Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.
     
  2. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,123

    Okay thank you very much for your Info about it check the Cloud for my Files and live me an ansäet for this
     
  3. Scott W

    Scott W Registered Member

    Joined:
    Sep 21, 2008
    Posts:
    440
    Location:
    USA
    Hi erik,

    I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

    Scott
     
  4. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    I had it come up during a default scan a few days back, Scott, and reported it here as well as via the program. It hasn't come up since, however.
     
  5. Function

    Function Registered Member

    Joined:
    Feb 5, 2012
    Posts:
    76
    Location:
    UK
    http://i.imgur.com/iqOli.png

    http://i.imgur.com/mY39Y.png

    mbam.sys is a part of MalwareBytes Anti Malware

    brnfilelock.sys is a part of Blueridge Appguard

    SbieDrv.sys is a part of Sandboxie

    nvlddmkm.sys is a part of Nvidia


    The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

    WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

    I think its showing a few false positives for me.

    I am using Rollback RX so I assume that the Master Boot Record is to do with that.

    I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

    Currently going though all of my Snapshots to remove the emulation files to ensure its not a fault of Rollback RX.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    Switch into Compatible Disk Access (under Settings -> Advanced).

    Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

    Hope this helps.
     
  7. Function

    Function Registered Member

    Joined:
    Feb 5, 2012
    Posts:
    76
    Location:
    UK
    Switch to Compatible Disk Access. Did the scan, nothing came up. All clean with this scan.

    So should I always use Hitman Pro with Compatible Disk Access from now on?

    Also I can't seem to find anyway to check for updates? Does it just automatically happen?
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    Yes. For as long as you use Rollback RX.
    HitmanPro is a behavioral scanner (local) and a cloud scanner (remote). The AV scanning is done remotely in cloud where the AVs are always up to date.

    If there is a program update then HitmanPro will update automatically.

    So you don't have to do anything. Just run it regularly or set a scan schedule under Settings -> Scan.

    Hope this helps.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,873
    Location:
    Canada
    :thumb: :thumb:i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it :)and destroy it:)thanks for making this wonderfull program is a very cool program to have always scaning in the system
     
  10. kardokristal

    kardokristal Developer

    Joined:
    Jan 6, 2012
    Posts:
    979
    Location:
    Estonia
    :thumb: :thumb: :thumb:
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.6 Build 153 Released

    Changelog
    • ADDED: Behavioral scan now detects spoofed memory mapped file names.
    • FIXED: Solved a time zone issue when validating the license.
    • IMPROVED: Several minor user interface issues.
    • UPDATED: Internal white lists.
     
  12. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,952
    Location:
    Parallel Universe
    updating automatically right now :thumb:......
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    Volume Boot Record / VBR rootkits

    HitmanPro 3.6 Build 154 BETA

    Changelog
    • ADDED: Detection and removal of Volume Boot Record / VBR bootkits.
    • ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.

    An hour ago we've released build 153 to address time zone issues related to license activation. The problem was introduced in build 152, which is now fixed.

    We now also release BETA build 154 (it has been in our source control system for a while now) which is dedicated to detecting and removing Volume Boot Record / VBR bootkits like Cidox, Mayachok, Rovnix, etc. These bootkits run on both 32-bit and 64-bit systems and work much like MBR bootkits.

    First reports on VBR bootkits date back to July 2011:
    http://news.drweb.com/?i=1772&c=23&lng=en&p=2
    http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr

    You can now use HitmanPro to cleanup these VBR infections.

    Cidox.png

    BETA
    32-bit http://dl.surfright.nl/HitmanPro36beta.exe
    64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe
     
  14. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,952
    Location:
    Parallel Universe
    updated to build 153....running smoothly here :thumb:........
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,713
    Location:
    NL
    ....and 154 as well:)
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,672
    Location:
    Last Breath Farm
    Excellent! Installed on 2 machines & scans run.
    Thank you for the constant improvements.
    You are making your tool indispensable, Erik.
    And I'm very much looking forward to having Volume Boot Record/VBR bootkits detection capability in Build 154. :thumb:
     
  17. RSpanky

    RSpanky Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    220
    Location:
    Arizona, USA
    Updated 153 and running great, AS ALWAYS :cool:
     
  18. carat

    carat Guest

    Build 153 detects AVG as suspicous :doubt:
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    What AVG suite are you using.
     
  20. carat

    carat Guest

    AVG IS 2012 :)
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    2,410
    Location:
    Hengelo, The Netherlands
    Problem found. Re-release of build 153 published.

    Note: The automatic updater will update only once in 2 hours. If you want to force the update you can download manually or you can delete the registry value LastCFU under HKLM\Software\HitmanPro.

    Sorry for the inconvenience.
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,444
  23. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,035
    Location:
    USA
    Beta running smoothly here.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,444
    Location:
    Outer space
  25. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    687
    Does the automatic updater update the hmpsched.exe and hmpshext.dll files now, when applicable?

    If I recall correctly, previously only the hitmanpro.exe got updated and the others did not. At the time my system was left with an old hmpsched.exe after an auto-update.

    The reason I ask is that HMP was auto updated on my XP and Vista systems and one file has a different md5sum and file date.

    Vista
    "V:\Program Files\HitmanPro\hmpshext.dll" 3/03/2012 13:03 114504
    2b3900667481ea3aecb5be6bd7809c18 *hmpshext.dll
    XP
    "C:\Program Files\HitmanPro\hmpshext.dll" 12/29/2011 1:00 114504
    603e9bf284b3408165578f5366ea5737 *hmpshext.dll

    Edit: Upon further investigation, I am seeing that hmpsched is not working correctly on Vista. It seems to be working correctly for XP, but in Vista, it will start scanning on every boot or logon even if set to daily. I also got an error report from Vista saying that the scheduler was no longer functioning. I can send the support files if needed. I will check this on Win7 the next chance I get.
     
    Last edited: Apr 23, 2012