HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Good point. Will change the name to "HitmanPro.Alert (uninstall only)" so that it sorts nicely.
     
    Last edited: Jun 3, 2012
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Support for 64-bit browsers is not yet included in this Beta.
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Hitman Pro.Alert Beta 2........

    Without Sandboxie 3.70 enabled.......

    2.png

    With Sandboxie 3.70 enabled........

    1.png
    3.png
    4.png
    5.png
     
    Last edited: Jun 3, 2012
  4. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Continued.......

    6.png
    7.png
    8.png
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Its the WSAConnect and connect that trigger the alert. The others Sbie.dll are informational only. I will try to reproduce.
     
  6. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    Hi, will .Alert autoupdate in future final release?

    Cheers

    /E
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Beta 1 already updates to Beta 2. So yes it will ;)
     
  8. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    Ahh, missed that in your earlier post, thanks :)

    /E
     
  9. ELWIS1

    ELWIS1 Registered Member

    Joined:
    Sep 29, 2010
    Posts:
    60
    Hitman Pro Alert is compatible with Trusteer Rapport? or will in the future.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Currently its not but I maybe in the near future.
     
  11. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    does not seem to be working in a portable firefox instance, known behavior?
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There are a few bug in Beta 2 that are solved in Beta 3. Portable Firefox will most likely be supported in Beta 3.
     
  13. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    cheers eric, brilliant program :thumb:
     
  14. mrtnptrs

    mrtnptrs Registered Member

    Joined:
    May 17, 2012
    Posts:
    25
    Location:
    The Netherlands
    Sorry Erik, but i think that my e-mail to you hangs again in your Firewall?
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    I missed this before now, as the thread title is Very similar to the other one :D

    Installed & no issues so far on XP/SP2 FFv3.6.14 :thumb:

    Looking forward to throwing something nasty at it to see how it performs ;)
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Works fine, using 1.5% CPU when browser is active. Not much and less than Trusteer (which also checks whether browser is changed), so not a bad job.

    Two questions:
    1. Explanation
    Erik, could you explain why checking DLL's and handles takes this amount of CPU?


    2. HTTPS/SSL settings of the browser
    A possible quick win would be to attend users on misconfiguration of their browser in regard to certificates etc.

    Regards Kees
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Hi i just tested with advanced_keylogger.exe - v2.1.9.0910 - Eltima Software

    It's not even the latest version, so should be known !

    Wild HMP.gif

    HMP - KL.gif

    It captured ALL my notepad text, & more importantly, All the Password text whilst in HTTPS :eek:

    Is HitmanPro.Alert Support only to supposed to alert etc on banking malware, or on ANY attempted HTTPS log in www's ?

    By the way, PSOL didn't blink either ?
     
  18. Kid Shamrock

    Kid Shamrock Registered Member

    Joined:
    Apr 3, 2007
    Posts:
    229
    Just installed the Beta 2 version on my x64 laptop. I ran a scan using Hitman Pro 3.6.0 build 156, which found a bunch of tracking cookies. I chose to delete the cookies, but Hitman stated the deletion failed. I had Chrome browser open during the scan. I closed the browser, ran the scan again and was able to delete the cookies. Since the only change I have made was to install the HitmanPro.Alert program, it appears that it was blocking deletion of the cookies while the browser was open. Anyone else see this? o_O
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It currently only checks Banking Malware infiltrating the browser. It does not check for keyloggers or screengrabbers on the system.
     
    Last edited: Jun 10, 2012
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    1. Alert is not checking DLLs and Handles. Its doing a memory analysis on the remote process in a non-invasive way to stay compatible with antivirus software (ex. you wont see a DLL of Alert in the browser process). We've not yet implemented an optimization to reduce CPU load (which we think is currently acceptable). In a next build the optimizations will be done. Keep an eye on the changelogs. Although Beta 3 won't have them yet.

    2. Can you elaborate on this? Browser settings or the certificate store? Not sure what you mean. I consider any improvement a great addition ;)
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    This post is about HitmanPro. This thread is about HitmanPro.Alert. Any idea how I can move posts?

    About the issue: it seems to be related to this post. I think Chrome was updated an now the cookies cannot be deleted while the browser is open (used to work before). Will address this in the next update.
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    1. Yep as said, compared to other solutions the CPU load is acceptable.
    Are the memory swaps/analysis the reason for CPU usage (sort of polling mechanism).

    2. Browsers like Chrome, but especially IE have options to harden the vulnabilities. E.g. checking certificates of HTTPS/SSL sites/checking revoked cerificates, etc. This are often settings within the browser (and IE has some more through registry, like not saving encrypyted data to disk cache).
     
  23. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    I've got to disagree here. Both Zemana and Spyshelter use no constant CPU. From memory Rapport is also very low CPU, with nothing constant (but that is from memory so somebody may prove me wrong). WSA is also very low CPU, with nothing constant. All of these are much lower CPU usage than HMPA.

    Then again, one man's view of what's acceptable is not the same as another's, so perhaps I'm just being greedy in wanting such low CPU usage.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ erikloman

    Hi, i see, only banking malware, OK.

    Well i tested it with a Tinba nasty b6991e7497a31fada9877907c63a5888.exe after enabling ShadowDefender & then disabling ALL my security software & allowing Explorer.exe etc out through my FW.

    I then did some fake login attempts at HTTPS Natwest. I received NO alert etc from HitmanPro.Alert ?

    On a positive note, CPU = 0.01% MEM = 3.5 Mb's = :thumb:
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I tried your sample on XP SP3 and I got this alert in Chrome:
    Tinba.png
    Are you sure you infected your machine properly?

    Did you see the flyout after infection (instead of the alert I mean; this to find out whether alert is running properly)?

    Note that Tinba does not infect 64-bit browsers (only 32-bit browser on 64-bit Windows).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.