a SHA-256 of the file being listed in HitmanPro?