HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Just edited my post to:
    "Because unsigned applications can trigger an alert, during install and uninstall"
     
  2. MikeRepairs

    MikeRepairs Registered Member

    Joined:
    Mar 26, 2014
    Posts:
    81
    Location:
    Kissimmee, FL
    HitmanPro.Alert 3.5.3 Build 562
    fixed my load lib problems printing on win 7 32 bit
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Unsigned binaries that probe whether they are running in a sandbox are stopped in "active vaccination".
    What firmware supplier probes for a sandbox AND runs its installer unsigned?

    Unsigned basically means you are flashing firmware or installing software that you have no way of knowing it was modified by an attacker :blink:. And if it is unsigned, why is it ALSO checking for a sandbox (which are typically used by security vendors processing new potential malware binaries)?

    If you run into an installer that is unsigned AND probes for sandbox, and you still want to install it, then yes, set it temporary to Passive and then switch it back to Active once you are done installing.

    But we set Vaccination to Passive by default since the world is not perfect. But once a user deems itself Advanced enough to use the Advanced UI, we think he's smart enough for using the Active vaccination. That is why it reads recommended in the Advanced UI.

    Hope this helps.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Erik

    Is that what my Netgear WiFi adapter was doing when I went to uninstall it? o_O
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Apparently Netgear for one.

    Thanks for the extra information.
     
  7. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Same problem here.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I'll have a look. New build feels different on XP.
     
  9. plat1098

    plat1098 Guest

    Well, I launched Speccy the next day and a small blue flyout appeared saying this app is protected against attacks so that answers that.
     
  10. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    Also hangs on "Windows is starting up" message. I had to remove all hmpa files using another system to get it to boot. Tried to reinstall and seeing the same problem. I did get it to boot once, but nothing on the taskbar..
     
    Last edited: Sep 24, 2016
  11. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    I'd like to see a one button "disable all protection" option that would help in troubleshooting.

    I've tried countless times to install an upgrade to VMWare Workstation Reader and it aborts mysteriously with this message...

    VMware Player Setup Wizard ended prematurely

    VMware Workstation 12 Player Setup Wizard ended prematurely because of an error. Your system has not been modified. To install this program at a later time, run Setup Wizard again. Click the Finish button to exit the Setup Wizard.

    In the absence of an Event Viewer entry, I have disabled vaccination and cryptoguard and even halted the service hoping to cajole the upgrade to proceed. Without success. I've attempted to install from safe mode, however its installer won't allow that. And I have re-downloaded the installer from an alternate source hoping to resolve the problem. I've tried to update within the program, and by external means. And while I can't point my finger conclusively at HMP.A, I cannot rule it out either. Short of uninstalling HMP.A and re-trying, I seemingly have no simple way of determining fault here.

    The inclusion of a "disable all protection" feature would be more than helpful here.

    Suggestions?
     
    Last edited: Sep 24, 2016
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I just reccently upgraded from VMware Workstation 12 to 12.5. Didn't disable anything in HMPA and had no issues.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Yes, uninstall HMPA and then you will know.
     
  14. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    174
    yes. it would be very useful.
     
  15. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @Telos :
    In the advanced interface:
    Try to set Action Mode to"silent audit", and try again, to instal, or upgrade VM-Ware....
     
  16. Regmos

    Regmos Registered Member

    Joined:
    Nov 6, 2015
    Posts:
    22
    Been getting this alert several times in the last few days. It started after installing the anniversary update to my Windows 10 Pro x64.
    Scanning with HitmanPro finds nothing, and Bitdefender also doesn't find anything. Should I be Worried ?

    Lenovo L412 / Windows 10 Pro (x64) vers: 1607 AU / Bitdefender Free 2016 / WFC / latest HitmanPro and .Alert / Norton Connectsafe.

    Code:
    Intruder 
    
    PID          6496
    Application  C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Description  Firefox 49.0.1
    
    Detour Report
    #  Address     Owner                    Disassembly
    -- ----------  ------------------------ ------------------------
    CreateProcessA
     1 0x74178C20  KernelBase.dll           JMP 0x55a60000
     2 0x55A60000  (anonymous)             
    
    CreateProcessInternalA
     1 0x74178CE0  KernelBase.dll           JMP 0x5dae0000
     2 0x5DAE0000  (anonymous)             
    
    CreateProcessInternalW
     1 0x740F5F40  KernelBase.dll           JMP 0x58ff0000
     2 0x58FF0000  (anonymous)             
    
    CreateProcessW
     1 0x740F5F00  KernelBase.dll           JMP 0x4bad0000
     2 0x4BAD0000  (anonymous)             
    
    CreateRemoteThread
     1 0x74177990  KernelBase.dll           JMP 0x1e6005c
     2 0x01E6005C  (anonymous)              PUSH DWORD 0x1e5f690
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateRemoteThreadEx
     1 0x740EADC0  KernelBase.dll           JMP 0x1e60678
     2 0x01E60678  (anonymous)              PUSH DWORD 0x1de29a8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateThread
     1 0x741779C0  KernelBase.dll           JMP 0x1e6025a
     2 0x01E6025A  (anonymous)              PUSH DWORD 0x1e5fe88
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateWellKnownSid
     1 0x740FD9A0  KernelBase.dll           JMP 0x1e604be
     2 0x01E604BE  (anonymous)              PUSH DWORD 0x1de1e68
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    DefineDosDeviceW
     1 0x74179C20  KernelBase.dll           JMP 0x1e60348
     2 0x01E60348  (anonymous)              PUSH DWORD 0x1de0c20
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    DeleteFileA
     1 0x7410FC90  KernelBase.dll           JMP 0x1e60436
     2 0x01E60436  (anonymous)              PUSH DWORD 0x1de16e8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    DeleteFileW
     1 0x74110C80  KernelBase.dll           JMP 0x1e60414
     2 0x01E60414  (anonymous)              PUSH DWORD 0x1de1670
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindClose
     1 0x740F4D70  KernelBase.dll           JMP 0x1e6049c
     2 0x01E6049C  (anonymous)              PUSH DWORD 0x1de1850
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindFirstFileExW
     1 0x740EBDF0  KernelBase.dll           JMP 0x1e60458
     2 0x01E60458  (anonymous)              PUSH DWORD 0x1de1760
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindNextFileW
     1 0x740E9F60  KernelBase.dll           JMP 0x1e6047a
     2 0x01E6047A  (anonymous)              PUSH DWORD 0x1de17d8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    HeapCreate
     1 0x740F8580  KernelBase.dll           JMP 0x1e605ac
     2 0x01E605AC  (anonymous)              PUSH DWORD 0x1de2318
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    LoadLibraryA
     1 0x740EA2F0  KernelBase.dll           JMP 0x4e900000
     2 0x4E900000  (anonymous)             
    
    LoadLibraryW
     1 0x740EC590  KernelBase.dll           JMP 0x645c0000
     2 0x645C0000  (anonymous)             
    
    MapViewOfFile
     1 0x740F3770  KernelBase.dll           JMP 0x1e60634
     2 0x01E60634  (anonymous)              PUSH DWORD 0x1de28b8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    MoveFileExW
     1 0x740FB3F0  KernelBase.dll           JMP 0x1e6038c
     2 0x01E6038C  (anonymous)              PUSH DWORD 0x1de0d88
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    MoveFileWithProgressW
     1 0x740FB410  KernelBase.dll           JMP 0x1e603d0
     2 0x01E603D0  (anonymous)              PUSH DWORD 0x1de0ef0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    OpenThread
     1 0x740EC340  KernelBase.dll           JMP 0x1e60238
     2 0x01E60238  (anonymous)              PUSH DWORD 0x1e5fe10
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    VirtualAlloc
     1 0x740F3430  KernelBase.dll           JMP 0x1e60612
     2 0x01E60612  (anonymous)              PUSH DWORD 0x1de24f8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    VirtualProtect
     1 0x740F4830  KernelBase.dll           JMP 0x688c0000
     2 0x688C0000  (anonymous)             
    
    VirtualProtectEx
     1 0x74173260  KernelBase.dll           JMP 0x5f8b0000
     2 0x5F8B0000  (anonymous)             
    
    WriteProcessMemory
     1 0x74107AC0  KernelBase.dll           JMP 0x1e6027c
     2 0x01E6027C  (anonymous)              PUSH DWORD 0x1e5ff00
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateWindowExA
     1 0x74B2BBE0  USER32.dll               JMP 0x700d2730
     2 0x700D2730  xul.dll                 
    
    CreateWindowExW
     1 0x74B12CD0  USER32.dll               JMP 0x6fc446b4
     2 0x6FC446B4  xul.dll                 
    
    FindWindowA
     1 0x74B25F90  USER32.dll               JMP 0x1e60c72
     2 0x01E60C72  (anonymous)              PUSH DWORD 0x1de0fe0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindWindowExA
     1 0x74B93B20  USER32.dll               JMP 0x1e60c94
     2 0x01E60C94  (anonymous)              PUSH DWORD 0x1de1058
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindWindowExW
     1 0x74B27F40  USER32.dll               JMP 0x1e60cd8
     2 0x01E60CD8  (anonymous)              PUSH DWORD 0x1de1148
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    FindWindowW
     1 0x74B1A3F0  USER32.dll               JMP 0x1e60cb6
     2 0x01E60CB6  (anonymous)              PUSH DWORD 0x1de10d0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    GetWindowInfo
     1 0x74B0D1C0  USER32.dll               JMP 0x74b0d1bb
     2 0x74B0D1BB  USER32.dll               JMP 0x70b74840
     3 0x70B74840  xul.dll                 
    
    GetWindowLongA
     1 0x74B22230  USER32.dll               JMP 0x1e60cfa
     2 0x01E60CFA  (anonymous)              PUSH DWORD 0x1de12b0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    GetWindowLongW
     1 0x74B17380  USER32.dll               JMP 0x1e60d1c
     2 0x01E60D1C  (anonymous)              PUSH DWORD 0x1de1328
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SendNotifyMessageA
     1 0x74B93E00  USER32.dll               JMP 0x1e60d82
     2 0x01E60D82  (anonymous)              PUSH DWORD 0x1de1580
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SendNotifyMessageW
     1 0x74B2BCF0  USER32.dll               JMP 0x1e60da4
     2 0x01E60DA4  (anonymous)              PUSH DWORD 0x1de15f8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetWindowLongA
     1 0x74B26E40  USER32.dll               JMP 0x1e60d3e
     2 0x01E60D3E  (anonymous)              PUSH DWORD 0x1de1490
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetWindowLongW
     1 0x74B0C470  USER32.dll               JMP 0x1e60d60
     2 0x01E60D60  (anonymous)              PUSH DWORD 0x1de1508
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetWindowsHookExA
     1 0x74B27DC0  USER32.dll               JMP 0x1e60c0c
     2 0x01E60C0C  (anonymous)              PUSH DWORD 0x1e5f5a0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetWindowsHookExW
     1 0x74B1AAE0  USER32.dll               JMP 0x1e60c2e
     2 0x01E60C2E  (anonymous)              PUSH DWORD 0x1e5f618
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetWinEventHook
     1 0x74B1AC00  USER32.dll               JMP 0x1e60c50
     2 0x01E60C50  (anonymous)              PUSH DWORD 0x1e5fd98
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    UserClientDllInitialize
     1 0x74B0A830  USER32.dll               JMP 0x1e60b62
     2 0x01E60B62  (anonymous)              PUSH DWORD 0x1de34e8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ClearBrushAttributes
     1 0x74CB99A0  GDI32.dll                JMP 0x1e60bc8
     2 0x01E60BC8  (anonymous)              PUSH DWORD 0x1de1b20
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateDIBSection
     1 0x74CB7430  GDI32.dll                JMP 0x74cb742b
     2 0x74CB742B  GDI32.dll                JMP 0x6ff4d4f6
     3 0x6FF4D4F6  xul.dll                 
    
    Gdi32DllInitialize
     1 0x74CB4E70  GDI32.dll                JMP 0x1e60b84
     2 0x01E60B84  (anonymous)              PUSH DWORD 0x1de3560
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ghICM
     1 0x74CD3034  GDI32.dll                ADD [EAX], AL
                                            JMP 0xe5cd30a9
     2 0xE5CD30A9  (unknown)               
    
    NamedEscape
     1 0x74CBC3A0  GDI32.dll                JMP 0x1e60bea
     2 0x01E60BEA  (anonymous)              PUSH DWORD 0x1de1b98
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    pGdiDevCaps
     1 0x74CD3030  GDI32.dll                ADD [EAX], AL
                                            MOV [EDX], EAX
                                            ADD [EAX], AL
                                            JMP 0xe5cd30a9
     2 0xE5CD30A9  (unknown)               
    
    SetBrushAttributes
     1 0x74CBE6A0  GDI32.dll                JMP 0x1e60ba6
     2 0x01E60BA6  (anonymous)              PUSH DWORD 0x1de1aa8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateThread
     1 0x74CFCF30  kernel32.dll             JMP 0x1e60656
     2 0x01E60656  (anonymous)              PUSH DWORD 0x1de2930
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateToolhelp32Snapshot
     1 0x74D0B000  kernel32.dll             JMP 0x1e601d2
     2 0x01E601D2  (anonymous)              PUSH DWORD 0x1e5fc30
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    GetStartupInfoA
     1 0x74CFCFB0  kernel32.dll             JMP 0x1e60546
     2 0x01E60546  (anonymous)              PUSH DWORD 0x1de20c0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    MapViewOfFile
     1 0x74CFC580  kernel32.dll             JMP 0x74cfc57b
     2 0x74CFC57B  kernel32.dll             JMP 0x6ff4dbe7
     3 0x6FF4DBE7  xul.dll                 
    
    MoveFileExA
     1 0x74D3C810  kernel32.dll             JMP 0x1e6036a
     2 0x01E6036A  (anonymous)              PUSH DWORD 0x1de0d10
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    MoveFileWithProgressA
     1 0x74D07470  kernel32.dll             JMP 0x1e603ae
     2 0x01E603AE  (anonymous)              PUSH DWORD 0x1de0e78
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    SetUnhandledExceptionFilter
     1 0x74CFDD30  kernel32.dll             JMP 0x74cfdd2b
     2 0x74CFDD2B  kernel32.dll             JMP 0x6fc91b09
     3 0x6FC91B09  xul.dll                 
    
    VirtualAlloc
     1 0x74CFA160  kernel32.dll             JMP 0x74cfa15b
     2 0x74CFA15B  kernel32.dll             JMP 0x6ff4ea1a
     3 0x6FF4EA1A  xul.dll                 
    
    WinExec
     1 0x74D3F7F0  kernel32.dll             JMP 0x68f10000
     2 0x68F10000  (anonymous)             
    
    CreateServiceA
     1 0x74DF2E40  ADVAPI32.dll             JMP 0x1e60986
     2 0x01E60986  (anonymous)              PUSH DWORD 0x1de0950
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CreateServiceW
     1 0x74DF2E60  ADVAPI32.dll             JMP 0x1e609a8
     2 0x01E609A8  (anonymous)              PUSH DWORD 0x1de09c8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptAcquireContextA
     1 0x74DE0890  ADVAPI32.dll             JMP 0x1e609ca
     2 0x01E609CA  (anonymous)              PUSH DWORD 0x1de18c8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptAcquireContextW
     1 0x74DDF550  ADVAPI32.dll             JMP 0x1e609ec
     2 0x01E609EC  (anonymous)              PUSH DWORD 0x1de1940
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptCreateHash
     1 0x74DDF8C0  ADVAPI32.dll             JMP 0x1e60a52
     2 0x01E60A52  (anonymous)              PUSH DWORD 0x1de1c10
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptEncrypt
     1 0x74DF33C0  ADVAPI32.dll             JMP 0x1e60a30
     2 0x01E60A30  (anonymous)              PUSH DWORD 0x1de1a30
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptExportKey
     1 0x74DDFDC0  ADVAPI32.dll             JMP 0x1e60a74
     2 0x01E60A74  (anonymous)              PUSH DWORD 0x1de1c88
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptGenKey
     1 0x74DE3BF0  ADVAPI32.dll             JMP 0x1e60a0e
     2 0x01E60A0E  (anonymous)              PUSH DWORD 0x1de19b8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptGetHashParam
     1 0x74DDF750  ADVAPI32.dll             JMP 0x1e60a96
     2 0x01E60A96  (anonymous)              PUSH DWORD 0x1de1d00
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptHashData
     1 0x74DDF990  ADVAPI32.dll             JMP 0x1e60ab8
     2 0x01E60AB8  (anonymous)              PUSH DWORD 0x1de1d78
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CryptImportKey
     1 0x74DDFC00  ADVAPI32.dll             JMP 0x1e60ada
     2 0x01E60ADA  (anonymous)              PUSH DWORD 0x1de1df0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    send
     1 0x755563A0  WS2_32.dll               JMP 0x1e60b1e
     2 0x01E60B1E  (anonymous)              PUSH DWORD 0x1de2228
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    WSASend
     1 0x75550F70  WS2_32.dll               JMP 0x1e60b40
     2 0x01E60B40  (anonymous)              PUSH DWORD 0x1de22a0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ChangeServiceConfigA
     1 0x7743A660  sechost.dll              JMP 0x1e60920
     2 0x01E60920  (anonymous)              PUSH DWORD 0x1de0770
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ChangeServiceConfigW
     1 0x77419B20  sechost.dll              JMP 0x1e60942
     2 0x01E60942  (anonymous)              PUSH DWORD 0x1de07e8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    CloseServiceHandle
     1 0x7741C1A0  sechost.dll              JMP 0x1e60964
     2 0x01E60964  (anonymous)              PUSH DWORD 0x1de0860
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ControlService
     1 0x77419BC0  sechost.dll              JMP 0x1e608dc
     2 0x01E608DC  (anonymous)              PUSH DWORD 0x1de0680
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ControlServiceExA
     1 0x7743A7F0  sechost.dll              JMP 0x1e60898
     2 0x01E60898  (anonymous)              PUSH DWORD 0x1de0590
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    ControlServiceExW
     1 0x77419CB0  sechost.dll              JMP 0x1e608ba
     2 0x01E608BA  (anonymous)              PUSH DWORD 0x1de0608
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    DeleteService
     1 0x7743ACC0  sechost.dll              JMP 0x1e608fe
     2 0x01E608FE  (anonymous)              PUSH DWORD 0x1de06f8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    OpenServiceA
     1 0x77419860  sechost.dll              JMP 0x1e60854
     2 0x01E60854  (anonymous)              PUSH DWORD 0x1de04a0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    OpenServiceW
     1 0x7741C130  sechost.dll              JMP 0x1e60876
     2 0x01E60876  (anonymous)              PUSH DWORD 0x1de0518
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    LdrLoadDll
     1 0x77569E30  ntdll.dll                JMP 0x1f87940
     2 0x01F87940  mozglue.dll             
    
    NtAdjustPrivilegesToken
     1 0x775AE010  ntdll.dll                JMP 0x1e603f2
     2 0x01E603F2  (anonymous)              PUSH DWORD 0x1de0f68
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateFile
     1 0x775AE150  ntdll.dll                JMP 0x1e6058a
     2 0x01E6058A  (anonymous)              PUSH DWORD 0x1de21b0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateMutant
     1 0x775AE690  ntdll.dll                JMP 0x1e60766
     2 0x01E60766  (anonymous)              PUSH DWORD 0x1de3128
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateProcess
     1 0x775AE6F0  ntdll.dll                JMP 0x1e600c2
     2 0x01E600C2  (anonymous)              PUSH DWORD 0x1e5f7f8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateProcessEx
     1 0x775AE0D0  ntdll.dll                JMP 0x1e600e4
     2 0x01E600E4  (anonymous)              PUSH DWORD 0x1e5f870
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateSection
     1 0x775AE0A0  ntdll.dll                JMP 0x1e607aa
     2 0x01E607AA  (anonymous)              PUSH DWORD 0x1de3218
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateThread
     1 0x775AE0E0  ntdll.dll                JMP 0x1e600a0
     2 0x01E600A0  (anonymous)              PUSH DWORD 0x1e5f780
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtCreateThreadEx
     1 0x775AE760  ntdll.dll                JMP 0x1e6007e
     2 0x01E6007E  (anonymous)              PUSH DWORD 0x1e5f708
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtDuplicateObject
     1 0x775ADFC0  ntdll.dll                JMP 0x1e601b0
     2 0x01E601B0  (anonymous)              PUSH DWORD 0x1e5fb40
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtLoadDriver
     1 0x775AEB90  ntdll.dll                JMP 0x1e60304
     2 0x01E60304  (anonymous)              PUSH DWORD 0x1de0b30
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtMapViewOfSection
     1 0x775ADE80  ntdll.dll                JMP 0x1e60018
     2 0x01E60018  (anonymous)              PUSH DWORD 0x1e5f4b0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtOpenFile
     1 0x775ADF30  ntdll.dll                JMP 0x1e60568
     2 0x01E60568  (anonymous)              PUSH DWORD 0x1de2138
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtOpenProcess
     1 0x775ADE60  ntdll.dll                JMP 0x1e6016c
     2 0x01E6016C  (anonymous)              PUSH DWORD 0x1e5fa50
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtOpenProcessToken
     1 0x775AED90  ntdll.dll                JMP 0x1e604e0
     2 0x01E604E0  (anonymous)              PUSH DWORD 0x1de1ee0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtOpenSection
     1 0x775ADF70  ntdll.dll                JMP 0x1e60788
     2 0x01E60788  (anonymous)              PUSH DWORD 0x1de31a0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtQueryInformationToken
     1 0x775ADE10  ntdll.dll                JMP 0x1e60502
     2 0x01E60502  (anonymous)              PUSH DWORD 0x1de1f58
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtQueueApcThread
     1 0x775AE050  ntdll.dll                JMP 0x1e6018e
     2 0x01E6018E  (anonymous)              PUSH DWORD 0x1e5fac8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSetContextThread
     1 0x775AF380  ntdll.dll                JMP 0x1e6014a
     2 0x01E6014A  (anonymous)              PUSH DWORD 0x1e5f9d8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSetInformationProcess
     1 0x775ADDC0  ntdll.dll                JMP 0x1e602e2
     2 0x01E602E2  (anonymous)              PUSH DWORD 0x1de0ab8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSetSystemInformation
     1 0x775AF570  ntdll.dll                JMP 0x1e60326
     2 0x01E60326  (anonymous)              PUSH DWORD 0x1de0ba8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSetValueKey
     1 0x775AE200  ntdll.dll                JMP 0x1e607ee
     2 0x01E607EE  (anonymous)              PUSH DWORD 0x1de3308
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSuspendProcess
     1 0x775AF680  ntdll.dll                JMP 0x1e60216
     2 0x01E60216  (anonymous)              PUSH DWORD 0x1e5fd20
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSuspendThread
     1 0x775AF690  ntdll.dll                JMP 0x1e601f4
     2 0x01E601F4  (anonymous)              PUSH DWORD 0x1e5fca8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtSystemDebugControl
     1 0x775AF6A0  ntdll.dll                JMP 0x1e607cc
     2 0x01E607CC  (anonymous)              PUSH DWORD 0x1de3290
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtTerminateProcess
     1 0x775ADEC0  ntdll.dll                JMP 0x1e602c0
     2 0x01E602C0  (anonymous)              PUSH DWORD 0x1de0a40
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtUnmapViewOfSection
     1 0x775ADEA0  ntdll.dll                JMP 0x1e6003a
     2 0x01E6003A  (anonymous)              PUSH DWORD 0x1e5f528
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    NtWriteVirtualMemory
     1 0x775ADFA0  ntdll.dll                JMP 0x1e60128
     2 0x01E60128  (anonymous)              PUSH DWORD 0x1e5f960
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    RtlCreateProcessParametersEx
     1 0x77562F50  ntdll.dll                JMP 0x1e6029e
     2 0x01E6029E  (anonymous)              PUSH DWORD 0x1de08d8
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    RtlEqualSid
     1 0x7756FFB0  ntdll.dll                JMP 0x1e60524
     2 0x01E60524  (anonymous)              PUSH DWORD 0x1de1fd0
                                            JMP 0x1e70000
     3 0x01E70000  (anonymous)             
    
    
     
  17. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Frezhnacz
    Good thought. I did that, and then as an extra measure, disabled service, rebooted and ran the upgrade after login. Success. Thanks!
     
  18. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,839
    Location:
    the Netherlands
    Good that it worked, but as additionally to setting Action mode to Silent audit you also disabled the service, we cannot tell if only setting Action mode to Silent audit would have been enough. But perhaps you could try that another time, if you'd like.
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    A heads up to anyone running Norton. If you receive 22.8.0.50 and run Get Support after you might receive this crap.
    Bullshit!.PNG
    Note too that MBAM is the free version on this machine. :thumbd:

    I have already let Symantec know how I feel about this.
     
  20. cavehomme

    cavehomme Registered Member

    Joined:
    May 19, 2010
    Posts:
    137
    Location:
    Alps
    I think this is a very serious issue for Keepass users. HMP.alert does recognise Keepass as "other" and protects keystrokes once the application is fully opened, HOWEVER, it does not appear to be encrypting Keepass at the crucial point when Keepass initially pops up the the request for the Keepass master password, which is the key to the Kingdom!!!

    When this Keepass master password request is running, if I look under "running applications" in HMP.alert, Keepass is not showing as running nor protected, therefore that's why I suspect there is no encryption or any other protection of Keepass at this crucial initial point. Once the password is entered and Keepass is fully launched, then Keepass appears in "running applications" in HMP.alert.

    I may have missed on this long thread if there is any fix proposed, would appreciate very much an update, thanks.
     
  21. Roxl

    Roxl Registered Member

    Joined:
    Feb 24, 2016
    Posts:
    12
    Still unable to start up my machine, if hmpa is installed.
    Anyone else?
    First restart leads me to a unresponsive Loginscreen of my win 10 pro UA, which shuts down automatically after about 10 seconds.
    After the third unsuccessful reboot windows let me boot in safe mode, where i have to uninstall hmpa to get back to my desktop.
    - I have turned off secure boot in bios
    - I have disabled all the protection settings in hmpa before restarting
    ...still the same issue.
    Before updating to win 10 AU from win 10 everything went well.
    It would be great if I could still use a few days of my license. ;)
     
  22. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Have you tried the HMP.A Uninstall Tool for a fresh install?

    32-bit: http://dl.surfright.nl/hmpalert-uninstall.exe

    64-bit: http://dl.surfright.nl/hmpalert-uninstall_x64.exe
     
  23. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
    ...but, more importantly, have you tried uninstalling Bitdefender Total Security 2016??
     
  24. guest

    guest Guest

    Applications, that are not displayed in the taskbar are not shown in the "Protected"/"Unprotected"-list.
    Keypass minimized to the tray = Not shown in the "Protected"-list.
    You can observe it with all programs that can be minimized to the tray.
    As soon as it's minimized it disappears from the list. That doesn't mean that the protection is gone too.

    And if you have selected: "Remember and automatically open last used database on startup", you won't see it listed until you entered your password and the Keypass-window is opened.
    Then it appears, correct?
    But even if it's not shown, HMP.A is protecting the entering of the master password.
    I think you'll notice too that there is no border around the "Enter Master key"-window. Nevertheless HMP.A is doing it's Keystroke Encryption.
    HMP.A_Keypass.png
    Keypass is not listed + no colored border but you can see that Keystrokes are encrypted (i only entered 11111111 as password)
     
  25. Roxl

    Roxl Registered Member

    Joined:
    Feb 24, 2016
    Posts:
    12
    @Krusty13
    I used the uninstaller tool of hmpa without success. thx you

    @test
    I've uninstalled Bitdefender 2016 suite. Unfortunately still not a solution. thanks. Btw after reinstalling AV i've now Bitdefender 2017 on the machine. :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.