Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Latest HMP considers this file as suspicious. Not sure why though - seems to be a normal system file. Erik?
    Suspcious.jpg
    Code:
    HitmanPro 3.7.12.256
    www.hitmanpro.com
    
      Computer name . . . . : 2082-52G
      Windows . . . . . . . : 6.1.1.7601.X86/2
      User name . . . . . . :
      UAC . . . . . . . . . : Disabled
      License . . . . . . . : Free
    
      Scan date . . . . . . : 2016-02-15 12:13:10
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 2m 26s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
    
      Threats . . . . . . . : 0
      Traces  . . . . . . . : 3
    
      Objects scanned . . . : 790,561
      Files scanned . . . . : 7,430
      Remnants scanned  . . : 120,335 files / 662,796 keys
    
    Suspicious files ____________________________________________________________
    
      C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
      Size . . . . . . . : 16,777,216 bytes
      Age  . . . . . . . : 20.2 days (2016-01-26 07:45:31)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 96A8501BD678C8AFBA94D8BB3C00C4D20A39ED4088765127B2ACDC21E7221C3B
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : NT Kernel & System
      Version  . . . . . : 6.1.7601.18933
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 49.0
      The file is hidden from Windows API. This is typical for malware.
      The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
      The file name extension of this program is not common.
      The file is in use by one or more active processes.
      The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      Time indicates that the file appeared recently on this computer.
      The file is a device driver. Device drivers run as trusted (highly privileged) code.
      Forensic Cluster
      -0.5s C:\$Extend\$UsnJrnl
      -0.3s C:\Windows\System32\winevt\Logs\System.evtx
      -0.2s C:\Windows\System32\winevt\Logs\Application.evtx
      -0.1s C:\Windows\System32\winevt\Logs\Security.evtx
      -0.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
      0.0s C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
      0.0s C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
      0.1s C:\Windows\System32\winevt\Logs\Media Center.evtx
      0.2s C:\Windows\System32\winevt\Logs\Key Management Service.evtx
      0.2s C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
      0.3s C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
      0.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
      0.7s C:\Windows\CSC\v2.0.6\temp\
      0.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
      0.7s C:\Windows\CSC\v2.0.6\
      0.7s C:\Windows\CSC\v2.0.6\pq
      0.8s C:\Windows\CSC\v2.0.6\temp\ea-{39481890-c3f8-11e5-9c88-f2bad72496bf}
      0.8s C:\Windows\CSC\v2.0.6\namespace\
      0.8s C:\Windows\CSC\v2.0.6\sm
      1.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
      2.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
      2.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
      2.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
      3.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
      3.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
      3.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx
      4.3s C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000003.db
      4.4s C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000008.db
      5.2s C:\ProgramData\Microsoft\Diagnosis\events00.rbs
      5.2s C:\ProgramData\Microsoft\Diagnosis\events10.rbs
      5.3s C:\ProgramData\Microsoft\Diagnosis\events01.rbs
      5.3s C:\ProgramData\Microsoft\Diagnosis\events11.rbs
      6.3s C:\Windows\inf\setupapi.dev.log
      6.7s C:\Windows\inf\setupapi.ev3
      6.7s C:\Windows\inf\setupapi.ev1
      6.8s C:\System Volume Information\Syscache.hve
      6.8s C:\System Volume Information\Syscache.hve.LOG1
      6.8s C:\System Volume Information\Syscache.hve.LOG2
      7.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
      8.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
      8.5s C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_7cc741099624db0f\volume.PNF
      8.6s C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
      9.2s C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_fff93662d7c59057\machine.PNF
      11.3s C:\Windows\inf\setupapi.ev2
    
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I think the file is no longer there. Can you confirm?
     
  3. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    It's still there.
    Code:
    FontCache3.0.0.0.dat  541368  2/14/2016 13:42  A---
    lastalive0.dat  2048  2/15/2016 12:02  ASH-
    lastalive1.dat  2048  2/15/2016 12:02  ASH-
    ~FontCache-FontFace.dat  16777216  2/15/2016 12:02  A---
    ~FontCache-S-1-5-21-3603599577-2943388991-96  8388608  2/15/2016 12:07  A---
    ~FontCache-System.dat  368656  2/15/2016 12:03  A---
    
     
  4. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    I am doing automatic HitmanPro command line scans for some PCs and today I got this strange result on multiple PCs:
    <Log computer="SOME-PC" windows="6.3.0.9600.X64/8" scan="Normal" version="3.7.12.256" date="2016-02-18T11:00:10" timeSpentInSecs="339" filesProcessed="61339"><Item type="Repair" score="0.0" status="None"><File path="$sticky" /></Item></Log>

    What is this? Additionally, Kaspersky reported a SSL connection with invalid certificate to HitmanPro cloud...

    UPDATE: Kaspersky sais app HitmanPro wants to access URL cloud.hitmanpro.com but certificate is for search.dnsadvantage.com

    Anguel
     
    Last edited: Feb 18, 2016
  5. hjlbx

    hjlbx Guest

    @erikloman
    @markloman

    HMP 3.7.12 build 256 (64 bit)
    W8.1 Home 64 bit - Clean Install

    Bug

    Detection counter always indicates 2X the actual objects detected:

    detected 4, HMP reports 8
    detected 11, HMP reports 22

    I think you are already aware of it...
     
  6. hjlbx

    hjlbx Guest

  7. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    517
    The remnant scanner still detects those entries as malicious. I'm curious to know when the detection alert for those entries were added?
     
  8. hjlbx

    hjlbx Guest

  9. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 1 File and whitelisted the File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  10. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Q: Does HitmanPro detect rar files.
    SHA256: 7907a12fa2f9b895f7c490b91252cd16cf7bcfadb5230d85f254492bbb35556a
    File name: 0_3_setup_alternative.rar
    Detection ratio: 16 / 55
    Analysis date: 2016-02-23 21:36:40 UTC
    --------------
    HitmanPro scan > 0_3_setup_alternative.rar = 0.
    Q: Does Hitman scan compressed.
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Nope.
     
  12. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Thanks....how do I tell difference between not scanned and 0.
    Threats . . . . . . . : 0
    Objects scanned . . . : 1
    Files scanned . . . . : 1
    Remnants scanned . . : 0 files / 0 keys
     
  13. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 1 File and whitelisted the File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  14. Roxl

    Roxl Registered Member

    Joined:
    Feb 24, 2016
    Posts:
    12
    I'm planning to buy a license for HitmanPro.Alert but i've two questions:
    1. Since SurfRight is now part of the Sophos Company, are there plans to drop or stop the development of HitmanPro.Alert ?
    2. I'm running Bitdefender Total Security 2016 on my computers and i have read on 'older' threads that the two suites are not compatible. Is this the case?

    thx
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The HitmanPro driver is signed with both a SHA1 and SHA256 signature.
     
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.13 Build 257 BETA

    Changelog

    • Fixed Save Log button was broken since build 256.
    • Improved Polish language
    Download
    http://www.hitmanpro.com/beta

    Please let me know how this version runs on your computer :thumb:
     
  17. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    HitmanPro 3.7.13 Build 257 BETA. No problems thus far.
     
  18. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    Running fine here :thumb:
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
  20. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    After the automatic update to 257, when I press 'next' to scan, I receive an application error:

    "Application popup: hitmanpro.exe - Application Error : The instruction at 0x00000000 referenced memory at 0x00000000. The memory could not be written.

    Click on OK to terminate the program"


    ~~~

    Just reverted back to 256 and working normally again with no errors.
     
    Last edited: Feb 25, 2016
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Update is pulled to investigate. Expect a fix today.
     
  22. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,983
    HitmanPro 3.7.13 Build 257 (64-bit) Stable, no problems.
    OS: Windows 10 Pro x64, Version 1511 - Build 10586.104
     
  23. malware1

    malware1 Registered Member

    Joined:
    May 26, 2014
    Posts:
    133
    Thanks! Please update it again if possible, I corrected a minor text length issue on the main screen.
     
  24. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
  25. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 1 File and whitelisted the File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.