Hitman Pro Support and Discussion Thread

I think most people don't like that very much, as the tone can seem rather harsh.
But I suppose it's all in the game, there's always someone who'd like to play a bit more rough than others like to.
The good thing is that it forces everyone to keep on their toes.
I trust the developers feel enough distance not to take matters too personally. And kind words, like yours, also help.

 

Guy decided to clean his system all by himself - using HMP for the very 1st time without any documentation; he doesn't know how HMP works. The end result is because he didn't know any better. Most n00bs don't know what to do. He reasonably expected that if he used HMP all by himself that the system would be cleaned without any major problems. However, that is not the case - because he didn't know how to use HMP and mis-interpreted some controls, didn't know where to find the log, etc.

I can understand when a n00b uses a security soft without any prior experience - even with those softs that have documentation - and unexpected soft behaviors disappoint them in one way or another.

It's a problem with a lot of softs... unexpected\unexplained behaviors - even for non-security softs.

The only way to find out how a soft works - and what to expect from it requires practicing with it - and that is a major problem. It isn't limited to HMP - but most security softs...

Most of us on the security forums forget what it is like for a n00b - being ignorant of a lot of details that make the difference between a good result and a bad result.

He should have posted for malware removal help on an appropriate forum - but he probably didn't know that it would be the right way to go about cleaning his system - most n00bs don't know this...

 

Sorry to hear about your HMP accident.

As far as loosing everything Firefox, you should be using Moz Backup. It preserves EVERYTHING Firefox by taking a full snapshot on demand and is able to restore everything, e.g. bookmarks,accounts, usernames, passwords, etc. Search for it on the web. It's available for download on several sites.

 

and some people believe that computing is like magic...

 

In another thread Erik Loman said that this forum was the only support forum for surfright when explaining the high number of problems posted in the HPMA thread.

Erik Loman also posted that Surfright uses closed beta's and communication via PM, because they don't want to populate their support thread with issues from early beta's which make their products look bad.

 

Now you're talking about the HMP.A thread, not the HMP thread.
The HMP.A thread was started by Erik Loman, unlike the HMP thread that was started by yashau.
I don't know if SurfRight considers the two threads differently.

 

They post new releases in both threads.

Better ask @erikloman or @markloman whether this thread is threated differently as HPMA.

 

Have a look at the second post of this thread, my previous nickname was Kees1958, opinion about HMP is unchanged.

 

Software is easier learned and can be broader used when it complies to standards. Asking for a user confirmation before a delete is an accepted standard.

But I won't want to infer with your amusement level. So I drop the question to@erikloman and @markloman whether HMP is going to adopt this standard.

 

It is, you click on a button and things starts happening without you doing anything

 

lol , it is also called RAT

 

@erikloman
@markloman

The ability to select a directory - e.g. D:\ - and use HMP context menu scan to assess all sub-objects would be .

I know, I know... it's on the "To Do" list.

* * * * *

3.7.X

The "Threats Detected" counter is still always showing double the actual count of items detected - if threats detected is > 1.

Are items not shown in the threats detected list included in the count ?

 

The message about kernelmode hook on atapi.sys does not fit the GUI(At least the Dutch translation) and it is not possible to scroll to the right:


Secondly, it is possible to see which program is doing this assuming it is a legitimate program and does not need to hide itself?

 

If you check the .log file you'll be able to see which driver caused the warning. If you're running the newest HMP.Alert you'll get that.

 

It is bug on TO DO list to be fixed...

 

Good to know.

Thanks, was indeed Alert.

 

@erikloman
@markloman

If I use a program (like TinyWall) that protects the hosts file, HitmanPro will detect any protections applied and report it as a damaged hosts file.

If I select Ignore in HMP, it only ignores it for that single scan; on every scheduled scan it will detect the hosts file protection.

The inability to set a persistent Ignore results in the need to respond to every single scheduled HMP scan; it is an annoyance.

 

Hi @erikloman and Hi @markloman

Can you check the 3 Files and whitelisted the 3 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Hi All
This question has probably been asked many many times... but is there anywhere to add exclusions into the scan yet? When I run reports in MYOB Hitman Pro crashes the application due to the exe that MYOB runs for the reports. I can't see anywhere where you can whitelist or add exclusions
Many thanks for your response.

 

I had too Google for MYOB but I guess it's accounting software? You can exclude things in HitmanPro.Alert, just follow these steps:

1. Open HitmanPro.Alert
2. Click on the gear icon in the top right corner
3. Select Advanced interface
4. Click on the blue tile called Exploit mitigation
5. Choose Applications
6. Scroll to the far right and click on Add exclusion
7. Browse for the MYOB application on your disk and click Open

Hope this helps!

 

@erikloman
@markloman

HitmanPro does not detect active nor remnants of Phasebot (fileless user-mode rootkit) infection:

• HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{Bot GUID}

It creates Rc4Encoded32 and Rc4Encoded64 registry values where it will save the encrypted 32-bit and 64-bit shell code. Lastly, it creates another registry value named JavaScript that will decrypt and execute the Rc4Encoded32/64 values.

http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/04/filelessmalware3.png
http://blog.trendmicro.com/trendlabs-security-intelligence/files/2015/04/filelessmalware3.png

 

Hi @erikloman and Hi @markloman

Can you check the 1 File and whitelisted the File please. I use the FP function into the Programm to submit the File to you

With best Regards
Mops21

 

Just to report that HitmanPro is giving a false positive detection for latest PrivaZer version. I chose option "Report that file is safe", but just thought to mention it.

 

Q: what's Kickstart status re support for post W7