Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. LegioXGemina
    Offline

    LegioXGemina Registered Member

    I did a rescan and the problem was solved. Thanks!
    The registry keys previously reported as malware by HitmanPro were referred to the "Toolbar Whitelist" installed by GData Antivirus 2012?
    Thanks again for your technical assistance!
  2. Mops21
    Offline

    Mops21 Registered Member


    Have you the Files from me
  3. erikloman
    Offline

    erikloman Developer

    I have them. I will have a look at them shortly. Thanks!
  4. Mops21
    Offline

    Mops21 Registered Member

    Okay thank you very much for it.

    Can you post your result of the Files, please
  5. Empath
    Offline

    Empath Registered Member

    I got it working. I used an image to return everything back to pre-renew status. Then, in frozen mode of TimeFreeze, I re-activated. Everything worked, so I exited frozen mode while preserving changes made.

    Next time, I'll know to wait until it's ready to expire. It now says it'll expire a year from yesterday. I still had time on my previous license 'till the 11th of next month. I lost almost a month of paid use. That could be a situation worth addressing in future licensing.
  6. erikloman
    Offline

    erikloman Developer

    I just confirmed that the cloud does not accept your mentioned files. I will have a look why the cloud is rejecting these. I assume because they are incomplete (just ~700 bytes each). But then I expect a different error.
  7. Mops21
    Offline

    Mops21 Registered Member


    Okay thank you very much for your Info about it check the Cloud for my Files and live me an ansäet for this
  8. Scott W
    Offline

    Scott W Registered Member

    Hi erik,

    I just ran the current version in Compatible Disk Access Mode (per your advice to Rollback Rx users - so as not to be falsely alerted to a Bootkit) and Hitman reports snapshot.exe as suspicious. This is Drive Snapshot, which is totally trusted software!

    Scott
  9. Blues7
    Offline

    Blues7 Registered Member

    I had it come up during a default scan a few days back, Scott, and reported it here as well as via the program. It hasn't come up since, however.
  10. Function
    Offline

    Function Registered Member

    http://i.imgur.com/iqOli.png

    http://i.imgur.com/mY39Y.png

    mbam.sys is a part of MalwareBytes Anti Malware

    brnfilelock.sys is a part of Blueridge Appguard

    SbieDrv.sys is a part of Sandboxie

    nvlddmkm.sys is a part of Nvidia


    The rest are all emulation software, they are run games. I forgot I even had them so I deleted them.

    WinKawaks.exe was a emulator. I have deleted it before with Hitmanpro, the file is now gone but after the rootboot the scan always says its there.

    I think its showing a few false positives for me.

    I am using Rollback RX so I assume that the Master Boot Record is to do with that.

    I am wondering if this is a problem between Hitman and Rollback RX snapshot system.

    Currently going though all of my Snapshots to remove the emulation files to ensure its not a fault of Rollback RX.
  11. erikloman
    Offline

    erikloman Developer

    Switch into Compatible Disk Access (under Settings -> Advanced).

    Rollback RX is NOT compatible with HitmanPro's Direct Disk Access because Rollback RX is hiding files from the operating system (= rootkit-like behavior).

    Hope this helps.
  12. Function
    Offline

    Function Registered Member

    Switch to Compatible Disk Access. Did the scan, nothing came up. All clean with this scan.

    So should I always use Hitman Pro with Compatible Disk Access from now on?

    Also I can't seem to find anyway to check for updates? Does it just automatically happen?
  13. erikloman
    Offline

    erikloman Developer

    Yes. For as long as you use Rollback RX.
    HitmanPro is a behavioral scanner (local) and a cloud scanner (remote). The AV scanning is done remotely in cloud where the AVs are always up to date.

    If there is a program update then HitmanPro will update automatically.

    So you don't have to do anything. Just run it regularly or set a scan schedule under Settings -> Scan.

    Hope this helps.
  14. jmonge
    Offline

    jmonge Registered Member

    :thumb: :thumb:i am just running webroot with hitmanpro only this 2 and i feel alot faster now and secure if webroot missed some thing hitmanpro will nail it :)and destroy it:)thanks for making this wonderfull program is a very cool program to have always scaning in the system
  15. kardokristal
    Offline

    kardokristal Developer

    :thumb: :thumb: :thumb:
  16. erikloman
    Offline

    erikloman Developer

    HitmanPro 3.6 Build 153 Released

    Changelog
    • ADDED: Behavioral scan now detects spoofed memory mapped file names.
    • FIXED: Solved a time zone issue when validating the license.
    • IMPROVED: Several minor user interface issues.
    • UPDATED: Internal white lists.
  17. ams963
    Online

    ams963 Registered Member

    updating automatically right now :thumb:......
  18. erikloman
    Offline

    erikloman Developer

    Volume Boot Record / VBR rootkits

    HitmanPro 3.6 Build 154 BETA

    Changelog
    • ADDED: Detection and removal of Volume Boot Record / VBR bootkits.
    • ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.

    An hour ago we've released build 153 to address time zone issues related to license activation. The problem was introduced in build 152, which is now fixed.

    We now also release BETA build 154 (it has been in our source control system for a while now) which is dedicated to detecting and removing Volume Boot Record / VBR bootkits like Cidox, Mayachok, Rovnix, etc. These bootkits run on both 32-bit and 64-bit systems and work much like MBR bootkits.

    First reports on VBR bootkits date back to July 2011:
    http://news.drweb.com/?i=1772&c=23&lng=en&p=2
    http://blog.eset.com/2011/08/23/hasta-la-vista-bootkit-exploiting-the-vbr

    You can now use HitmanPro to cleanup these VBR infections.

    Cidox.png

    BETA
    32-bit http://dl.surfright.nl/HitmanPro36beta.exe
    64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe
  19. ams963
    Online

    ams963 Registered Member

    updated to build 153....running smoothly here :thumb:........
  20. gerardwil
    Offline

    gerardwil Registered Member

    ....and 154 as well:)
  21. Page42
    Offline

    Page42 Registered Member

    Excellent! Installed on 2 machines & scans run.
    Thank you for the constant improvements.
    You are making your tool indispensable, Erik.
    And I'm very much looking forward to having Volume Boot Record/VBR bootkits detection capability in Build 154. :thumb:
  22. RSpanky
    Offline

    RSpanky Registered Member

    Updated 153 and running great, AS ALWAYS :cool:
  23. carat
    Offline

    carat Guest

    Build 153 detects AVG as suspicous :doubt:
  24. erikloman
    Offline

    erikloman Developer

    What AVG suite are you using.
  25. carat
    Offline

    carat Guest

    AVG IS 2012 :)