Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Mops21
    Offline

    Mops21 Registered Member

    Hi

    Can you whitelisted the File please

    Scan with virscan.org

    Dateiname : KiesPDLR.exe
    Größe : 843704 byte
    Typ : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
    MD5 : a7be74971ffd1d6f791361c292a82588
    SHA1 : 45f82503057a0bd4dc2c45cfc3bac1f77d8686ba

    Thank you very much

    Attached Files:

  2. mrtnptrs
    Offline

    mrtnptrs Registered Member

    I'm using Windows 7 ultimate 32-bit edition.
  3. erikloman
    Offline

    erikloman Developer

    HitmanPro 3.7 Build 180 BETA

    The past few days we've been very busy fixing the various problems introduced in the initial release of 3.7.
    So this beta release is mostly fixing these problems:

    Changelog
    • FIXED: On some systems a scan froze the computer.
    • FIXED: On some systems a scan never finished while classifying kept hovering around 99%.
    • FIXED: Creating Kickstart USB flash drive under XP failed most of the time causing unusable Kickstart USB flash drive. This problem did not occur under Windows 7 or 8.
    • FIXED: Windows showed a weird error dialog on Kickstart dialog on systems with floppy drive.
    • FIXED: Shell Integration was not working.
    • FIXED: Scheduler was not working.
    • IMPROVED: Removal of rootkit Necurs under 64-bit Windows.
      See also: http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
    • IMPROVED: Messaging to the user while creating Kickstart USB flash drive. Now showing an error dialog when creation of the Kickstart USB flash drive has failed.
    • IMPROVED: Various minor improvements.

    32-bit http://dl.surfright.nl/HitmanProBeta.exe
    64-bit http://dl.surfright.nl/HitmanProBeta_x64.exe

    Please let me know how this version runs on your system. People that have been experiencing the freeze of the system or the lingering scan should see that this has been fixed. Thanks! :thumb:
    Last edited: Dec 7, 2012
  4. Tarnak
    Offline

    Tarnak Registered Member

    Just ran a scan with the new beta...OK

    Code:
    HitmanPro 3.7.0.180
    www.hitmanpro.com
    
       Computer name . . . . : XXXYYY
       Windows . . . . . . . : 5.1.3.2600.X86/4
       User name . . . . . . : <MY NAME>
       License . . . . . . . : Paid (1088 days left)
    
       Scan date . . . . . . : 2012-12-08 06:51:18
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 11m 54s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 1
    
       Objects scanned . . . : 2,003,869
       Files scanned . . . . : 44,376
       Remnants scanned  . . : 1,415,710 files / 543,783 keys
    
    Suspicious files ____________________________________________________________
    
       C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP228\A0298852.exe
          Size . . . . . . . : 161,112 bytes
          Age  . . . . . . . : 2.6 days (2012-12-05 16:21:23)
          Entropy  . . . . . : 5.8
          SHA-256  . . . . . : 504DD7DD32F350EDFA6C36277F1A77F04AD64E3DFB72F2058210B59E05EFE6D5
          Product  . . . . . : CPUEater Application
          Publisher  . . . . : Bitsum Technologies
          Description  . . . : CPUEater Application
          Version  . . . . . : 6.0.0.91
          Copyright  . . . . : Copyright (C) 2010-2012 Bitsum Technologies
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 22.0
             Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
             Time indicates that the file appeared recently on this computer.
    
    
    
    
  5. Brian_12
    Offline

    Brian_12 Guest

  6. erikloman
    Offline

    erikloman Developer

    White listed it. Weird that you keep having these modified files causing broken signatures.
  7. Tarnak
    Offline

    Tarnak Registered Member

    I don't know about it being weird, but v6.0.0.91 was installed months ago, and now I am running v6.1.0.96. ;)
  8. erikloman
    Offline

    erikloman Developer

    Hi Brian,

    Thank you, looks great!

    Ransomware is very prevalent and removal of Ransomware is very hard and several variants are blocking Safe Mode as well.

    With HitmanPro.Kickstart removing should be a piece of cake.

    Most other solution require you to boot in a separate Linux environment where you have to run various commands to remediate. Starting in a Linux environment comes with issues like missing drivers (especially when you have special hardware like RAID cards). Or do you still remember your Wi-Fi password? You need Internet access to get Linux updated with latest virus signatures.

    HitmanPro.Kickstart just runs your existing ransomed Windows environment. Your Windows already has access to the latest drivers and access to your Wi-Fi access point.

    Running in the ransomed enviroment has another big benefit: it tells you which processes are running full screen, blocking access to the desktop. This tells HitmanPro which files belong to the ransomware, without signatures.

    Thanks again for including HitmanPro.Kickstart in your removal guide!
    Erik
  9. G1111
    Offline

    G1111 Registered Member

    Just ran 3.7 180 Beta. No problems so far.
  10. Gandalf_The_Grey
    Offline

    Gandalf_The_Grey Registered Member

    No problems anymore with buid 180 beta :thumb:
  11. Brian_12
    Offline

    Brian_12 Guest

    Hi Erik,

    I got an email today from a reader who is having problems with kickstart:

  12. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    Both with 3.7 official and new beta version I can't boot into Windows with Kickstart. After pressing 1 for the MBR bypass, the Loading Windows text appears but the moving colors don't appear then the HDD light just stays dark, the PC doesn't seem to do anything.(Win7 x64)
  13. erikloman
    Offline

    erikloman Developer

    Have you tried pressing 2?
  14. nothereforlong
    Offline

    nothereforlong Registered Member

  15. erikloman
    Offline

    erikloman Developer

    While dual boot is supported, using multiple hard drives, each with its own operating system, usually won't work. This is because the Kickstart solution needs the first disk to be the booting disk. Which disk is the first disk, is decided by the BIOS and usually can not be configured o_O

    This message is not caused while creating the rescue USB stick, but is likely caused while booting Kickstart USB stick. This setting somehow got persisted to hard drive which should not have happened as the Kickstart solution does not touch any hard drive and only makes changes in-memory while booting Windows.

    I think because your Windows stalled at the booting screen is cause of the setting to be persisted by Windows. I will see if we can reproduce this.
  16. erikloman
    Offline

    erikloman Developer

    Interesting. Sending you a PM.
  17. erikloman
    Offline

    erikloman Developer

    Did you see the following screen where you had to press 1 or 2?

    Boot.png

    If you see the above screen then you have successfully booted from the USB flash drive.

    If Windows is not able to recognize the USB stick then Kickstart cannot start the HitmanPro application. Sometime Windows fails to recognize a USB stick, this is unrelated to HitmanPro.Kickstart. If you boot without Kickstart, does Windows recognize the stick on that PC (do you still get the unrecognized hardware message)? If so, try a different USB stick. Some USB sticks are better than others.

    Also make sure you create the stick using HitmanPro 3.7.0 build 180 (still beta, see above). There is a bug in Windows XP that puts garbage on the MBR. Windows 7 doesn't have this bug. So if you've created the stick on Windows 7 then this is not an issue.
  18. BoerenkoolMetWorst
    Offline

    BoerenkoolMetWorst Registered Member

    PM replied :)
  19. Tarnak
    Offline

    Tarnak Registered Member

    Different snapshot...definite hang.

    ScreenShot_HMP_v3.7.0. Build 180_hang_01.jpg

    ScreenShot_HMP_v3.7.0. Build 180_hang_02.jpg
  20. TaiPan
    Offline

    TaiPan Registered Member

    Today I get on start of my full licensed version an irritating note.

    "Your license is possibly a fake"

    The "Fix Now" button has no effect.

    http://250kb.de/u/121210/j/cGFF1bFK7Xco.jpg

    Are there other users that also concerns this issue?

    Thanks in advance for your replies.
  21. erikloman
    Offline

    erikloman Developer

    This means that the binary has changed by an external source (the digital signature is no longer valid). Re-downloading the binary will fix the problem. I will have a look at why the Fix Now button is not working.
  22. TaiPan
    Offline

    TaiPan Registered Member

    Thank you, Erik.

    I'll try that, coming back soon with feedback. :)
  23. TaiPan
    Offline

    TaiPan Registered Member

    After reinstall the old binary and new install version 3.7.0.179 no more problems occured with the licence.

    Thanks again for your quickly response, Erik. :thumb:
  24. gerardwil
    Offline

    gerardwil Registered Member

    just auto-updated tot 181 :)
  25. Johnfornow
    Offline

    Johnfornow Registered Member

    No, I'm running Win7-32bits and had several total freezes.
    Nasty problem, I uninstalled the program.:'(

    update
    I just happily installed update 3.7 180 Beta but it made my pc crash again.
    Mouse cursor can still be moved, HitmanPro clock keeps running, but systray clock freezes.
    No scan progress however, it stalls again at 99%
    It's not possible to make a screenshot either, no response whatsoever.
    Last edited: Dec 10, 2012