Hitman Pro Support and Discussion Thread

Has this ever been tested against this kind of a trojan e.g.:
http://en.wikipedia.org/wiki/Man_in_the_Browser
or:
http://en.wikipedia.org/wiki/Man-in-the-middle_attack

 

As J_L mentioned it would remove the malware but not protect your Browser during a session if the malware is active before removal as it's an On-Demand scanner or you can set it to scan on Boot-up but no realtime protection!

TH

 

I'm getting two false positives from the current HMP. Looks like old Prevx detections. VirusTotal results:

PELZOOM.DLL
2011-06-25 11:30:59 (UTC)
0/ 42 (0.0%)
MD5 : 59cb3a8d913a93e33a62bf132d0fbdfa
SHA1 : 85aed8f859d06e0da48e43bef92790b609bcfc43
SHA256: 85b0e9bda6acb922693149692f0baa812a3f6b203bf4c565f1b6abff8e3655ff

MO28KC.dll
2011-06-25 11:27:59 (UTC)
0/ 42 (0.0%)
MD5 : d3d7837370f4a2da22ed64ffa0dc29ac
SHA1 : 4d681f156052ed1d44d96a4d3b64520206182165
SHA256: b9b079679809c8241da0fb3c9eee10f04b661166bacc4a13dc716774de194492

I'll leave them there (ignore) and see if they disappear.

Al

 

Hi

Can you check this

On picture 2 stand Build 125 but i download it and it Build 124

On picture 1 stand Build 124 its 125 outside

Into the circle i download it and its 3.5.5.98 can you check it

 

Problem I'm experiencing: I scan my computer, and Hitman identifies a recent skype.exe update as suspicious, tries to upload it (it's above 20 mb) but freezes at aprox. 66% uploaded and eventually times out.

 

I never download from Softonic, they require you to install their program just to do that.
I don't know why SurfRight links there, but it's not a good idea (unless money is involved).

 

Something kind of similar used to happen on my computer when I was using
a real time antivirus, after dropping the antivirus, it has not happened again.

Bo

 

What you say appears to be the case.
I ran two quick tests, one on each computer, and with VIPRE turned off, there was no hang at 99%.
(And the scan was done in ¼ of the time.)
With VIPRE turned back on, the hang returned.
(And the longer scan time returned as well.)
Bo knows!

 

I only know that I have Vipre going since forever...and I have never turned it off when running HMP. YMMV.

 

Thank you very much for your info

 

anyone know how to check for the atapi.sys warning?

 

Run with EWS if you are an malware expert and suspect infection only. Only use the Default Scan for regular scans.

This message is displayed when the IRP_MJ_SCSI miniport driver function points to kernel memory that cannot be related to a driver. This is typical rootkit behavior.

We found one 'legit' driver that does this as well and that is SPTD. If you have SPTD installed then you can ignore the yellow sticky.

You may run aswMBR as well to confirm. Its alarm bells will go off as well. But again, might be SPTD.

 

Force breach mode isn't working on latest rogue av (windows 7 antivirus 2012). computer has windows 7 64 bit. When trying force breach the fake firewall alert pops up instead of killing all processes.

 

Rename HitmanPro35.exe to HitmanPro35.pif en start the .pif.

 

Alright went back to users login and did rename to .pif and ran it with EWS and found the exe of the rogue. The scan hanged at 99% though so had to cancel it and then remove. Thanks. Hopefully you can get force breach mode back working again.

 

New here and have an installation question. When you click to do the default scan the screen that comes up gives an option to install a copy of HMP to the computer or do a one time scan. Does install a copy mean a install of a program in the usual sence or is it just going to put some links? I selected the one time option, can I do this everytime and it will work as the other option? What is the difference in these two option as far as how HMP will work? I am including a photo to show what I am asking. Thanks

 

Yes - Copies the executable to the 'Program Files\Hitman Pro' folder and adds uninstall entries to the registry and adds shortcut entries to the Start Menu.

No - Doesn't do the above.

Note: Currently, if you choose either mode, Hitman Pro will create the 'Hitman Pro' folder in LocalAppData to store the license and banner (if you run the free/trial version). Currently, uninstall will leave this folder on the system to preserve the license between different installs.

Hope this helps.

 

OK, so if I select yes I would then have it listed in the windows uninstall programs? If I select no it would not be listed and I would just delete the download file to remove it? Am I understanding this correctly?

 

Correct.

 

Thanks for your quick reply. Just one last thing, I assume then that there would be NO difference in the malware removal if it does find something, is this correct? Or is there some advantage I would be missing by not doing the copy when saying yes?

 

I should add I am talking about stuff like putting items into quarantine along with the removal. I just want to be sure I do not miss out on something if I decide to select no and make no copy to the computer. I hope I am making clear what I want to know, so I can decide what I would prefer. Thanks

 

Trojan Popureb.E

We just released a BETA version of Hitman Pro 3.5.9 build 126 that is able to detect and clean Trojan Popureb.E.

Early this week Microsoft advised Windows users to reinstall the operating system to get rid of the trojan.The new build of Hitman Pro allows to remove the trojan withing a few minutes.

We also wrote a blog post upon the matter here.

The BETA can be download here:

32-bit: http://dl.surfright.nl/HitmanPro35beta.exe
64-bit: http://dl.surfright.nl/HitmanPro35beta_x64.exe

 

Re: Trojan Popureb.E

Downloaded and ran 32-bit version. No problems here.

 

Just uploaded a YouTube video showing Hitman Pro 3.5.9 build 126 successfully detecting and removing the Popureb.E rootkit:
http://www.youtube.com/watch?v=MBP9luBLz9I