Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What is going on with the signature handling on your computer? Seems off.
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.10 Build 248 Released

    Changelog
    • ADDED: Detection and removal of 'Ads by LaSuperba' malware.
      See here for example: https://twitter.com/erikloman/status/649967142121701377
    • ADDED: Detection and repair of patched dnsapi.dll (both 32-bit and 64-bit)
    • ADDED: Command line switch /diskmode=compatible|direct.
    • ADDED: Tracking Cookie scan for Microsoft Edge.
    • FIXED: Tracking Cookie scan for Internet Explorer.
    • IMPROVED: Improved Windows 10 compatibility.
    • IMPROVED: Remnant scan.
    • IMPROVED: Cloud lookup performance.
    Download
    http://www.hitmanpro.com/downloads

    Existing users are automatically upgraded.
     
  3. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Seems so yes.
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    A similar issue, also concerning a Windows Vista 32 bits system, was mentioned at the (Dutch) Security.NL, recently.
    See post and thread "False positives Hitman Pro??"
    That poster said he/she was planning to contact HitmanPro support.
    Anything about that in HitmanPro support logs, perhaps, Erik?
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I have a remote session tomorrow. Maybe I can dig something up.
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Build 248 Release
    second scan 5m59s :) No threats
     
  7. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Fp?

    Edit: I did a rescan today and it didnt show up again. Fixed. Thanks Erik.
     
    Last edited: Oct 7, 2015
  8. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    407
  9. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    HitmanPro-248 doesn't trust HitmanPro.Alert :D
    Properties
    Name excalibur.db-shm
    Location C:\ProgramData\HitmanPro.Alert
    Size 32.0 KB
    Time 0.0 days ago (2015-10-07 09:53:47)
    Entropy 6.3
    Product HitmanPro 3.7
    LanguageID 0
    SHA-256 9EE5E5B95F1D0DAFC748D428DEAE4767E95FD3EF803B94DC50DA9B8DE38F8EA9

    Scoring (58.0)
    The file is hidden from Windows API. This is typical for malware.
    The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
    The file name extension of this program is not common.
    Program is running but currently exposes no human-computer interface (GUI).
    Authors name is missing in version info. This is not common to most programs.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    Time indicates that the file appeared recently on this computer.
    The file is in use by one or more active processes.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.

    Forensic Cluster
    -8.5s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
    -8.5s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
    -5.1s C:\Windows\Logs\MeasuredBoot\0000000034-0000000000.log
    -0.0s C:\ProgramData\HitmanPro.Alert\excalibur.db-wal
    * C:\ProgramData\HitmanPro.Alert\excalibur.db-shm
    0.6s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    0.7s C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    3.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl
     
  10. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    I get an error when I want to scan a map with a HitmanPro Beta-version. Right click: Scan with HitmanPro. Tested with the old build 247 beta. No problem with non-beta build 248. Apparently it only works with a non-beta-version.

    (W10 build 10240 64 bits/Norton Security with Backup v22.5.2.15)

    1.JPG
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I found more information. The Vista machines exhibiting this issue have files that are signed with a SHA-256 digest algorithm. Windows XP and Vista do not support this algorithm. See screenshot:

    VistaAuth.png

    Have you tried upgrading to Windows 8 or Windows 10? If so, these files might be residue of a failed upgrade to Windows 8 or 10.

    Why do these files popup now? Because these files have a signature that expires on 2015-10-01.

    Expired.png
     
    Last edited: Oct 7, 2015
  12. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Never upgraded to 8.1 or 10.

    3.JPG
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Fact is, you have a Windows 8 or 10 file on your computer. Can you post a screenshot of the version information?
     
  14. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    @erikloman
    Sorry for hurrying but could you please look at my PM again?
     
  15. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    2.jpg 1.jpg
     
    Last edited: Oct 7, 2015
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Last edited: Oct 7, 2015
  17. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Probably Windows Update. I keep finding update KB's and stuff to either clean off or block MS updates now a major source of spyware. They call it Telemetry GRRR
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Already reported, just whitelist/ignore them. Like many tools, it wrongly assumes that some PUP-bundled apps are unwanted, even if you unchecked everything and not PUP is installed.
     
  19. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    @Peter2150
    Yes, regarding Windows 7 and 8 systems.
    But Windows Vista, as is deugniet's system?
    I don't know. No such files on my Vista x86 system.

    @deugniet
    Did you install the optional update KB2999226 for Windows Vista, by any chance? I didn't.
    The KB2999226 articles says:
    Could this be the Windows 10 files Erik was thinking of?
     
  20. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Fixed with beta 249. Thank you Erik.

    Scan date . . . . . . : 2015-10-07 19:40:51
    Scan mode . . . . . . : Normal
    Scan duration . . . . : 4m 29s
    Disk access mode . . : Direct disk access (SRB)
    Cloud . . . . . . . . : Internet
    Reboot . . . . . . . : No

    Threats . . . . . . . : 0
    Traces . . . . . . . : 0

    @Stupendous Man
    Yes. KB2999226 installed (20 September 2015/optional update).
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Incredible. Microsoft made a mess of it. These files do not validate on XP or Vista :eek:
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    Notify Microsoft about this, Erik?
     
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    It's not the first time.
    Earlier, EMET 4.1 Update 1 was signed with SHA256, not supported on Vista.
    Later, a new EMET 4.1 Update version was released, signed using SHA1.
    EMET 5.2 was also signed using SHA1.
    But now with KB2999226 Microsoft seems to make the same mistake all over again.
    Well, I think Microsoft just doesn't care.
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.10 Build 250 Released

    Changelog
    • ADDED: Workaround for KB2999226 on Windows Vista.
      The files in KB2999226 are digitally signed with the SHA-256 algorithm. Authenticode signatures with SHA-256 digest are not supported on Windows Vista. This resulted in that HitmanPro listed these files as suspicious.
    • FIXED: Tracking Cookie scan for Internet Explorer.
    Users are automatically updated.
     
    Last edited: Oct 9, 2015
  25. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.