Hitman Pro Support and Discussion Thread

Re: Anyone tried out Hitman Pro?

posted a thread on www.neowin.net about your application. From what i've seen of it i've been really impressed. Another user on the forum decided to test it out and didn't have the greatest of results. I'm going to quote him.

"Official opinion, big fat piece of hot garbage. It detected that malwarbytes was a trojan, it detected that parts of adobe was a trojan, it detected that part of the brother fax/printer/scanner was a trojan, so many false positives. Not 1 actual positive. Combofix is much better."

http://www.neowin.net/forum/index.php?showtopic=846570&st=0

Not sure why he was having such problems

 

Re: Anyone tried out Hitman Pro?

Let me start by saying, I am always looking for good software to add to my tool bag. So far with my first time trial, I am not impressed. Your application does look nice, you took time putting together pleasing backgrounds with pretty buttons.

Unfortunatly pretty buttons and pleasing backgrounds with unsatisfactory results keeps this piece of software out of my toolkit, for now. Looking forward to upgrades, but for now it will remain hot garbage.

I am not sure if this helps, but my process for the past year has been run cleanup! 4.0 (similar to ccleaner), run combofix, run malwarebytes, run superantispyware, run avira, do a manual scan of windows, system32, drivers, docs and settings\all users\several folders in here, docs and settings\userid\serveral folders in here, c:\program files\common files. Usually the combofix log gives me a good idea where to look, however I do take it one step further. Going through it manually usually doesn't take me any more than a half hour (depending on how many profiles on the pc). I have not had a pc come back to me because it is still infected or reinfected from doing an incomplete job. I have been doing malware removal since 2004 and until fairly recent it has been a very manual process. The tools are getting better, none are 100%.

 

Re: Anyone tried out Hitman Pro?

lol well then u seem to be the only one who thinks that... and tbh, the UI is pretty simplistic with standard windows buttons, i dont see how u see it as being the products only selling point, if u wanted an example of that, make reference to Norton's UI and ull see...

 

Re: Anyone tried out Hitman Pro?

hey just reporting what i found on my first attempt on using the software. you don't like it, fine. Plain and simple it didn't work. Found 6 false positives and nothing else. Another utility ran after that found quite a bit of malware in other directories :/. Issues that caused the laptop to be in my hands: random porn pages popping up at bootup, high cpu load, taskman not coming up (closing immediatly), command prompt not opening up, rouge antivirus detecting almost all antimalware utility installs as virus infected and prohibits them from running. All this crap happening and it finds 6 false positives only, sorry the software is flawed. I do agree with the norton ui statement. BTW, laptop is clean now, running tests on the laptop right now verifying that it is free of all malware, going out to different sites using IE.

I'll give it a second shot on a machine that isn't so infected, but is it really worth it if it cant handle a machine that is badly infected?

edit: run combofix and tell me about that ui and how pretty it is compaired to this. function vs form.

 

Re: Anyone tried out Hitman Pro?

have u only tried Hitman that one time? so are u trying to tell me EVERY other product uve used has never failed at detecting? no matter the scenerio, they always detect everything?

i dont know if this is a possibility or not either, but culd it have been since u wer using it on such an infected machine it seems, some of the connection to the databases wer blocked so that Hitman wasnt able to receive all its definitions? im just speculating for this one, id need Erik to say for sure if this is possible.

but my point is u cant judge the product and call it "garbage" after using it only once on ONE machine...

 

Re: Anyone tried out Hitman Pro?

if it doesn't even detect one legit item, and it only detects false positives. I am going for 1 here, nothing more than that, maybe that is too much to ask for. Most products will pick up 1 thing if they aren't absolute crap. Just 1, any 1, hell even a temp file and say it's infected, just 1, maybe I am asking for too much. even symantec can pick up 1 virus or malware, even if it doesn't clean it (and we all know what kind of a piece that is).

And I do believe I stated that none are 100% (meaning not one utility detects everything, but they all detect something if they can run (meaning no other software interfering with them scanning, even if they can't get their latest definitions they can still scan and pick up things) no matter what the scenerio), oh yeah I did

Again to recap: Malwarebytes picked up 140. Combofix saw some and alerted me of others in the log. Superantispyware picked up 10 (8 of which were cookies). Avira picked up what was 2 that were in the combofix quarrantine. This picked up none with 6 false positives, and was ran first.

 

Re: Anyone tried out Hitman Pro?

" Another utility ran after that found quite a bit of malware in other directories"

What was the name of this other utility please?

 

Re: Anyone tried out Hitman Pro?

combofix.

can be found here:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

It is able to remove some common infections and helps a user detect files that general scanners cannot find.
It also lists registry keys such as the key keys, the desktop keys, and other areas where malware hide.
The tool has some rootkit detectors too, allowing a user to see if a rootkit is present on the PC.

 

Re: Anyone tried out Hitman Pro?

Your results are quite interesting for the only fact that they are almost perpendicularly opposite of what pretty much everyone else in this thread had experienced with Hitman Pro, myself including. Sure, there's a FP here and there, but so far Hitman was extremely efficient in finding threats most other AV scanners miss, leave alone common-type stuff.
I am also curious about which fancy buttons and pleasing backgrounds are you talking about, since Hitman doesn't really have either.
Could you be so kind and post a scan result of Hitman and Malwarebytes, side by side in one screenshot? I (and I'm sure all others) would be extremely interested to see what it missed and why.
Thanks!

 

Re: Anyone tried out Hitman Pro?

would you care to enlighten me as to what the hitman text file name is? I would like to give a screen shot or even post it up. I knew I should have screen shot the scan.

As basic as the buttons may be, someone took more than 20 seconds to design it (maybe 5min). The point is somebody actually took time to make it somewhat pleasing to the eyes. I am a bit more old fashoned, where I just want a product that works, the background can be as grey as the old windows start menu with a draft font and would be fine by me (looks like it to seconds to slap together a front end but the back end plain and simple works as designed).

Again I am function over form, get it done, work out the kinks, worry about the follow up after, not during. Was more worried about the end result than posting this, someone in another forum asked to try it. I did and it failed me first time out (almost like taking out a car from the dealership and the engine blows up. does it mean that it is always going to be like that, no. does it mean that I may not come back to that particular car and/or dealership for a while, yes.)

I am 1 user, what difference do I make when everyone else loves it and has had no problems with it. I personally won't be using it for a while, nor will I recommend it to my coworkers and colleagues. I will give it another chance on a much less loaded computer and baby step its way up. Maybe I will even take screen shots. If something failed you as much as this failed me you would say something similar, and I really do like new software that works properly to have at my disposal, esp software that can help me out on site.

btw, this a partial log that combofix gave me after it completed. Combofix was ran right after hitman. Do you see something wrong with some of the files in doc&settings\**\application data? what about c:\windows\system32? granted combofix didn't do much about those files, but it did do one thing, it showed me that they existed and where they existed. Function over form, sure doesn't look pretty, but gives me a lot of information.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ctfmon .exe
c:\windows\system32\winupdate86 .exe

.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-16 21:39 . 2009-11-16 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-16 21:33 . 2009-11-16 21:33 -------- d-----w- c:\documents and settings\gsheets\Application Data\Malwarebytes
2009-11-16 21:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-16 21:32 . 2009-11-18 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-16 21:32 . 2009-11-16 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-16 21:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-16 21:32 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\gsheets\Local Settings\Application Data\gorqtb
2009-11-16 21:29 . 2009-11-16 21:29 -------- d-----w- c:\program files\CleanUp!
2009-11-16 21:05 . 2009-11-16 21:05 -------- d-----w- C:\spyware removal
2009-11-16 21:00 . 2009-11-16 21:00 4822 ----a-w- c:\documents and settings\**\Local Settings\Application Data\syssvc.exe
2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\ylvpou
2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vekbor
2009-11-16 20:52 . 2009-11-16 21:36 -------- d-----w- c:\documents and settings\***\Local Settings\Application Data\agtuue
2009-11-16 20:48 . 2009-11-18 01:37 -------- d-----w- c:\documents and settings\**
2009-11-16 20:30 . 2009-11-16 20:30 60928 --sha-w- c:\windows\system32\yuhodose.dll
2009-11-16 20:30 . 2009-11-16 20:30 -------- d-----w- c:\windows\SchCache
2009-11-15 16:09 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vitkpr
2009-11-15 15:34 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\qbymnl
2009-11-15 15:06 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\rgpekc
2009-11-15 15:05 . 2009-11-18 01:36 247678 ----a-w- c:\documents and settings\**\stsystra.exe
2009-11-15 14:57 . 2009-11-16 21:15 -------- d-----w- c:\documents and settings\**\Application Data\AntiVirus Plus
2009-11-15 03:51 . 2009-11-15 16:02 -------- d-----w- c:\documents and settings\**\Application Data\CC
2009-11-15 03:50 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\aiuhpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 21:55 . 2008-01-31 15:42 -------- d-----w- c:\program files\DellTPad
2009-11-16 21:32 . 2008-01-31 15:38 184190 ----a-w- c:\windows\system32\igfxpers.exe
2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-15 14:57 . 2009-08-15 14:57 3 --sha-w- c:\windows\system32\duyovaha.dll
.

 

Re: Anyone tried out Hitman Pro?

No need to get all worked up, no one is questioning your abilities or methods. Your post really stood out from what most of the users reported as far as Hitman's detection goes, hence was the request for the screenshot.
If Hitman's detection is as poor as you witnessed in your case, people would definitely like to know about all th details. I'm quite certain Erik from Hitman would love to see it too.
I don't think current version of Hitman has any logging capabilities yet, so the screenshot is the way to go.
Thanks.

 

Re: Anyone tried out Hitman Pro?

clearly you don't know what you're talking about...

 

Re: Anyone tried out Hitman Pro?

He's simply anti-Symantec is all and most likely has not used the 2010 versions. Even then there are those that will shun it "just because".

 

Re: Anyone tried out Hitman Pro?

Not completely anti-symantec, more using symantec as an example (would you feel better if I used the McAfee suite that comes with the comcast subscription?). I currently run SEP 11.0.5 on my business systems. But I do know that it doesn't detect everything, as with any other current software. But

What is the point of picking on the new guy, to prove that you are superior?You are right I clearly don't know what I am talking about, please take my job away from me, I will go sell hot dogs at a ball game (way less stress). Do I have anything to prove to you, no. Do you have anything to prove to me, no. Love the internet tough guy attitude, when you are the one who has no clue, nor have you demonstrated to me that you really do know what you are doing other than to pick my post apart, bravo <golf clap>. I am done here.

 

Re: Anyone tried out Hitman Pro?

SEP has gotten significantly better in detection, especially with latest RU5 release. If you're not on it, you might want to update to it, they really beefed up their engines under (well-deserved) criticism from existing clients.
For example, TDLR3 rootkit that Erik posted about is already being detected by SEP, and normally such process would take weeks with Symantec.
But back to Hitman. I'm not being a smartass and not trying to prove anything here, but I would really appreciate if you posted a screenshot of Hitman's detection misses. Side-by-side comparison with MBAM would be even better, but not a deal breaker.

 

Re: Anyone tried out Hitman Pro?

Hi sc302,

Welcome to this thread.

That is quite a list there, with stuff from MBAM in it (which can't be a threat we've missed ). Most entries in the list are directories though. Hitman Pro has an empty directory remover (when it deleted all malware files from the folder) so there must either be something in there or we have a bug on our hands. I am quite interested in the contents of the mentioned folders.

About the other entries (the ones w/o the d in the attribute). Can you do a right-click scan on theses? You can enable right click scan under Settings.

It is always nice to run several tools after each other but don't take the findings of another tool for granted. Most tools like these report stuff that aren't actual threats.

Please let me know. We are always looking for ways to improve our product.

About logging, there is an extensive XML reporting feature in Hitman Pro (which we use internally) but is currently disabled for the end user as Hitman Pro is currently a tool for novice/medium users. Also quarantine will available in build 80 (sorry Dimitri, the cool TDL3 detection and removal will be in build 79).

 

Re: Anyone tried out Hitman Pro?

no, but you detected it as a threat .

ended up shift + deleting them

I never stated that those were positives, nor did the tool report them as positives. Those items are items that have added within a certain period of time, spyware or not. Obviously some of it is good and others are blatent spyware. Under their find 3m report heading, there is more (not all of it is bad but there are a couple of entries).

Again this was just a partial list, full list included registry keys and other areas.

I have since returned the laptop to the client, I will be getting another one this Friday night to look at over the weekend. I will try again for you being that you do have interest in the software. It probably won't be as bad as this one, though. (I can try to make it as bad if needed)

Combofix is not really meant for the novice user as you do have to read the reports and determine if there is more that has been missed, much like determining what is good and bad in a hijackthis log. I would like to see some sort of reporting done, not just a what was cleaned report but a possibles which include hidden files ,registry entries, recently modified, possible rootkits, etc; most of what is included in a combofix/malwarebytes/hijackthis log(s). Leave it up to the tech working on it to decide what is good and what is bad if it can not be fully determined by the current definitions.

I really thought that the 6 positives were pretty funny (ok not really funny but very disturbing that a software with this much of a following could only detect legit software as being malware). Among them were the malwarebytes executable and the adobe reader executable. It was pretty disappointing to see this.

Again, I am willing to give it another shot, this time taking screen shots and comparisons between the different utilities. Being that this is your software, how do you want it loaded? Do you want all spyware removal tools loaded (not ran but loaded) on the system prior to running Hitman (which was done in this particular case)? Should I go through the same process that I went through with this on the other system? Do you want an image of the pc if I can reproduce the same results, with a document going through the steps used to get to that point (provided that there is no financial or business related documents)? I am all for helping the community out (even if some of them are pricks who think they know something).

 

Re: Anyone tried out Hitman Pro?

I had a customer bring in a pc that is receiving fake alerts and IE will not load webpages. Ping thru command prompt works fine. She has Norton 360 v2 installed with definitions dated 2/13/2008

I ran CCleaner first (mainly to speed up scan times) and then fired up HMP. It found only 4 detections and removed them all without requesting a reboot. I then installed and updated MBAM which found:

Registry Keys Infected: 752
Registry Values Infected: 12
Registry Data Items Infected: 7
Folders Infected: 5
Files Infected: 7

I've attached the MBAM log for those that are interested.

 

Re: Anyone tried out Hitman Pro?

I'm not picking on anyone, but since this whole thread is about Hitman Pro, I clearly don't see the point in dragging in other products. If you want to compare Hitman Pro with other products, then do it in a general way. I don't see the logic in saying that Symantec is crap, while Symantec really has nothing to do with this whole thread or with Hitman Pro...

 

Re: Anyone tried out Hitman Pro?

The point of the matter was that hitman pro did not produce any malware results. It only produced false positives, which resulted in my hot garbage comment and the point of someone bringing my comment to the attention of this board. One of the creators or the creator monitors this and can possibly improve and/or fix the software so that it detects more and has less false positives.

How do I know that the system was still infected after running hitman pro, well I ran other utilities. I know not one of them is perfect (I used symantec because it is an easy target that most relate to), but they should still do a job that they were designed to do, even if they just pick out (1) infection (hitman pro in my case pick out 0 malware infections and 6 false positives)

Look at EliteKiller's results, do you really think that my results are all that dissimilar? I am looking to help improve products for us techs and for the end users. I like products that work effeciently, ultimatly I like products that work. you want to improve a product, speak up. You want it to be hot garbage, don't say anything.

 

Re: Anyone tried out Hitman Pro?

Now this is interesting indeed. Is this a full log? I see tons of registry keys pointing to files, but not actual files and associated paths detected as threats. Is there more to the log than what you posted? Can you post a screenshot of MBAM scan?
Hitman doesn't scan registry, so missed pointers there are expected; I would like to see the files it missed.
Thanks!

 

Re: Anyone tried out Hitman Pro?

He did post a full log at the bottom of his post as an Attachment!

TH

 

Re: Anyone tried out Hitman Pro?

Yep, that's the one I looked at. I don't see infected files being referenced, only Regsitry locations.

 

Re: Anyone tried out Hitman Pro?

At the bottom of the log!

TH

Folders Infected:
C:\Program Files\Weemi (Adware.Weemi) -> No action taken.
C:\Program Files\Weemi\Weemi_deleted_ (Adware.Weemi) -> No action taken.
C:\Documents and Settings\Breana\Application Data\Windows Enterprise Suite (Rogue.WindowsEnterpriseSuite) -> No action taken.
C:\Documents and Settings\Sonia\Application Data\Windows Enterprise Suite (Rogue.WindowsEnterpriseSuite) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WESSys (Rogue.WindowsEnterpriseSuite) -> No action taken.

Files Infected:
C:\Program Files\Weemi\uninstall.exe (Adware.Weemi) -> No action taken.
C:\Program Files\Weemi\weemi.dll (Adware.Weemi) -> No action taken.
C:\Program Files\Weemi\weemi.exe (Adware.Weemi) -> No action taken.
C:\Program Files\Weemi\Weemi_deleted_\weemi.dll (Adware.Weemi) -> No action taken.
C:\Program Files\Weemi\Weemi_deleted_\weemi.exe (Adware.Weemi) -> No action taken.
C:\Documents and Settings\Sonia\Application Data\Windows Enterprise Suite\cookies.sqlite (Rogue.WindowsEnterpriseSuite) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WESSys\wes.cfg (Rogue.WindowsEnterpriseSuite) -> No action taken.

 

Re: Anyone tried out Hitman Pro?

Sorry, for some reason Opera wasn't loading entire TXT, had to save it locally to see it fully.
It looks like Hitman didn't detect Adware.Weemi and Rogue.WindowsEnterpriseSuite in that scan. It's weird, because both Prevx and A-squared detect those, as I'm sure does G-Data and other engines.
Lets wait and see official response from Erik, I'm sure he has better answers than any of us will.