Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Turn off the Shell Extension under Settings > Scan, log-off and turn it back on. That should help. Sorry for the inconvenience. Will be addressed before we auto update 3.6 user base. Will also be solved for 3.7 user base in next build..
     
    Last edited: Dec 11, 2012
  2. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    289
    Had the same issue when using Appguard, maybe the same for you?
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.0 Build 181 Released

    Existing 3.7 user base is currently auto updated as most of the fixes relate to version 3.7.0 build 179.
    Existing 3.6 user base will be auto updated to build 182 either today or tomorrow.

    • FIXED: On some systems a scan froze the computer.
    • FIXED: On some systems a scan never finished while classifying kept hovering around 99%.
    • FIXED: Creating Kickstart USB flash drive under XP failed most of the time causing unusable Kickstart USB flash drive. This problem did not occur under Windows 7 or 8.
    • FIXED: Windows showed a weird error dialog on Kickstart dialog on systems with floppy drive.
    • FIXED: Shell Integration was not working.
    • FIXED: Scheduler was not working.
    • IMPROVED: Removal of rootkit Necurs under 64-bit Windows.
      See also: http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
    • IMPROVED: Messaging to the user while creating Kickstart USB flash drive. Now showing an error dialog when creation of the Kickstart USB flash drive has failed.
    • IMPROVED: Various minor improvements.
    • UPDATED: Swedish and Portugues languages.
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Maybe add something to delete multiple log files (shift key, clear all logs. etc.)
     
  5. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    3.7.0 Build 181 running smooth here (Widows 7 Home Premium SP1 x86).
     
  6. ALiasEX

    ALiasEX Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    240
    I think it was said that the scan at start up doesn't work in a non-admin account. Is that still the case?
     
  7. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    Shell extension is not working. Was on 3.7 branch, just auto-updated to build 181. Turned off shell extension, restarted PC, re-enabled shell extension, still not working.
     
  8. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Same thing happened to me after auto-update, so I uninstalled, and re-installed via the 181 installer and now it works.
     
  9. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    280
    Cheers DBone. That's done the job, working now. Thanks. :thumb:
     
  10. DBone

    DBone Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    1,041
    Location:
    SoCal USA
    Glad to hear it!
     
  11. Brian_12

    Brian_12 Guest

    Last edited by a moderator: Dec 12, 2012
  12. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    I ran an EWS scan and it said the latest shadow defender driver has code in its .reloc section. What does that mean?
     

    Attached Files:

  13. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    Hi Erik,
    I created my Flash drive with the latest HitmanPro Kickstart (3.7.181)
    No problems and the reboot with the Flash drive also was normal.
    Then after I choose option 1 or 2 both there is the message
    "HitmanPro.Kickstart booting" followed by a blincking cursor only.
    I tried many times but it never goes further.
    One time I waited half an hour so you have here a hangup or a loop.
    Any ideas ?
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The .reloc section used to remap addresses when a driver is not loaded at its preferred address in memory. The .reloc section is never used for code but is merely a table.

    This post explains it quite nicely:
    http://www.tech-archive.net/Archive/VB/microsoft.public.vb.winapi/2006-08/msg00187.html

    Its suspicious to put code in the .reloc section. Malware tends to use these sections to add malicious code in the .reloc section without increasing file size.

    I've white listed the PE file to prevent flagging the file as suspicious. Shadow Defender should get their PE sections in order.
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There is a HUGE diversity in BIOS, motherboards and system configurations. While we've tested a lot of configs, its impossible to test them all. As I wrote in a previous post, we've worked with computer repair shops near our office and they tested well over 100 different systems. In our cloud we see a lot of users are successfully Kickstarting their PC, but we also receive reports that some get the blinking cursor issue.

    We have the problem under investigation and its being worked on as we speak. Its a very unique product and its our first release. Please bare with us as we are investigating. An update is in the works.
     
  17. heikwith

    heikwith Registered Member

    Joined:
    Jul 29, 2002
    Posts:
    91
    Ok
    Tell me when I can send something like a logging for this hang
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    A few questions:
    1. Computer type (laptop/desktop)?
    2. Computer brand?
    3. Motherboard type number?
    4. BIOS version?
    5. How many hard drives are in the computer?
    6. How many partitions?
    7. Is the disk fitted with recovery partitions?

    You may send these via PM. Thanks :thumb:
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.0 Build 182 Released

    Changelog
    • IMPROVED: Zero-day Zbot/Citadel detection through behavioral scan.
    • IMPROVED: Zero-day Reveton/Weelsof ransomware detection through behavioral scan.
    • IMPROVED: Error handling while creating Kickstart USB flash drive.
    • IMPROVED: Auto Force Breach while booting via Kickstart.
    • FIXED: Small USB flash drives (< 1GB) threw error 112 while creating Kickstart bootable USB flash drive on XP.

    Existing 3.7 users are automatically updated.

    Existing 3.6 users will be automatically updated next week. It's a bit more work to upgrade 3.6 to 3.7 than first anticipated. Existing 3.6 users can always upgrade manually by uninstalling version 3.6 and then install 3.7. Sorry for the inconvenience.
    http://www.surfright.com/downloads
     
  20. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Using 3.7.0 Build 182 on Win7 x64

    Almost at the end during the Scan for Malware Remnants, Hitman Pro wants to upload a file to the cloud but before I can click Upload the Final Screen is already displayed with no possibility to go back and Upload the File.

    However the Threats detected is 0 and "Automatically Upload ..." is not selected
     
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Just ran a scan with v3.7.0 build 182, and still getting previously reported item, and additional items.

    Code:
    HitmanPro 3.7.0.182
    www.hitmanpro.com
    
       Computer name . . . . : XXXYYY
       Windows . . . . . . . : 5.1.2.2600.X86/4
       User name . . . . . . : <MY NAME>
       License . . . . . . . : Paid (1078 days left)
    
       Scan date . . . . . . : 2012-12-18 20:19:44
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 15m 44s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 17
    
       Objects scanned . . . : 1,969,846
       Files scanned . . . . : 47,809
       Remnants scanned  . . : 1,415,419 files / 506,618 keys
    
    Suspicious files 
    
    ____________________________________________________________
    
       C:\System Volume 
    
    Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP270\A0090543.ex
    
    e
          Size . . . . . . . : 161,112 bytes
          Age  . . . . . . . : 2.4 days (2012-12-16 10:11:04)
          Entropy  . . . . . : 5.8
          SHA-256  . . . . . : 
    
    821037CBC38DF0B5637A183A93CA05C0F6A5D365CB6124E75EC852F0AADE1574
          Product  . . . . . : CPUEater Application
          Publisher  . . . . : Bitsum Technologies
          Description  . . . : CPUEater Application
          Version  . . . . . : 6.0.0.91
          Copyright  . . . . : Copyright (C) 2010-2012 Bitsum Technologies
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 22.0
             Program is altered or corrupted since it was code signed by its 
    
    author. This is typical for malware and pirated software.
             Time indicates that the file appeared recently on this computer.
    
       C:\WINDOWS\system32\drivers\diskpt.sys
          Size . . . . . . . : 189,136 bytes
          Age  . . . . . . . : 1079.5 days (2010-01-04 07:22:23)
          Entropy  . . . . . : 7.1
          SHA-256  . . . . . : 
    
    0D47B5E917B64D040FDF8CC9D88DA9B6A71AEDC5BC6D86AF9B61068C9AD54508
          Product  . . . . . : Shadow Defender
          Publisher  . . . . : SHADOWDEFENDER.COM
          Description  . . . : Shadow Defender Filter Driver
          Version  . . . . . : 1.1.0.314
          Copyright  . . . . : Copyright(C) 2007-2009, SHADOWDEFENDER.COM. All 
    
    rights reserved.
          Service  . . . . . : diskpt
          Fuzzy  . . . . . . : 27.0
             The .reloc (relocation) section in this program contains code. This 
    
    is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, 
    
    compressed or obfuscated. This is not typical for most programs.
             Starts automatically as a service during system bootup.
             Program starts automatically without user intervention.
             The file is located in a folder that contains core operating system 
    
    files from Windows. This is not typical for most programs and is only common 
    
    to system tools, drivers and hacking utilities.
             Program contains PE structure anomalies. This is not typical for 
    
    most programs.
             The file is a device driver. Device drivers run as trusted (highly 
    
    privileged) code.
          Startup
             HKLM\SYSTEM\CurrentControlSet\Services\diskpt\
    
       C:\WINDOWS\system32\SWEEPER.EXE
          Size . . . . . . . : 167,936 bytes
          Age  . . . . . . . : 1081.2 days (2010-01-02 14:44:55)
          Entropy  . . . . . : 5.0
          SHA-256  . . . . . : 
    
    F6016D9789A18BD265AF4D3BDF4ACF8655976F73B5E80EA8C6D5093C4C76F801
          Product  . . . . . : Internet Sweeper
          Publisher  . . . . : Emery Info-Engineering <brettemery@bmesite.com>
          Version  . . . . . : 1.09.0005
          Copyright  . . . . : (C) 2004 Emery Info-Engineering
          Desktop  . . . . . : Default
          Running processes  : 3240
          Fuzzy  . . . . . . : 30.0
             The process is running top most and full screen. This is typical 
    
    for ransomware.
             Uses the Windows Registry to run each time the user logs on.
             Program starts automatically without user intervention.
             The file is in use by one or more active processes.
             The file is located in a folder that contains core operating system 
    
    files from Windows. This is not typical for most programs and is only common 
    
    to system tools, drivers and hacking utilities.
          Startup
             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Internet Sweeper
          References
             C:\Documents and Settings\<username>\Desktop\Internet Sweeper.LNK
             C:\Documents and Settings\<username>\Local Settings\Application 
    
    Data\AnVir\Tray\Sweep Now!.lnk
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Internet Sweeper.LNK
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Sweep & Logoff.LNK
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Sweep & Restart.LNK
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Sweep & Turn Off.LNK
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Sweep Now!.LNK
             C:\Documents and Settings\<username>\Start Menu\Programs\Internet 
    
    Sweeper\Uninstall.LNK
             
    
    HKU\S-1-5-21-1417001333-2049760794-725345543-1003\Software\Microsoft\Windows
    
    \ShellNoRoam\MUICache\C:\WINDOWS\system32\SWEEPER.EXE
    
    
    
    
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.0 Build 183 Released

    Today's release addresses the blinking cursor problem that some users are experiencing when booting their computer with Kickstart.

    If you were having problems booting with Kickstart, you'd might want to try this version. Just re-create the Kickstart USB flash drive.

    During USB boot you will see that the version number was changed from 1.0 to 1.1. Then you know you are booting with the new Kickstart bootstrap loader.

    Changelog
    • FIXED: On some systems, booting from Kickstart USB flash drive resulted in blinking cursor.
    • UPDATED: Kickstart bootstrap loader to version 1.1.
    • UPDATED: Bulgarian language.

    Existing 3.7 users are automatically updated.
    Existing 3.6 users will be updated to the 3.7 branch later this week.
     
  23. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    One question regarding Kickstart:

    I read references in the web page to a bootable disc version but I haven't found anything more about this yet. Is it already available or is it planned for a future release? My computer's BIOS doesn't support boot from USB.
     
  24. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi Eric

    Can you whitelisted my 4 Files into the red Circles please

    Thank you very much

    SHA256: 579b2631f943edd50be1c1ae654d61c250822cf35b53fb6ac3b5cbb16eb8d241
    SHA1: 3e6f65af1107ec5f28455e287213f28fc336d0b3
    MD5: 1cd08ab826f173005567bc52434c421b
    File size: 2.9 MB ( 3004397 bytes )
    File name: opr0U4CL.tmp
    File type: Win32 EXE
    Detection ratio: 1 / 44
    Analysis date: 2012-12-18 13:52:30 UTC ( 1 Minute ago )

    SHA256: ef65844b90a8f31bc9c50328abd0d6f8bfe55a9b5f9b23cb4d0c57662606f479
    SHA1: 71361fd818304640af3089741473da110b4ef62a
    MD5: b3799348a888dd5b8cb9651c90accf12
    File size: 10.6 MB ( 11111424 bytes )
    File name: ieframe.dll
    File type: Win32 DLL
    Detection ratio: 0 / 45
    Analysis date: 2012-12-18 14:02:52 UTC ( 0 Minuten ago )

    SHA256: c878c3be1736083ef3ab66d6378e9ed08d5d72ee24a101d6451092be22dbafa1
    SHA1: d246b8702d191e0572357242a10fb4a584c1221e
    MD5: 3aa4f91630d6d6534bfd285e514ba6a5
    File size: 378.5 KB ( 387584 bytes )
    File name: iedkcs32.dll
    File type: Win32 DLL
    Detection ratio: 0 / 45
    Analysis date: 2012-12-18 14:05:14 UTC ( 1 Minute ago )

    SHA256: b096d6022ac6cdab2d21ab6b6b686ceae1f7e90db52c660d8d282216d53d5d3d
    SHA1: cec342c8522d5b92394fe9c67e1326afcdf2728a
    MD5: 55f00313492f6b921c4360c75219b0b8
    File size: 170.0 KB ( 174080 bytes )
    File name: ie4uinit.exe
    File type: Win32 EXE
    Detection ratio: 0 / 43
    Analysis date: 2012-12-18 14:07:36 UTC ( 1 Minute ago )
     

    Attached Files:

  25. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I'm still stuck on build 174. Do you recommend to manually update?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.