Hitman Pro Support and Discussion Thread

I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.

 

Okay thank you very much for your Info about it check the Cloud for my Files and live me an ansäet for this

 

Hi erik,

I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

Scott

 

I had it come up during a default scan a few days back, Scott, and reported it here as well as via the program. It hasn't come up since, however.

 

http://i.imgur.com/iqOli.png

http://i.imgur.com/mY39Y.png

mbam.sys is a part of MalwareBytes Anti Malware

brnfilelock.sys is a part of Blueridge Appguard

SbieDrv.sys is a part of Sandboxie

nvlddmkm.sys is a part of Nvidia


The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

I think its showing a few false positives for me.

I am using Rollback RX so I assume that the Master Boot Record is to do with that.

I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

Currently going though all of my Snapshots to remove the emulation files to ensure its not a fault of Rollback RX.

 

Switch into Compatible Disk Access (under Settings -> Advanced).

Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

Hope this helps.

 

Switch to Compatible Disk Access. Did the scan, nothing came up. All clean with this scan.

So should I always use Hitman Pro with Compatible Disk Access from now on?

Also I can't seem to find anyway to check for updates? Does it just automatically happen?

 

Yes. For as long as you use Rollback RX.

HitmanPro is a behavioral scanner (local) and a cloud scanner (remote). The AV scanning is done remotely in cloud where the AVs are always up to date.

If there is a program update then HitmanPro will update automatically.

So you don't have to do anything. Just run it regularly or set a scan schedule under Settings -> Scan.

Hope this helps.

 

i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it and destroy itthanks for making this wonderfull program is a very cool program to have always scaning in the system

 

HitmanPro 3.6 Build 153 Released

Changelog

• ADDED: Behavioral scan now detects spoofed memory mapped file names.
• FIXED: Solved a time zone issue when validating the license.
• IMPROVED: Several minor user interface issues.
• UPDATED: Internal white lists.

 

updating automatically right now ......

 

Volume Boot Record / VBR rootkits

HitmanPro 3.6 Build 154 BETA

Changelog

• ADDED: Detection and removal of Volume Boot Record / VBR bootkits.
• ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.

An hour ago we've released build 153 to address time zone issues related to license activation. The problem was introduced in build 152, which is now fixed.

We now also release BETA build 154 (it has been in our source control system for a while now) which is dedicated to detecting and removing Volume Boot Record / VBR bootkits like Cidox, Mayachok, Rovnix, etc. These bootkits run on both 32-bit and 64-bit systems and work much like MBR bootkits.

First reports on VBR bootkits date back to July 2011:
http://news.drweb.com/?i=1772&c=23&lng=en&p=2
http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr

You can now use HitmanPro to cleanup these VBR infections.



BETA
32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

 

updated to build 153....running smoothly here ........

 

....and 154 as well

 

Excellent! Installed on 2 machines & scans run.
Thank you for the constant improvements.
You are making your tool indispensable, Erik.
And I'm very much looking forward to having Volume Boot Record/VBR bootkits detection capability in Build 154.

 

Updated 153 and running great, AS ALWAYS

 

Build 153 detects AVG as suspicous

 

What AVG suite are you using.

 

AVG IS 2012

 

Problem found. Re-release of build 153 published.

Note: The automatic updater will update only once in 2 hours. If you want to force the update you can download manually or you can delete the registry value LastCFU under HKLM\Software\HitmanPro.

Sorry for the inconvenience.

 

One after the other...no problems.





P.S. cf. > https://www.wilderssecurity.com/showpost.php?p=2038927&postcount=4197

 

Beta running smoothly here.

 

Same here

 

Does the automatic updater update the hmpsched.exe and hmpshext.dll files now, when applicable?

If I recall correctly, previously only the hitmanpro.exe got updated and the others did not. At the time my system was left with an old hmpsched.exe after an auto-update.

The reason I ask is that HMP was auto updated on my XP and Vista systems and one file has a different md5sum and file date.

Vista
"V:\Program Files\HitmanPro\hmpshext.dll" 3/03/2012 13:03 114504
2b3900667481ea3aecb5be6bd7809c18 *hmpshext.dll
XP
"C:\Program Files\HitmanPro\hmpshext.dll" 12/29/2011 1:00 114504
603e9bf284b3408165578f5366ea5737 *hmpshext.dll

Edit: Upon further investigation, I am seeing that hmpsched is not working correctly on Vista. It seems to be working correctly for XP, but in Vista, it will start scanning on every boot or logon even if set to daily. I also got an error report from Vista saying that the scheduler was no longer functioning. I can send the support files if needed. I will check this on Win7 the next chance I get.