Hitman Pro Support and Discussion Thread

Is RollbackRX running? Or other disk virtualizer?

 

No, pretty much a clean system. If I hide the XP partition, Hmp scan is clean. Current third party apps on win8.1:

Code:

ObjREXX_2_1_3
WinMerge_2_12_4
WinRAR_3_80
NetworkIndicator_1_6
Stickies_7_1_e
FSCapture_7_6
7-Zip_9_20
ExamDiff_Pro_6_0_3_13
WinUpdateNotifier_1_3_0
Thunderbird_24_2_0
Firefox_26_0_0
PDF_XChange_Viewer_2_5_214
CCleaner_4_10_4470
ClassicShell_4_0_4
TimeKeeper_1_44
HitmanPro.Alert_2_6_2_72
UniExtractor_1_7_9_95
HitmanPro_3_7_9_212
WinPatrol_30_0_2014_0

 

Hi Eric

Can you check this 1 File please and whitelisted it please

Properties
Name NPSWF32_12_0_0_44.dll
Location C:\Windows\system32\Macromed\Flash
Size 15.5 MB
Time 0.0 days ago (2014-02-07 17:34:52)
Authenticode Valid
Entropy 7.0
RSA Key Size 2048
SHA-256 9E61D8E17B5EEA9280C56F35D188439CF083FB5968A6A29246DFF0F56471C7D7

Scoring (6.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Program is code signed with a valid Authenticode certificate.

Startup
HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\

References
C:\Windows\system32\Macromed\Flash\flashplayer.xpt

Forensic Cluster
* C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_44.dll
0.2s C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_44_Plugin.exe
0.5s C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
2.9s C:\Windows\Prefetch\INSTALL_FLASH_PLAYER.EXE-F60B424E.pf

SHA256: 9e61d8e17b5eea9280c56f35d188439cf083fb5968a6a29246dff0f56471c7d7
Dateiname: NPSWF32_12_0_0_44.dll
Erkennungsrate: 0 / 50
Analyse-Datum: 2014-02-07 17:08:49 UTC ( vor 1 Minute )

 

Hi Eric

Any infos about it?

Did you get my PM Eric?

With best Regards
Mops21

 

Hi Erik

Can you check this 3 Files please and whitelisted it please

Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 0.1 days ago (2014-02-14 17:07:19)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19499
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 36EF2F8122CAB8C22D86A40B101EF79060734AD740EEC76754317727137E5B62

Scoring (8.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

SHA256: 36ef2f8122cab8c22d86a40b101ef79060734ad740eec76754317727137e5b62
Dateiname: ieframe.dll
Erkennungsrate: 0 / 44
Analyse-Datum: 2014-02-14 17:49:33 UTC ( vor 2 Minuten )

Properties
Name iedkcs32.dll
Location C:\Windows\System32
Size 379 KB
Time 0.1 days ago (2014-02-14 17:07:1
Entropy 6.0
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IEAK branding
Version 18.00.6001.19499
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 20FB4AD10738A2532FFA937098168BF6D685E0F2DDF97768767965ECAFDB80F1

Scoring (6.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

SHA256: 20fb4ad10738a2532ffa937098168bf6d685e0f2ddf97768767965ecafdb80f1
Dateiname: iedkcs32.dll
Erkennungsrate: 0 / 46
Analyse-Datum: 2014-02-14 17:52:50 UTC ( vor 1 Minute )

Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 0.1 days ago (2014-02-14 17:07:1
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19499
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 70F759D5F7515782C4C069B69C575533F3F1DB885E5E2F52DAE9BC3EEB63C084

Scoring (11.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

SHA256: 70f759d5f7515782c4c069b69c575533f3f1db885e5e2f52dae9bc3eeb63c084
Dateiname: ie4uinit.exe
Erkennungsrate: 0 / 50
Analyse-Datum: 2014-02-14 17:54:54 UTC ( vor 0 Minuten )

 

erikloman there will be only 2 search engine to Hitman Pro?

are the company going to added more vendors?

or hitman pro become to be only 2 AV engines ?


last time i saw in virus total has 50 AV/Anti malware engines none of them don't want to participate in the program or Surfright company decide that more than 2 AV is
performance slower and most of your consumers don't want more than 2-6 minutes scan ?

as average consumer 5 engines is make me want to purchase the Software more than Hitman pro with 2 engines.
but that is really rare event when kaspersky and bitdefender cant detect malware that another AV can,

 

I just noticed that Emsisoft is no longer listed so i looked at this thread.

 

Did you find the answer or do you still wonder why Emsisoft is no longer listed? FWIW..see this post:

 

Yes down to two scanning engines now. The main reason I purchased HMP originally because it five back then. Hope they add some more.

 

Bitdefender and Kaspersky are known to have the best malware removal capabilities. Malwarebytes must be excellent as well, but I have not seen any comparative between the MBAM and the former two. Same goes for HitmanPro as a stand-alone application. One can only make assumptions based on Kaspersky's and Bitdefender's abilities. It is hard to say if HMP in its current state would profit from more engines, but I doubt it. The only addition I would actually deem beneficial is MBAM, yet that's not going to happen, I am sure

 

I kind of agree that HMP should add more engines. I guess that is the main reason most people purchase it.

They should add something like MBAM which does a great job. (The idea of replacing BD with Emsisoft doesnt sound that bad since both run BD and with Emsisoft theres an additional in house engine but im pretty sure BD does most of the heavy lifting anyways)

 

The main reason I started using HMP was many engines. I hope they increase the number from 2 to at least 5.

 

or even 1 morte engine it will be super nice

 

Hahahaha i think 5 is stretching it a bit.
Personally 3 top notch engines would be ideal and anything above would be good but i doubt they will go with so many engines again like you said.
The main reason i purchased my HMP license was because they offer a light and robust multi engine solution, great support, great development and are always up to date when fighting the latest threats. (Dont forget the nice promo/discount )

 

the main Question is if they going to added more AV engine.

or they decide to be only with 2.

last time them remove AV engine they said that them negotiation with another AV vendor
and it was kaspersky.

i hope they added At least 1 more AV engine be great but 5 best.

 

Bitdefender and Kaspersky are great and certainly enough. I've said it before and I'll say it again; if Malwarebytes Anti-Malware engine would be added to HitmanPro it'd be the most epic malware-crushing tool available.

 

first of all more engines is more attractive to average consumer and more people will buy
HitmanPro

and why you think the company Malwarebytes will give it engine to HitmanPro
no 1 will buy anymore Malwarebytes product ,

i think surfRight will see low purchases product in the next weeks because of low AV engines.

i wish the company surfRight will tell us whats the main reason of low AV engine,

slower performance or because AV vendors don't want to give their engines because no1 will purchase their product .

i always love the use HitmanPro is the main security software that i love. but the main reason i purchase Hitman pro is because the high AV engine in it, but it still my Favorite Product.

 

Not a tiny bit. Take your case as an example. You use EAM which has in-house Emsisoft engine plus Bitdefender engine. If you use HMP as an on-demand scanner you would right now get only one extra scanner in total. If HMP settles on your ideal three engines, you would get 2 more extra engines. Now you may be satisfied with this number but as iceman25 stated, more engines is more attractive to average consumer and more people will buy HitmanPro. And as Surfright is here to do business, well you get the idea.

I think they will. I believe Erik and Mark are working on getting more engines as we speak.

Well you stated all your reasons. I'm lost at what your main reason was.

 

Herdprotect is using 68 anti-malware engines.
It's also a cloud anti-malware scanner like Hitman Pro in beta stage.
It just detects malware, but doesn't removes it for the moment.

I have mixed feelings.
Beter a cloud scanner with a few good engines then a cloud scanner with many engines that are bad and gives lots of false positives.
Loved to have Avira, Trend Micro and Malwarebytes as extra engine in Hitman Pro.

What engines shoulld you love to see with Hirtman Pro?

 

with hitmanpro I will love to see mbam emsisoft and webroot

 

the best it if they added Avira engine

 

I would love to see Avira, TrendMicro and any other engine added to the already strong combo Bitdefender and Kaspersky engines. This along with my WSA would be amazing.

 

make a vote of how many AV engine do you like to see in HitmanPRO:

http://www.poll-maker.com/poll66676xc85B49D8-3

 

You could start a poll here on Wilders instead Nevermind ams963 have already started one :https://www.wilderssecurity.com/showthread.php?t=360314

 

i wonder they can being Ikarus back and btw webroot haves a poor detection rate so its less likely they will add webroot in cloud anytime soon