Hitman Pro Support and Discussion Thread

No problems with Beta 213 (Win 7x64)

 

Hi,

Same here!

Windows 8.1 Pro (32-bit).

Regards,
Kardo

 

New beta working fine here as well
Btw, I did an EWS scan and as usual ieframe.dll and some others from the latest windows update popped up, but I noticed they are not digitally signed, shouldn't this be the case?

 

Download sigcheck of Sysinternals and run it in a bat file or from command prompt

"C:\[WHERE YOU CHOOSE TO INSTALL IT]\sigcheck.exe" -e -s -u -vr "C:\Windows\System32"

~ Removed Off Topic Remarks ~

 

No troubles with the beta

 

Hello,

Hitman Pro detected a malware during a scan a few days ago. It quarantined it. How do I completely remove the threat?

 

Settings > History > Quarantine. Press Delete history button.

 

Ah thanks a lot.

 

very simple task

 

I'm still getting a lot of bogus alerts when running HitmanPro on Win8 32-bit as described here.

 

After taking a closer look, the path of those files look weird. They start with "F:1\" .

 

cmd line shows it as f:\ when running dir

Code:

Directory of f:\Program Files\Common Files\Microsoft Shared
.
Directory of f:\Program Files\Common Files\Microsoft Shared\DAO

I don't get any alerts when I run with Compatible Disk Access on Win8, but while scanning, still shows f:1\
On Win7 hmp doesn't look like it scans anything on f: ( same partition as from Win8 ) when running a normal scan like
it does on Win8.

When I scan \system32 from the context menu on Win8 using Direct Disk Access, path shows as f:\ during scan and no alerts. I don't see any consistency on what is being reported between a normal scan and one done via the context menu.

 

can i get some info about features of hitman pro like:

7-2 mins scan
2 anti virus engine
could based engine
Behavioural Scan


if you can only 1 sentence

thanks in advanced

 

HitmanPro - Forensic and behavioral based, cloud assisted malware removal.

 

I think there is an issue while enumerating items. If you disable remnant scan, does the issue occur?

 

Hi Eric

I have some Files fort you for checking and whitelisting

Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 7.9 days ago (2014-03-14 16:41:43)
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19507
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 E299D4D1B7CD7528CF8E16C7C4ED42462242250B0E71868FAF81A3639B456470

Scoring (10.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

SHA256: e299d4d1b7cd7528cf8e16c7c4ed42462242250b0e71868faf81a3639b456470
Dateiname: ie4uinit.exe
Erkennungsrate: 0 / 51
Analyse-Datum: 2014-03-22 14:05:49 UTC ( vor 0 Minuten )


Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 7.9 days ago (2014-03-14 16:41:45)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19507
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 1F8124CD8E5F9391B92545BFF205D76FA5E495D5526F439ED3CE7A63A4C1F1A7

Scoring (7.0)
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

SHA256: 1f8124cd8e5f9391b92545bff205d76fa5e495d5526f439ed3ce7a63a4c1f1a7
Dateiname: ieframe.dll
Erkennungsrate: 0 / 51
Analyse-Datum: 2014-03-22 14:09:26 UTC ( vor 0 Minuten )

 

Still occurs.....

 

HitmanPro 3.7.9 Build 214 BETA

This release is about fixing a few problems and greatly improving support for various web browsers. Specifically detection and removing malware and Potential Unwanted Programs (PUPs) as been improved. SQLite and JSON parsers were added to HitmanPro to fully support Google Chrome and Firefox for precise removal of compromised start page, search engines, extensions and plugins.

We also added initial integration support for HitmanPro.Alert version 3, watch this thread.

Lastly, we changed the EULA regarding the conditions for use of the 30 day free license. Over the past months HitmanPro has been increasingly used by support organization that use HitmanPro as part of their PAID service. This is no longer allowed. These organisations should use incident licenses. Support organizations that offer their services for FREE may continue to use the 30 day free license that is embedded in HitmanPro. Please read the EULA for the exact wordings.
Of course, scanning with HitmanPro is always free. Only removal requires a free or paid license.



Changelog

• ADDED: Detection for compromised Start Page en Search Engines in Google Chrome
• ADDED: Initial support for HitmanPro.Alert 3 integration
• FIXED: Application termination during Remnant scan
• FIXED: Scan stuck at 99% classification caused by a malformed Firefox prefs.js
• IMPROVED: Potentially Unwanted Programs (PUP) scanner for Internet Explorer, Firefox and Google Chrome
• IMPROVED: Google Chrome now automatically closes gracefully when deleting cookies
• IMPROVED: Removal of malware hijacking web browser shortcuts
• IMPROVED: Detection of profile location of Firefox
• IMPROVED: Windows Task Scheduler 2.0 support
• IMPROVED: Auto resizing display resolution when screen is smaller than 800x600
• CHANGED: Potentially Unwanted Programs (PUPs) are now default set to Delete (was previously set to Ignore). This due to overwhelming number of helpdesk questions.
• UPDATED: End User License Agreement 1.2. Conditions for use of the Free License have changed.

Download
http://www.surfright.nl/downloads/beta

Please let me know how this version runs on your computer

 

Ran the scan just fine. Thanks!

I'm eager to see it in action against PUPs!

 

Runs fine HitmanPro 3.7.9 Build 214 BETA with W7 64 bits.

 

Ha post 6000 in this thread. Congrats

 

Is he going to get a license?

 

Just run Build 214 with a Standard & EWS Scan and no problems to report

OS Win 8.1 x64

 

Good idea

 

Hehehe