Hitman Pro Support and Discussion Thread

Received an email from Sophos yesterday that my HitmanPro license expires in 14 days.

As far as I know all my licenses last much longer. I have emailed them about this, but it's weekend, so I don't expect a reply until next week (which is fine).

Anyone else unexpectedly received such a mail?

Update: won't get an email on that reply:

Code:

<hitmanpro.renewals@sophos.com>: host mx4.sophos.com[198.144.101.26] said: 550
   5.1.1 <hitmanpro.renewals@sophos.com>: Recipient address rejected: User
    unknown in relay recipient table (in reply to RCPT TO command)

 

Yes, this morning I received an email from Sophos that my HitmanPro license expires within the next 14 days!
My license will actually expire in 7 day's.

 

Any Black Friday Deals/ Promotions this year?

 

@erikloman
@markloman

False positive report

Yesterday, I updated Tracker Software Products' PDF-XChange Viewer version 2.5.318.1 to version 2.5.319.0.
Last night, HitmanPro detected PDF-XChange Viewer version 2.5.319.0 component TrackerUpdate.exe as ransomware.
This is because Kaspersky detects that new TrackerUpdate.exe file version as Trojan-Ransom.Win32.Gen.uo.
Quite the false positive!

In HitmanPro, I reported the new TrackerUpdate.exe file version as safe.
However, I don't know if this only marks it as safe on my system, or whether it is reported to SurfRight as well.
Because I don't know if the report as safe option in HitmanPro reports to SurfRight, I report in this thread.

See spoiler:

Spoiler: HitmanPro log, TrackerUpdate.exe false positive

Code:

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : XXXXX
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : XXXXX\XXXXX
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (XXX days left)

   Scan date . . . . . . : 2016-11-30 01:48:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 24s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1.210.492
   Files scanned . . . . : 12.066
   Remnants scanned  . . : 159.009 files / 1.039.417 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA800479A060
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88006B97F80 \??\C:\Windows\system32\drivers\hmpalert.sys+147328
   Solution
      DriverObject . . . : FFFFFA800479A060
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000C634D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Malware _____________________________________________________________________

   C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
      Size . . . . . . . : 4.630.208 bytes
      Age  . . . . . . . : 0.2 days (2016-11-29 21:25:57)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 899909CFD6CB8BFC8CF6DDBD2EA1E14B3BE5447BDB6A1C6D86B144F6E8F425BC
      Product  . . . . . : Tracker Update
      Publisher  . . . . : Tracker Software Products (Canada) Ltd.
      Description  . . . : Tracker Update
      Version  . . . . . : 6.0.0319.0000
      Copyright  . . . . : Copyright (C) 2001-2016 by Tracker Software Products (Canada) Ltd.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : Trojan-Ransom.Win32.Gen.uo
      Fuzzy  . . . . . . : 95.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\Tracker Updater.lnk
      Forensic Cluster
         -39.0s C:\Windows\Prefetch\PDFXVWER_2.5.319.0.EXE-4744242A.pf
         -38.7s C:\Windows\Prefetch\PDFXVWER_2.5.319.0.TMP-24754489.pf
         -36.4s C:\Windows\Prefetch\PDFXVWER_2.5.319.0.TMP-271E23A8.pf
         -9.6s C:\Program Files\Tracker Software\PDF Viewer\unins000.exe
         -9.6s C:\Program Files\Tracker Software\InnoCA.dll
         -9.5s C:\Program Files\Tracker Software\PDF Viewer\Help\PDFVLicense.pdf
         -9.5s C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
         -9.5s C:\Program Files\Tracker Software\PDF Viewer\Help\PDFVwrManSm.pdf
         -8.3s C:\Program Files\Tracker Software\PDF Viewer\resource.dat
         -8.2s C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.tlb
         -8.2s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Ar.xml
         -8.2s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Br.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_CAT.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Chs.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Cht.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Cz.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Da.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_De.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_EL.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_FA.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Fin.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_FR.xml
         -8.1s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_FRY.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Hr.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Hun.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_IT.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\pdfxvw_jpn.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_KR.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_ned.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_NO.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_PL.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Pt.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_ROM.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_SI.xml
         -8.0s C:\Program Files\Tracker Software\PDF Viewer\Languages\pdfxvw_sk.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_SPA.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_SR.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_Sv.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\PDFXVW_TR.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\pxcv_ru.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\Languages\pxcv_ua.xml
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\Ask.png
         -7.9s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\bing.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\google.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\Seznam.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\UAmeta.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\wikipedia.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\yahoo.png
         -7.8s C:\Program Files\Tracker Software\PDF Viewer\SearchProviders\yandex.png
         -7.3s C:\Windows\Prefetch\REGSVR32.EXE-8461DBEE.pf
         -2.3s C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
         -2.0s C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
         -2.0s C:\Program Files\Tracker Software\Shell Extensions\PDFProperties.propdesc
         -0.6s C:\Program Files\Tracker Software\PDF Viewer\ocrdats\eng_pxvocr.dat
         -0.4s C:\Program Files\Tracker Software\PDF Viewer\ocrdats\eng.lng
         -0.0s C:\Users\XXXXX\AppData\Local\Temp\TrackerUpdate\
          0.0s C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
          0.0s C:\Windows\Prefetch\TRACKERUPDATE.EXE-2DE63C47.pf
          1.1s C:\ProgramData\Tracker Software\TrackerUpdate\Download\
          1.1s C:\ProgramData\Tracker Software\TrackerUpdate\Icons\
          1.1s C:\ProgramData\Tracker Software\TrackerUpdate\
          1.1s C:\Program Files\Tracker Software\Vault\XCVault.exe
          5.7s C:\Windows\Prefetch\XCVAULT.EXE-69501C4C.pf
          9.2s C:\ProgramData\Microsoft\Windows\Caches\{FAFC152D-416E-4D8E-92DC-A9D141CADD5E}.2.ver0x0000000000000005.db
          9.2s C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000016.db

 

Confirmed!

 

Creating restore point....

Restore point did not show with System Restore.

?

 

Perhaps the System Restore was aborted, or not even initiated.
Look into the Event Viewer to see eventual error messages

 

Yeah, further testing and Event Viewer suggest not HitmanPro.

e.g., Successfully created restore point (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Description = Checkpoint by HitmanPro).
Successfully created (if true) is not populating to Restore your computer to the state... list.

Most of Event Viewer is over-my-pay-grade.
Maybe, issue related to recent 1511 to 1607 update.
Discussing here would be off-topic.
Thanks!

 

I will be interested in any anti-malware comparative using the latest Malwarebytes scanner and HMP--for that matter, Zemana also. I hope one is in the works as I speak. Rapid scan times are great but how's the detection? I prefer HMP and it picks up enough cloud stuff so that I am confident it's not just going thru the motions. By the way, HMP's scan duration for me is typically 40-50 sec. for 1,100,000 items; MB is 35-40 sec for 350,000. That's nice, now let's see about the detection rates.

 

I am not sure if this has been mentioned before. When Hitmanpro 3.7.15 build 281 finishes running, If it finds some tracking cookies. the final page lists:
at the top of the page: NO THREATS FOUND
below that : Threats Detected 5 (it found 5 tracking cookies)

It appears there are no threats except the 5 threats I found.
Is this by design?

 

Tracking cookies are not seen as malicious from HMP. So you'll see "No Threats Found" at the top of the page.
But at least they will be listed as "Detected" in the list, with the option to remove them.

 

It is confusing that it calls non-threats threats. It should use another term of other wording to make it more clear. In my opinion, it makes it look to the user as though HMPA is conflicted in what it found. An inexperienced user might not trust the results.

 

I recall somewhere developers said that some users regarded track cookies as threats to privacy so it's labeled as such, but yes, it's contradictory in a way. You can untick "scan for tracking cookies" in HMP settings lower left tab on interface and it shouldn't pick them up if you don't want it to.

 

Perhaps they can label them "Privacy and Other Threats" and "Malware Threats". That way thw "Threats Found" at the top will always match the combination of Privacy and Other Threats and Malware Threats. It is confusing the way it is now.

 

did a scan with the latest build on Win10 x64 home, no such things appeared on my scan. maybe you are infected .

 

Hi @erikloman and Hi @markloman

Can you check the 3 Files and whitelisted the 3 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Perhaps they can label them Privacy Threats and Malware Threats. That way they "Threats Found" will always match the combination of Privacy Threats and Malware Threats. It is confusing the way it is now.

Yes, that happens to me when It does NOT find any cookies.

 

For some reason, HMP is scheduled to scan at 12:00 (midday) on my new machine but it has been scanning at or around 00:00 (midnight) instead. I've just reinstalled it and will see what tomorrow brings. Yes, the system time, date and time zone are all correct.

 

Except you can't. You can only set it on the hour, but I could try 11:00.

 

Problem solved!

HMP scanned right on time today.

 

Whenever I change my Chrome homepage from the default it shows up on Hitman Pro scans as a problem or warning. The fix if allowed simply changes the homepage back to default. Why is this happening?

 

This is because have sold sophos
does not mean that no longer squeak questions

@erikloman
@markloman

 

Hello!