Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman
    Offline

    erikloman Developer

    I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.
  2. Mops21
    Offline

    Mops21 Registered Member


    Okay thank you very much for your Info about it check the Cloud for my Files and live me an ansäet for this
  3. Scott W
    Offline

    Scott W Registered Member

    Hi erik,

    I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

    Scott
  4. Blues7
    Offline

    Blues7 Registered Member

    I had it come up during a default scan a few days back, Scott, and reported it here as well as via the program. It hasn't come up since, however.
  5. Function
    Offline

    Function Registered Member

    http://i.imgur.com/iqOli.png

    http://i.imgur.com/mY39Y.png

    mbam.sys is a part of MalwareBytes Anti Malware

    brnfilelock.sys is a part of Blueridge Appguard

    SbieDrv.sys is a part of Sandboxie

    nvlddmkm.sys is a part of Nvidia


    The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

    WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

    I think its showing a few false positives for me.

    I am using Rollback RX so I assume that the Master Boot Record is to do with that.

    I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

    Currently going though all of my Snapshots to remove the emulation files to ensure its not a fault of Rollback RX.
  6. erikloman
    Offline

    erikloman Developer

    Switch into Compatible Disk Access (under Settings -> Advanced).

    Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

    Hope this helps.
  7. Function
    Offline

    Function Registered Member

    Switch to Compatible Disk Access. Did the scan, nothing came up. All clean with this scan.

    So should I always use Hitman Pro with Compatible Disk Access from now on?

    Also I can't seem to find anyway to check for updates? Does it just automatically happen?
  8. erikloman
    Offline

    erikloman Developer

    Yes. For as long as you use Rollback RX.
    HitmanPro is a behavioral scanner (local) and a cloud scanner (remote). The AV scanning is done remotely in cloud where the AVs are always up to date.

    If there is a program update then HitmanPro will update automatically.

    So you don't have to do anything. Just run it regularly or set a scan schedule under Settings -> Scan.

    Hope this helps.
  9. jmonge
    Offline

    jmonge Registered Member

    :thumb: :thumb:i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it :)and destroy it:)thanks for making this wonderfull program is a very cool program to have always scaning in the system
  10. kardokristal
    Offline

    kardokristal Developer

    :thumb: :thumb: :thumb:
  11. erikloman
    Offline

    erikloman Developer

    HitmanPro 3.6 Build 153 Released

    Changelog
    • ADDED: Behavioral scan now detects spoofed memory mapped file names.
    • FIXED: Solved a time zone issue when validating the license.
    • IMPROVED: Several minor user interface issues.
    • UPDATED: Internal white lists.
  12. ams963
    Offline

    ams963 Registered Member

    updating automatically right now :thumb:......
  13. erikloman
    Offline

    erikloman Developer

    Volume Boot Record / VBR rootkits

    HitmanPro 3.6 Build 154 BETA

    Changelog
    • ADDED: Detection and removal of Volume Boot Record / VBR bootkits.
    • ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.

    An hour ago we've released build 153 to address time zone issues related to license activation. The problem was introduced in build 152, which is now fixed.

    We now also release BETA build 154 (it has been in our source control system for a while now) which is dedicated to detecting and removing Volume Boot Record / VBR bootkits like Cidox, Mayachok, Rovnix, etc. These bootkits run on both 32-bit and 64-bit systems and work much like MBR bootkits.

    First reports on VBR bootkits date back to July 2011:
    http://news.drweb.com/?i=1772&c=23&lng=en&p=2
    http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr

    You can now use HitmanPro to cleanup these VBR infections.

    Cidox.png

    BETA
    32-bit http://dl.surfright.nl/HitmanPro36beta.exe
    64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe
  14. ams963
    Offline

    ams963 Registered Member

    updated to build 153....running smoothly here :thumb:........
  15. gerardwil
    Offline

    gerardwil Registered Member

    ....and 154 as well:)
  16. Page42
    Offline

    Page42 Registered Member

    Excellent! Installed on 2 machines & scans run.
    Thank you for the constant improvements.
    You are making your tool indispensable, Erik.
    And I'm very much looking forward to having Volume Boot Record/VBR bootkits detection capability in Build 154. :thumb:
  17. RSpanky
    Offline

    RSpanky Registered Member

    Updated 153 and running great, AS ALWAYS :cool:
  18. carat
    Offline

    carat Guest

    Build 153 detects AVG as suspicous :doubt:
  19. erikloman
    Offline

    erikloman Developer

    What AVG suite are you using.
  20. carat
    Offline

    carat Guest

    AVG IS 2012 :)
  21. erikloman
    Offline

    erikloman Developer

    Problem found. Re-release of build 153 published.

    Note: The automatic updater will update only once in 2 hours. If you want to force the update you can download manually or you can delete the registry value LastCFU under HKLM\Software\HitmanPro.

    Sorry for the inconvenience.
  22. Tarnak
    Offline

    Tarnak Registered Member

  23. G1111
    Offline

    G1111 Registered Member

    Beta running smoothly here.
  24. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

  25. Adric
    Offline

    Adric Registered Member

    Does the automatic updater update the hmpsched.exe and hmpshext.dll files now, when applicable?

    If I recall correctly, previously only the hitmanpro.exe got updated and the others did not. At the time my system was left with an old hmpsched.exe after an auto-update.

    The reason I ask is that HMP was auto updated on my XP and Vista systems and one file has a different md5sum and file date.

    Vista
    "V:\Program Files\HitmanPro\hmpshext.dll" 3/03/2012 13:03 114504
    2b3900667481ea3aecb5be6bd7809c18 *hmpshext.dll
    XP
    "C:\Program Files\HitmanPro\hmpshext.dll" 12/29/2011 1:00 114504
    603e9bf284b3408165578f5366ea5737 *hmpshext.dll

    Edit: Upon further investigation, I am seeing that hmpsched is not working correctly on Vista. It seems to be working correctly for XP, but in Vista, it will start scanning on every boot or logon even if set to daily. I also got an error report from Vista saying that the scheduler was no longer functioning. I can send the support files if needed. I will check this on Win7 the next chance I get.
    Last edited: Apr 23, 2012