HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
    Unfortunately, I am stuck with Foxit Reader, because it has a clearer display for certain fonts that I work with, so it is much less tiring to the eyes. I can't find a PDF Reader with a similarly clear display of these fonts.
     
  2. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    I don't know if and why Foxit Reader is not automatically added to HMPA's protected applications.
    I don't use Foxit Reader, perhaps someone who uses Foxit Reader can tell.
    (And please don't say 'apps' for applications, it's horrible. ;))

    Regarding Mitigation Lockdown, the same happens with PDF-XChange Viewer and PDF-XChange Editor internal updaters.
    I use PDF-XChange Editor, but I don't use it's internal updater (I don't even install that updater component).
    For updating, I download PDF-XChange Editor's latest installer and run it.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Have you tried Nitro PDF?

    https://www.gonitro.com/pdf-reader
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,549
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    It's been a while since I used it so can't confirm how it is with the latest HMPA, sorry. FWIW it's a lighter than Adobe Acrobat Reader and worked better than Foxit for me.
     
  6. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Has this been reported already?
    Code:
    Log Name:      Application
    Source:        HitmanPro.Alert
    Date:          2/09/2017 11:10:52 AM
    Event ID:      911
    Task Category: Intruder
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      David-HP
    Description:
    Intruder
    
    PID          8380
    Application  C:\Program Files\Mozilla Firefox\firefox.exe
    Description  Firefox 55.0.3
    
    Detour Report
    #  Address             Owner                    Disassembly
    -- ------------------  ------------------------ ------------------------
    PR_Close
     1 0x00007FFAE3F8E3B0  nss3.dll                 JMP 0x7ffa800001bf
     2 0x00007FFA800001BF  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa8000023d
                                            JMP 0x7ffa800001e5
     3 0x00007FFA800001E5  (unknown)               
    
    PR_Read *
     1 0x00007FFAE3F8E3B8  nss3.dll                 JMP 0x7ffa80000461
     2 0x00007FFA80000461  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa800004df
                                            JMP 0x7ffa8000047d
     3 0x00007FFA8000047D  (unknown)               
    
    PR_Write *
     1 0x00007FFAE3F8E3C0  nss3.dll                 JMP 0x7ffa80000310
     2 0x00007FFA80000310  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa8000038e
                                            JMP 0x7ffa8000032c
     3 0x00007FFA8000032C  (unknown)               
    
    SSL_SetURL
     1 0x00007FFAE401F8D4  nss3.dll                 JMP 0x7ffa80000070
     2 0x00007FFA80000070  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa800000ee
                                            JMP 0x7ffa80000091
     3 0x00007FFA80000091  (unknown)               
    
    CreateFileA
     1 0x00007FFB0FE537D0  KernelBase.dll           JMP 0x7ffb00040462
     2 0x00007FFB00040462  (unknown)               
    
    CreateFileMappingNumaW
     1 0x00007FFB0FE6D980  KernelBase.dll           JMP 0x7ffb00030465
     2 0x00007FFB00030465  (unknown)               
    
    CreateFileMappingW
     1 0x00007FFB0FE6D950  KernelBase.dll           JMP 0x7ffb00030eee
     2 0x00007FFB00030EEE  (unknown)               
    
    CreateFileW
     1 0x00007FFB0FE50010  KernelBase.dll           JMP 0x7ffb00030c49
     2 0x00007FFB00030C49  (unknown)               
    
    CreateProcessInternalW
     1 0x00007FFB0FE53D40  KernelBase.dll           JMP 0x7ffad7c60dd4
     2 0x00007FFAD7C60DD4  (unknown)               
    
    CreateRemoteThreadEx
     1 0x00007FFB0FE58130  KernelBase.dll           JMP 0x7ffb00040851
     2 0x00007FFB00040851  (unknown)               
    
    HeapCreate
     1 0x00007FFB0FE7A590  KernelBase.dll           JMP 0x7ffb000405b1
     2 0x00007FFB000405B1  (unknown)               
    
    LoadLibraryA
     1 0x00007FFB0FE7A2B0  KernelBase.dll           JMP 0x7ffb000401c0
     2 0x00007FFB000401C0  (unknown)               
    
    LoadLibraryExA
     1 0x00007FFB0FE7A300  KernelBase.dll           JMP 0x7ffb00040af1
     2 0x00007FFB00040AF1  (unknown)               
    
    LoadLibraryExW
     1 0x00007FFB0FE4E8F0  KernelBase.dll           JMP 0x7ffb00040701
     2 0x00007FFB00040701  (unknown)               
    
    LoadLibraryW
     1 0x00007FFB0FE810B0  KernelBase.dll           JMP 0x7ffb00030707
     2 0x00007FFB00030707  (unknown)               
    
    MapViewOfFile
     1 0x00007FFB0FE6CB80  KernelBase.dll           JMP 0x7ffb00040070
     2 0x00007FFB00040070  (unknown)               
    
    MapViewOfFileEx
     1 0x00007FFB0FE6DC20  KernelBase.dll           JMP 0x7ffb000309a5
     2 0x00007FFB000309A5  (unknown)               
    
    VirtualAlloc
     1 0x00007FFB0FE6AC10  KernelBase.dll           JMP 0x7ffb00030312
     2 0x00007FFB00030312  (unknown)               
    
    VirtualAllocEx
     1 0x00007FFB0FE1FF00  KernelBase.dll           JMP 0x7ffb0004030f
     2 0x00007FFB0004030F  (unknown)               
    
    VirtualProtect
     1 0x00007FFB0FE71700  KernelBase.dll           JMP 0x7ffb00030856
     2 0x00007FFB00030856  (unknown)               
    
    VirtualProtectEx
     1 0x00007FFB0FE14460  KernelBase.dll           JMP 0x7ffb00030d9f
     2 0x00007FFB00030D9F  (unknown)               
    
    WriteProcessMemory
     1 0x00007FFB0FE89A40  KernelBase.dll           JMP 0x7ffb000409a0
     2 0x00007FFB000409A0  (unknown)               
    
    GetMessageA
     1 0x00007FFB12C2F610  USER32.dll               JMP 0x7ffad7c60cd8
     2 0x00007FFAD7C60CD8  (unknown)               
    
    GetMessageW
     1 0x00007FFB12C32C40  USER32.dll               JMP 0x7ffad7c60c94
     2 0x00007FFAD7C60C94  (unknown)               
    
    PeekMessageA
     1 0x00007FFB12C2EF80  USER32.dll               JMP 0x7ffad7c60c58
     2 0x00007FFAD7C60C58  (unknown)               
    
    PeekMessageW
     1 0x00007FFB12C2F0B0  USER32.dll               JMP 0x7ffad7c60c18
     2 0x00007FFAD7C60C18  (unknown)               
    
    CreateFileMappingA
     1 0x00007FFB12D7AE80  kernel32.dll             JMP 0x7ffb00030070
     2 0x00007FFB00030070  (unknown)               
    
    CreateProcessA
     1 0x00007FFB12D7B190  kernel32.dll             JMP 0x7ffb00020ee5
     2 0x00007FFB00020EE5  (unknown)               
    
    CreateProcessInternalA
     1 0x00007FFB12D96A30  kernel32.dll             JMP 0x7ffb00020af2
     2 0x00007FFB00020AF2  (unknown)               
    
    CreateProcessInternalW
     1 0x00007FFB12D96AB0  kernel32.dll             JMP 0x7ffb000301c1
     2 0x00007FFB000301C1  (unknown)               
    
    CreateProcessW
     1 0x00007FFB12D7BA30  kernel32.dll             JMP 0x7ffb00020c43
     2 0x00007FFB00020C43  (unknown)               
    
    SetProcessDEPPolicy
     1 0x00007FFB12D7F8F0  kernel32.dll             JMP 0x7ffb000209a2
     2 0x00007FFB000209A2  (unknown)               
    
    WinExec
     1 0x00007FFB12DBE3B0  kernel32.dll             JMP 0x7ffb00020d94
     2 0x00007FFB00020D94  (unknown)               
    
    NdrpClientCall2
     1 0x00007FFB134C1040  rpcrt4.dll               JMP 0x7ffad7c60d54
     2 0x00007FFAD7C60D54  (unknown)               
    
    KiUserApcDispatcher
     1 0x00007FFB137B8F70  ntdll.dll                JMP 0x7ffad7c60d16
     2 0x00007FFAD7C60D16  (unknown)               
    
    KiUserExceptionDispatcher
     1 0x00007FFB137B90D0  ntdll.dll                JMP 0x7ffad7c60d96
     2 0x00007FFAD7C60D96  (unknown)               
    
    LdrFindEntryForAddress
     1 0x00007FFB13785380  ntdll.dll                JMP 0x7ffb00010d98
     2 0x00007FFB00010D98  (unknown)                MOV RAX, 0x199cd3e0070
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffb00010e16
                                            JMP 0x7ffb00010db9
     3 0x00007FFB00010DB9  (unknown)               
    
    LdrGetProcedureAddress
     1 0x00007FFB13795260  ntdll.dll                JMP 0x7ffb00010461
     2 0x00007FFB00010461  (unknown)               
    
    LdrGetProcedureAddressForCaller
     1 0x00007FFB13724E30  ntdll.dll                JMP 0x7ffb00010ee7
     2 0x00007FFB00010EE7  (unknown)               
    
    LdrLoadDll
     1 0x00007FFB1372C340  ntdll.dll                JMP 0x7ffb00010c49
     2 0x00007FFB00010C49  (unknown)               
    
    LdrResolveDelayLoadedAPI
     1 0x00007FFB13723FA0  ntdll.dll                JMP 0x7ffb00020311
     2 0x00007FFB00020311  (unknown)               
    
    NtAllocateVirtualMemory
     1 0x00007FFB137B5690  ntdll.dll                JMP 0x7ffad7c60f16
     2 0x00007FFAD7C60F16  (unknown)               
    
    NtCreateFile
     1 0x00007FFB137B5E30  ntdll.dll                JMP 0x7ffb00020850
     2 0x00007FFB00020850  (unknown)               
    
    NtCreateProcess
     1 0x00007FFB137B69C0  ntdll.dll                JMP 0x7ffb000105b4
     2 0x00007FFB000105B4  (unknown)               
    
    NtCreateSection
     1 0x00007FFB137B5CD0  ntdll.dll                JMP 0x7ffb000201bf
     2 0x00007FFB000201BF  (unknown)               
    
    NtCreateThreadEx
     1 0x00007FFB137B6AA0  ntdll.dll                JMP 0x7ffb00010856
     2 0x00007FFB00010856  (unknown)               
    
    NtCreateUserProcess
     1 0x00007FFB137B6B80  ntdll.dll                JMP 0x7ffb000101bf
     2 0x00007FFB000101BF  (unknown)               
    
    NtFreeVirtualMemory
     1 0x00007FFB137B5750  ntdll.dll                JMP 0x7ffad7c60ed6
     2 0x00007FFAD7C60ED6  (unknown)               
    
    NtMapViewOfSection
     1 0x00007FFB137B5890  ntdll.dll                JMP 0x7ffb000205af
     2 0x00007FFB000205AF  (unknown)               
    
    NtProtectVirtualMemory
     1 0x00007FFB137B5D90  ntdll.dll                JMP 0x7ffb00020070
     2 0x00007FFB00020070  (unknown)               
    
    NtSetInformationProcess
     1 0x00007FFB137B5710  ntdll.dll                JMP 0x7ffb000206fe
     2 0x00007FFB000206FE  (unknown)               
    
    NtUnmapViewOfSection
     1 0x00007FFB137B58D0  ntdll.dll                JMP 0x7ffad7c60e56
     2 0x00007FFAD7C60E56  (unknown)               
    
    NtWaitForDebugEvent
     1 0x00007FFB137B8BE0  ntdll.dll                JMP 0x7ffad7c60fd6
     2 0x00007FFAD7C60FD6  (unknown)               
    
    NtWriteVirtualMemory
     1 0x00007FFB137B5AD0  ntdll.dll                JMP 0x7ffb000109a8
     2 0x00007FFB000109A8  (unknown)               
    
    RtlCreateHeap
     1 0x00007FFB13749970  ntdll.dll                JMP 0x7ffb00010311
     2 0x00007FFB00010311  (unknown)               
    
    RtlInstallFunctionTableCallback
     1 0x00007FFB13783F90  ntdll.dll                JMP 0x7ffad7c60f98
     2 0x00007FFAD7C60F98  (unknown)               
    
    RtlPcToFileHeader
     1 0x00007FFB1372B9F0  ntdll.dll                JMP 0x7ffb00010706
     2 0x00007FFB00010706  (unknown)                MOV RAX, 0x199cd3e0070
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffb00010784
                                            JMP 0x7ffb00010727
     3 0x00007FFB00010727  (unknown)               
    
    
    Thumbprint
    2f4260f0b06342c88789af51376351cf4dd5c429e1e845b37390a6176acbeb41
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>3</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2017-09-02T01:10:52.330800200Z" />
        <EventRecordID>18960</EventRecordID>
        <Channel>Application</Channel>
        <Computer>David-HP</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files\Mozilla Firefox\firefox.exe</Data>
        <Data>Intruder</Data>
        <Data>Intruder
    
    PID          8380
    Application  C:\Program Files\Mozilla Firefox\firefox.exe
    Description  Firefox 55.0.3
    
    Detour Report
    #  Address             Owner                    Disassembly
    -- ------------------  ------------------------ ------------------------
    PR_Close
     1 0x00007FFAE3F8E3B0  nss3.dll                 JMP 0x7ffa800001bf
     2 0x00007FFA800001BF  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa8000023d
                                            JMP 0x7ffa800001e5
     3 0x00007FFA800001E5  (unknown)               
    
    PR_Read *
     1 0x00007FFAE3F8E3B8  nss3.dll                 JMP 0x7ffa80000461
     2 0x00007FFA80000461  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa800004df
                                            JMP 0x7ffa8000047d
     3 0x00007FFA8000047D  (unknown)               
    
    PR_Write *
     1 0x00007FFAE3F8E3C0  nss3.dll                 JMP 0x7ffa80000310
     2 0x00007FFA80000310  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa8000038e
                                            JMP 0x7ffa8000032c
     3 0x00007FFA8000032C  (unknown)               
    
    SSL_SetURL
     1 0x00007FFAE401F8D4  nss3.dll                 JMP 0x7ffa80000070
     2 0x00007FFA80000070  (unknown)                MOV RAX, 0x199cd3e0000
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffa800000ee
                                            JMP 0x7ffa80000091
     3 0x00007FFA80000091  (unknown)               
    
    CreateFileA
     1 0x00007FFB0FE537D0  KernelBase.dll           JMP 0x7ffb00040462
     2 0x00007FFB00040462  (unknown)               
    
    CreateFileMappingNumaW
     1 0x00007FFB0FE6D980  KernelBase.dll           JMP 0x7ffb00030465
     2 0x00007FFB00030465  (unknown)               
    
    CreateFileMappingW
     1 0x00007FFB0FE6D950  KernelBase.dll           JMP 0x7ffb00030eee
     2 0x00007FFB00030EEE  (unknown)               
    
    CreateFileW
     1 0x00007FFB0FE50010  KernelBase.dll           JMP 0x7ffb00030c49
     2 0x00007FFB00030C49  (unknown)               
    
    CreateProcessInternalW
     1 0x00007FFB0FE53D40  KernelBase.dll           JMP 0x7ffad7c60dd4
     2 0x00007FFAD7C60DD4  (unknown)               
    
    CreateRemoteThreadEx
     1 0x00007FFB0FE58130  KernelBase.dll           JMP 0x7ffb00040851
     2 0x00007FFB00040851  (unknown)               
    
    HeapCreate
     1 0x00007FFB0FE7A590  KernelBase.dll           JMP 0x7ffb000405b1
     2 0x00007FFB000405B1  (unknown)               
    
    LoadLibraryA
     1 0x00007FFB0FE7A2B0  KernelBase.dll           JMP 0x7ffb000401c0
     2 0x00007FFB000401C0  (unknown)               
    
    LoadLibraryExA
     1 0x00007FFB0FE7A300  KernelBase.dll           JMP 0x7ffb00040af1
     2 0x00007FFB00040AF1  (unknown)               
    
    LoadLibraryExW
     1 0x00007FFB0FE4E8F0  KernelBase.dll           JMP 0x7ffb00040701
     2 0x00007FFB00040701  (unknown)               
    
    LoadLibraryW
     1 0x00007FFB0FE810B0  KernelBase.dll           JMP 0x7ffb00030707
     2 0x00007FFB00030707  (unknown)               
    
    MapViewOfFile
     1 0x00007FFB0FE6CB80  KernelBase.dll           JMP 0x7ffb00040070
     2 0x00007FFB00040070  (unknown)               
    
    MapViewOfFileEx
     1 0x00007FFB0FE6DC20  KernelBase.dll           JMP 0x7ffb000309a5
     2 0x00007FFB000309A5  (unknown)               
    
    VirtualAlloc
     1 0x00007FFB0FE6AC10  KernelBase.dll           JMP 0x7ffb00030312
     2 0x00007FFB00030312  (unknown)               
    
    VirtualAllocEx
     1 0x00007FFB0FE1FF00  KernelBase.dll           JMP 0x7ffb0004030f
     2 0x00007FFB0004030F  (unknown)               
    
    VirtualProtect
     1 0x00007FFB0FE71700  KernelBase.dll           JMP 0x7ffb00030856
     2 0x00007FFB00030856  (unknown)               
    
    VirtualProtectEx
     1 0x00007FFB0FE14460  KernelBase.dll           JMP 0x7ffb00030d9f
     2 0x00007FFB00030D9F  (unknown)               
    
    WriteProcessMemory
     1 0x00007FFB0FE89A40  KernelBase.dll           JMP 0x7ffb000409a0
     2 0x00007FFB000409A0  (unknown)               
    
    GetMessageA
     1 0x00007FFB12C2F610  USER32.dll               JMP 0x7ffad7c60cd8
     2 0x00007FFAD7C60CD8  (unknown)               
    
    GetMessageW
     1 0x00007FFB12C32C40  USER32.dll               JMP 0x7ffad7c60c94
     2 0x00007FFAD7C60C94  (unknown)               
    
    PeekMessageA
     1 0x00007FFB12C2EF80  USER32.dll               JMP 0x7ffad7c60c58
     2 0x00007FFAD7C60C58  (unknown)               
    
    PeekMessageW
     1 0x00007FFB12C2F0B0  USER32.dll               JMP 0x7ffad7c60c18
     2 0x00007FFAD7C60C18  (unknown)               
    
    CreateFileMappingA
     1 0x00007FFB12D7AE80  kernel32.dll             JMP 0x7ffb00030070
     2 0x00007FFB00030070  (unknown)               
    
    CreateProcessA
     1 0x00007FFB12D7B190  kernel32.dll             JMP 0x7ffb00020ee5
     2 0x00007FFB00020EE5  (unknown)               
    
    CreateProcessInternalA
     1 0x00007FFB12D96A30  kernel32.dll             JMP 0x7ffb00020af2
     2 0x00007FFB00020AF2  (unknown)               
    
    CreateProcessInternalW
     1 0x00007FFB12D96AB0  kernel32.dll             JMP 0x7ffb000301c1
     2 0x00007FFB000301C1  (unknown)               
    
    CreateProcessW
     1 0x00007FFB12D7BA30  kernel32.dll             JMP 0x7ffb00020c43
     2 0x00007FFB00020C43  (unknown)               
    
    SetProcessDEPPolicy
     1 0x00007FFB12D7F8F0  kernel32.dll             JMP 0x7ffb000209a2
     2 0x00007FFB000209A2  (unknown)               
    
    WinExec
     1 0x00007FFB12DBE3B0  kernel32.dll             JMP 0x7ffb00020d94
     2 0x00007FFB00020D94  (unknown)               
    
    NdrpClientCall2
     1 0x00007FFB134C1040  rpcrt4.dll               JMP 0x7ffad7c60d54
     2 0x00007FFAD7C60D54  (unknown)               
    
    KiUserApcDispatcher
     1 0x00007FFB137B8F70  ntdll.dll                JMP 0x7ffad7c60d16
     2 0x00007FFAD7C60D16  (unknown)               
    
    KiUserExceptionDispatcher
     1 0x00007FFB137B90D0  ntdll.dll                JMP 0x7ffad7c60d96
     2 0x00007FFAD7C60D96  (unknown)               
    
    LdrFindEntryForAddress
     1 0x00007FFB13785380  ntdll.dll                JMP 0x7ffb00010d98
     2 0x00007FFB00010D98  (unknown)                MOV RAX, 0x199cd3e0070
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffb00010e16
                                            JMP 0x7ffb00010db9
     3 0x00007FFB00010DB9  (unknown)               
    
    LdrGetProcedureAddress
     1 0x00007FFB13795260  ntdll.dll                JMP 0x7ffb00010461
     2 0x00007FFB00010461  (unknown)               
    
    LdrGetProcedureAddressForCaller
     1 0x00007FFB13724E30  ntdll.dll                JMP 0x7ffb00010ee7
     2 0x00007FFB00010EE7  (unknown)               
    
    LdrLoadDll
     1 0x00007FFB1372C340  ntdll.dll                JMP 0x7ffb00010c49
     2 0x00007FFB00010C49  (unknown)               
    
    LdrResolveDelayLoadedAPI
     1 0x00007FFB13723FA0  ntdll.dll                JMP 0x7ffb00020311
     2 0x00007FFB00020311  (unknown)               
    
    NtAllocateVirtualMemory
     1 0x00007FFB137B5690  ntdll.dll                JMP 0x7ffad7c60f16
     2 0x00007FFAD7C60F16  (unknown)               
    
    NtCreateFile
     1 0x00007FFB137B5E30  ntdll.dll                JMP 0x7ffb00020850
     2 0x00007FFB00020850  (unknown)               
    
    NtCreateProcess
     1 0x00007FFB137B69C0  ntdll.dll                JMP 0x7ffb000105b4
     2 0x00007FFB000105B4  (unknown)               
    
    NtCreateSection
     1 0x00007FFB137B5CD0  ntdll.dll                JMP 0x7ffb000201bf
     2 0x00007FFB000201BF  (unknown)               
    
    NtCreateThreadEx
     1 0x00007FFB137B6AA0  ntdll.dll                JMP 0x7ffb00010856
     2 0x00007FFB00010856  (unknown)               
    
    NtCreateUserProcess
     1 0x00007FFB137B6B80  ntdll.dll                JMP 0x7ffb000101bf
     2 0x00007FFB000101BF  (unknown)               
    
    NtFreeVirtualMemory
     1 0x00007FFB137B5750  ntdll.dll                JMP 0x7ffad7c60ed6
     2 0x00007FFAD7C60ED6  (unknown)               
    
    NtMapViewOfSection
     1 0x00007FFB137B5890  ntdll.dll                JMP 0x7ffb000205af
     2 0x00007FFB000205AF  (unknown)               
    
    NtProtectVirtualMemory
     1 0x00007FFB137B5D90  ntdll.dll                JMP 0x7ffb00020070
     2 0x00007FFB00020070  (unknown)               
    
    NtSetInformationProcess
     1 0x00007FFB137B5710  ntdll.dll                JMP 0x7ffb000206fe
     2 0x00007FFB000206FE  (unknown)               
    
    NtUnmapViewOfSection
     1 0x00007FFB137B58D0  ntdll.dll                JMP 0x7ffad7c60e56
     2 0x00007FFAD7C60E56  (unknown)               
    
    NtWaitForDebugEvent
     1 0x00007FFB137B8BE0  ntdll.dll                JMP 0x7ffad7c60fd6
     2 0x00007FFAD7C60FD6  (unknown)               
    
    NtWriteVirtualMemory
     1 0x00007FFB137B5AD0  ntdll.dll                JMP 0x7ffb000109a8
     2 0x00007FFB000109A8  (unknown)               
    
    RtlCreateHeap
     1 0x00007FFB13749970  ntdll.dll                JMP 0x7ffb00010311
     2 0x00007FFB00010311  (unknown)               
    
    RtlInstallFunctionTableCallback
     1 0x00007FFB13783F90  ntdll.dll                JMP 0x7ffad7c60f98
     2 0x00007FFAD7C60F98  (unknown)               
    
    RtlPcToFileHeader
     1 0x00007FFB1372B9F0  ntdll.dll                JMP 0x7ffb00010706
     2 0x00007FFB00010706  (unknown)                MOV RAX, 0x199cd3e0070
                                            LOCK ADD DWORD [RAX+0x10], 0x1
                                            CMP DWORD [RAX+0x14], 0x0
                                            JZ 0x7ffb00010784
                                            JMP 0x7ffb00010727
     3 0x00007FFB00010727  (unknown)               
    
    
    Thumbprint
    2f4260f0b06342c88789af51376351cf4dd5c429e1e845b37390a6176acbeb41</Data>
      </EventData>
    </Event>
    I just installed FF 55.x and refreshed it, now this. :doubt:
     
  7. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    Are you sure that HMPA and Zam can run together and won't interfere with each other.. I have hmpa but decided to get a lic for zam, so i set hmpa to just allow attacks in silent audit.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Hello all,

    As you've noticed, I've been away from Wilders Security Forum for quite a while. I can give many reasons, but none are related to this forum. Sophos managers are simply keeping us VERY busy.

    We are in the process of trying to change this so that we can spend the same amount of time as we did (preferably more) on this community. Because this community is very valuable to us. I personally regret my absence has happened :thumbd:

    Past months we have worked our ass off to meet milestones for Intercept X v2. This major release will have Machine Learning (from the Invincea acquisition) and all features of Alert's 7xx build which you guys have been testing here at WSF. In addition we have been working on a brand new cleaner that assist the new ML engine. This cleaner is completely written from scratch by SurfRight engineers that also work on HitmanPro.

    Then we have also been running the new ML engine in our cloud for quite a while now. It is running in our cloud to assist the Invincea and Sophos Labs engineers that train the ML engine. Because of a fluke on our end some detections appeared in the HitmanPro scanner. Some of you may have noticed this. The fluke has been addressed since last week.

    Lastly, we are preparing a new build of Alert which contains many fixes (sorry, no new features yet) from the FastTrack team at Sophos. This team is very talented and they assist the engineers at SurfRight to fix issues reported by business customers. You can expect this new build early next week.

    In the very near future the new cleaner will be integrated in Alert as well. This so that you no longer have to use HitmanPro separately to do malware cleanup.

    Thank you for you patience. If you lost confidence, I am very sorry. All I can say is that a few things went out of our control which we hope to restore soon.

    Sincerely,
    Erik Loman
    CTO HitmanPro

    More info on Intercept X v2 can be found here:
    https://community.sophos.com/produc...-program---active-adversary-and-deep-learning
     
  9. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    499
    Location:
    italy
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    @erikloman
    Thanks very much, Erik.
    One question: You say the new build of Alert contains fixes from the FastTrack team at Sophos. I wonder, were all the issues and suggestions that were posted here in both Wilders HMPA threads since HMPA 3.6.7.604 stable and 3.7.0.712 beta (so since end June, early July), also inventoried and used for fixing HMPA? If not by you or Mark, then by other SurfRight/Sophos team members? I really hope all reports here in both Wilders HMPA threads (and also the HMP thread) were not wasted.
     
  11. tonino

    tonino Registered Member

    Joined:
    Jan 2, 2017
    Posts:
    62
    Location:
    somewhere
    Thank you Erik and good work!
     
    Last edited: Sep 7, 2017
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Hi Erik

    No loss of confidence here. Love HMPA Look forward to helping you test new versions.

    Pete
     
  13. emil emil

    emil emil Registered Member

    Joined:
    May 5, 2016
    Posts:
    28
    HMPA 3.6.7.604

    Mitigation Anti-VM

    Platform 6.1.7601/x64 v604 06_1e
    PID 6036
    Application C:\Temp\Download\Samsung Data Migration Setup(Update).exe
    Description InstallScript Setup Launcher Unicode 3.1

    VMware
    Process Trace
    1 C:\Temp\Download\Samsung Data Migration Setup(Update).exe [6036]
    2 C:\Program Files (x86)\Samsung\Samsung Data Migration\Data Migration.exe [6044]
    3 G:\Downloads\Samsung_Data_Migration_Setup_3_1\Samsung Data Migration Setup.exe [5944]
    4 C:\Windows\explorer.exe [3612]
    5 C:\Windows\System32\userinit.exe [3568]
    6 C:\Windows\System32\winlogon.exe [948]
    winlogon.exe

    Thumbprint
    38b7ccdca3308828ed745fd53bb12734acfae0b9583abe0f4a037438daaea53a
     
  14. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Can someone link me to the latest beta build please? Thanks!
     
  15. guest

    guest Guest

     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:
    +1
     
  17. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    +2
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    +3 ;)
     
  19. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Installed the latest beta and when I attempt a scan it fails.
     
  20. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    For feedback regarding HMPA beta, there is the dedicated HitmanPro.Alert BETA thread.
    Regarding the "Scan computer" option failing, that is a know issue. I don't know if it will be fixed in the next build, but you can fix it for now by installing the standalone HitmanPro. With the standalone HitmanPro installed, the HMPA "Scan computer" option will start the installed standalone HitmanPro.
     
  21. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks did not know this. Cheers!
     
  22. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    You're most welcome. Have you tried as suggested, and did installing HMP fix the issue of the HMPA scan failing, as intended?
     
  23. ohgood

    ohgood Registered Member

    Joined:
    Apr 3, 2015
    Posts:
    39
    Location:
    cold upper midwest
    +4 :geek:

    It's good to "see" you! And thanks for your update - it's fascinating to get a peek behind the curtain.
     
  24. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Great to see you're back Erik!
    What does this mean for HitmanPro, will it be succeeded by the new cleaner?
     
  25. akhsj

    akhsj Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    19
    Is this a known issue with HitmanPro Alert?

    Working system, first time installing HitmanPro Alert. Installed ok, and system worked normally. I had everything enabled, including optional protections.

    Issue: Today tried updating applications (Skype, WinSCP, Malwarebytes, ...). Was getting update/install errors when the installers were trying to write to registry keys. Uninstalled HitmanPro, rebooted, and was then able to update/install without issue. Possibly points to HitmanPro being the issue.

    System: Win 7 64-bit, Bitdefender 2018, Malwarebytes 3.2.2, HitmanPro Alert (download)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.