Hitman Pro Support and Discussion Thread

Remove the : thumb: from the link. Plus, there is no beta going on at the moment as already replied by others, there will be a new one in a few days.
Hitman Pro does not offer realtime protection btw.

 

Nice J, thanks

 

your welcome

 

I just ran Hitman Pro on Beast Lock, which is a screen saver security program, and Hitman Pro says lock.exe contains a VIRUS!

I got it from here:

http://download.cnet.com/Beast-Lock/...-10537874.html

Is this a false positive?

According to virustotal, it comes up clean except for Emsisoft which say its a Virus.Win32.VBInject!IK, and Ikarus which says its Virus.Win32.VBInject and Jiangmin say its a Trojan/VB.lqj. But all the others say its clean.

What is true?

I assume Hitman Pro uses Emsisoft to check for Virus? But why does Symantec, Kaspersky, Avira, Nod32, Avast etc say Lock.exe is clean and Hitman Pro say its a VIRUS! What should I do? Can someone check the program and tell me if it's clean or a VIRUS?

 

Yes it certainly sounds like an FP from Ikarus.

 

I've just checked the installer and DrWeb, NOD32 and PCTools find the file malicious (Win32.InstallCore).

SHA-256: 16f8513fdb17993fc6f283a3ea9a02f6ea204988cbb1b3aa50b6fada24ce491e

Still I am not convinced its malware so I've flagged the scan result as invalid to resolve the likely false positive.

 

Ok, thank you for your reply.

 

ATTENTION Hitman Pro Programmers:

Hitman Pro keeps telling me that eraser.exe is suspicious and may be a threat.

However, I think it's a safe file, I got it from here:

http://portableapps.com/apps/utilities/eraser_portable

 

According to Emsisoft website, they say that Emsisoft detects more threats than Hitman Pro. But how can that be true, seeing Hitman Pro uses Emsisoft?

http://www.emsisoft.com/en/software/download/

Notice the comparison chart at the bottom.

 

Marketing of course, although EAM does have more components than HMP cloud version. You should check out the new MRG 2011 Flash Tests.

 

Link please?

 

The digital signature on this file is invalid

OK, we get this question a lot (see other posts in the thread). I will explain why eraser.exe is marked as Suspicious.



The author (or publisher) of Eraser has digitally signed its binaries using Code Signing.

Code Signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash.

In other words: the signature confirms that it has not been modified since the signature!

File infecting viruses (like Virut, Sality, etc.) add a copy of themselves into a file. Files that are digitally signed no longer match their digital signature when they are infected.

Common sense: You should not trust software that has been modified.

More information on Code Signing can be found here:
http://en.wikipedia.org/wiki/Code_signing

You can verify the findings of Hitman Pro by right-clicking on the Eraser.exe file and request its Properties.



Hitman Pro does NOT mark files with an invalid signature as Malware. Instead it marks them as Suspicious. Its up to the end user to decide what to do with files that were meant to be used unmodified.

If you don't want this Suspicious file to appear in the scan results, choose Mark this file as safe from the drop down arrow at the end of each row.

Hope this helps.

 

Google please? Currently, there is a problem with the website though, so here's a cached copy: http://webcache.googleusercontent.c...ts/flash-test-results/&hl=en&safe=off&strip=1

 

Re: The digital signature on this file is invalid

Thank you. I deleted and removed Eraser.exe

 

That's why I asked you for a link, because I cannot find it anywhere on the internet. So no ideas?

 

That's why I gave you a link. The Google cached copy works fine.

 

is there a way to Make Hitman Pro Load from USB Flash

as a Live disk for highly infected system
it will be an amazing feature

just to scan even if it's from a dos command ??

 

So how can emsisoft go from number#1 position to #8 in 12 months? Seems dodgy.

And why isn't Hitman Pro in the test seeing it was in 2010?

 

The AV-market is developing endlessly.

 

Zemana Anti-Malware is a re-branded version of HMP with the same code, but different GUI.

I'm sure it was there before, don't know why not in the cached copy.

 

I could be wrong but I believe HMP just scans what is in active memory while Emsi offers a more comprehensive on demand scan. I'm not sure if the Emsi figures refer only to an on demand test or not. So it's possible that the figures include real time and url blocking that HMP does not include.

 

while you are right that EMSI AM does offer a more comprehensive scan, HMP does scan more than just what is in active memory.

 

They also execute the samples in MRG Flash test, so if EAM doesn't detect it, the behaviour blocker might come in action.

 

Build 130 2011-09-28

Improved detection of RDP Worm Morto.
Improved detection of Sinowall/Mebroot.

 

Got it!
Thanks for the heads up.
Thanks, Erik!