Hitman Pro Support and Discussion Thread

Thanks! Was breaking my mind on this one. Thanks for your patience.

 

Th for all.
See you soon.

 

The same over here on Windows 8 64 Bit.

 

Build 201 working well on Win 7 64 bit - no speed slowdown.

 

Will beta updates update to stable version when released or will it keep updating itself to the next beta available?

 

Beta doesnt update. Build 201 will be a release on either Monday or Tuesday.

 

Ok! Thank you for the information. Looking forward to the new release!

 

My infected PC is 32-bit Windows XP. My clean/healthy PC is 64-bit Windows 7.

To run HitmanPro on the 32-bit PC, does the USB stick need the 32-bit version of the software? Or does it matter?

When I try to install the 32-bit version of HMP on the stick connected to my 64-bit PC, I get a message stating that the 64-bit OS was detected and that I must install the 64-bit HMP. If my infected computer needs the 32-bit HMP and my healthy computer is 64-bit, what do I do to create the USB boot stick?

So.....I installed the 64-bit version of the software onto the USB stick.
I powered off the infected PD and attached the USB stick.
I powered on, entered the boot order menu, and chose USB Flash drive.
The logon screen appeared. HMP did NOT eventually start after 15 seconds, as the instructions said it would.
So I logged on.....with my password....and waited for HMP to start. It never did. Is this because of the 32-bit vs. 64-bit issue I described above?

 

When you have created the HitmanPro USB flash drive (using HitmanPro) it will contain both 32 and 64-bit version so you can use the stick on either computer.

Just use the 64-bit version to create the stick on a 64-bit computer. The stick will get both 32 and 64-bit binaries. Just click on the karate-guy-button next to the Settings button and it will all be very easy to create a stick.

Please visit http://www.hitmanpro.com/kickstart for description, video's and manuals.

 

can you ask anyone for help because I do not know how to resolve the problem...
maybe I am activate 2or 3 times my hitman pro whit regular license key for 1 year and now i can not activate because i reached maximum number of activation....I was contact suport but anyone not respond me....thanks

 

Send me your key via PM and I will sort it out.

 

thank you solved the problem....

 

Hi all

HitmanPro 3.7.6 Build 201

http://www.surfright.nl/en/whatsnew

http://www.surfright.nl/en/downloads/

 

201 working great so far.

 

Oh joy of joys, the auto-update ACTUALLY WORKED from 199 to 201!

 

I have scanned earlier today one of my snapshots, which is OK.




I am now scanning another snapshot, and is taking much longer to scan.



P.S. Scan has not completed, yet.

 

Hi Erik,

Does HMP detect and clean the recent Zeus malware at the Dutch news site nu.nl?
See:
https://www.wilderssecurity.com/showthread.php?t=348355

 

Of course, see also my Tweets regarding the attack.

HitmanPro detects and removes any Zeus/Citadel using forensics (not using signatures):
https://twitter.com/erikloman/status/342735824485511168

Also HitmanPro.Alert instantly alerts the user when his browser was compromised by the attack (here Firefox 21):
https://twitter.com/erikloman/status/342737644255600640

 

Thanks Eric, I expected so
It's getting time I buy a licence

Unfortunatily I don't use Twitter, so I cannot read your Tweets

 

this is a must scaner

 

You don't need an account to read tweets.

 

Decided to give Kickstart a try this morning, but so far no joy... I have tried the release version and the beta version of the main program to create a usb drive, and have also tried the sidekick CD as well. Each time I get to the boot screen and have a blinking cursor and hitting 1, 2, or 3 does nothing - just more blinking.

I have adjusted the boot order in different ways as suggested in the troubleshooting list, but nothing seems to solve the problem.

target machine is HP/Compaq 6730b running Win7pro

 

Hi erik

I have 5 Files for you to whitelist

Properties
Name cryptsvc.dll
Location C:\Windows\system32
Size 130 KB
Time 3.9 days ago (2013-06-11 19:48:11)
Entropy 6.5
Product Microsoft® Windows® Operating System
Publisher Microsoft Corporation
Description Cryptographic Services
Version 6.0.6002.18831
Copyright © Microsoft Corporation. All rights reserved.
Service CryptSvc
SHA-256 FEA7ACDDE2357CF0542B338A6B99BE5A3A409813FDA17B19CC0FC443EB0CBF92

Scoring (11.0)
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\

Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 2.1 days ago (2013-06-13 16:41:36)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19437
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 C05AC4368B30378DEE544F67546B286E1C354C9F99D88F1819A625C51DB2E5DE

Scoring (8.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 2.1 days ago (2013-06-13 16:41:34)
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19437
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 F5B0E99827C0C76E4F24CBE631A49D045D3A4DAED1AFA02A140D70CC2005F746

Scoring (11.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

Properties
Name iedkcs32.dll
Location C:\Windows\System32
Size 379 KB
Time 2.1 days ago (2013-06-13 16:41:34)
Entropy 6.0
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IEAK branding
Version 18.00.6001.19437
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 CDBE29F4887B9628CB27B5EC79FD24D99750005B8000BCED17E6BDCC853D52A1

Scoring (6.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

Properties
Name NPSWF32_11_7_700_224.dll
Location C:\Windows\system32\Macromed\Flash
Size 15.3 MB
Time 3.9 days ago (2013-06-11 20:15:40)
Authenticode Valid
Entropy 7.0
RSA Key Size 2048
SHA-256 E181F28C9915DC807AE575552EE4504F915866DB002A8FDAC84D3E4FA1D54B10

Scoring (6.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Program is code signed with a valid Authenticode certificate.

Startup
HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\

References
C:\Windows\system32\Macromed\Flash\flashplayer.xpt


Virustota Results

SHA256: fea7acdde2357cf0542b338a6b99be5a3a409813fda17b19cc0fc443eb0cbf92
SHA1: 0f5e3cac93c712839c0bb93efdbc27d66d7cbf9d
MD5: 3ede4c1f9672c972479201544969adcb
Dateigröße: 130.0 KB ( 133120 bytes )
Dateiname: cryptsvc.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 0 / 47
Analyse-Datum: 2013-06-15 16:37:12 UTC ( vor 0 Minuten )

SHA256: c05ac4368b30378dee544f67546b286e1c354c9f99d88f1819a625c51db2e5de
SHA1: 1876110e53257dfe5f378229895c903e1773ff53
MD5: 0ec07d529decd00e2987998cd5ea148d
Dateigröße: 10.6 MB ( 11111424 bytes )
Dateiname: ieframe.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 0 / 47
Analyse-Datum: 2013-06-15 16:40:17 UTC ( vor 0 Minuten )

SHA256: f5b0e99827c0c76e4f24cbe631a49d045d3a4daed1afa02a140d70cc2005f746
SHA1: f33ab2f128d6947c10282c026ffe69bfa2ab7d76
MD5: 32ce0cec088bac0bb3c611f9340ab521
Dateigröße: 170.0 KB ( 174080 bytes )
Dateiname: ie4uinit.exe
Datei-Typ: Win32 EXE
Erkennungsrate: 0 / 47
Analyse-Datum: 2013-06-15 16:42:13 UTC ( vor 0 Minuten )

SHA256: cdbe29f4887b9628cb27b5ec79fd24d99750005b8000bced17e6bdcc853d52a1
SHA1: 0f41d03d7cb5c42f4a86c020de76151edca4d7c8
MD5: 95231473a575ea545c2a5f9e0f6c5b46
Dateigröße: 378.5 KB ( 387584 bytes )
Dateiname: iedkcs32.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 0 / 47
Analyse-Datum: 2013-06-15 16:43:46 UTC ( vor 0 Minuten )

SHA256: e181f28c9915dc807ae575552ee4504f915866db002a8fdac84d3e4fa1d54b10
SHA1: af043f34146c9611221f148980ff02ea6cc2c02d
MD5: 3d76b5c0e02ecc19c1f5756e8fd97f72
Dateigröße: 15.3 MB ( 16033160 bytes )
Dateiname: NPSWF32_11_7_700_224.dll
Datei-Typ: Win32 DLL
Erkennungsrate: 0 / 47
Analyse-Datum: 2013-06-15 16:47:21 UTC ( vor 1 Minute )

 

Hi erik

And here is the Scan Log for the 5 Files

Code:

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : ALEXANDERROB-PC
   Windows . . . . . . . : 6.0.2.6002.X86/2
   User name . . . . . . : AlexanderRob-PC\Alexander Robrecht
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-15 18:19:18
   Scan mode . . . . . . : EWS
   Scan duration . . . . : 8m 53s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 125

   Objects scanned . . . : 4.288.071
   Files scanned . . . . : 71.213
   Remnants scanned  . . : 2.896.026 files / 1.320.832 keys

Early Warning Scoring _______________________________________________________

   C:\Windows\system32\cryptsvc.dll
      Size . . . . . . . : 133.120 bytes
      Age  . . . . . . . : 3.9 days (2013-06-11 19:48:11)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : FEA7ACDDE2357CF0542B338A6B99BE5A3A409813FDA17B19CC0FC443EB0CBF92
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Cryptographic Services
      Version  . . . . . : 6.0.6002.18831
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Service  . . . . . : CryptSvc
      Fuzzy  . . . . . . : 11.0
         Starts automatically as a service during system bootup.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\

   C:\Windows\system32\ie4uinit.exe
      Size . . . . . . . : 174.080 bytes
      Age  . . . . . . . : 2.1 days (2013-06-13 16:41:34)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : F5B0E99827C0C76E4F24CBE631A49D045D3A4DAED1AFA02A140D70CC2005F746
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : IE Per-User Initialization Utility
      Version  . . . . . : 8.00.6001.19437
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 11.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

   C:\Windows\System32\iedkcs32.dll
      Size . . . . . . . : 387.584 bytes
      Age  . . . . . . . : 2.1 days (2013-06-13 16:41:34)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : CDBE29F4887B9628CB27B5EC79FD24D99750005B8000BCED17E6BDCC853D52A1
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : IEAK branding
      Version  . . . . . : 18.00.6001.19437
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 6.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

   C:\Windows\System32\ieframe.dll
      Size . . . . . . . : 11.111.424 bytes
      Age  . . . . . . . : 2.1 days (2013-06-13 16:41:36)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : C05AC4368B30378DEE544F67546B286E1C354C9F99D88F1819A625C51DB2E5DE
      Product  . . . . . : Windows® Internet Explorer
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Internet Explorer
      Version  . . . . . : 8.00.6001.19437
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 8.0
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
      Startup
         HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
         HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
      References
         HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
         HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

   C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
      Size . . . . . . . : 16.033.160 bytes
      Age  . . . . . . . : 3.9 days (2013-06-11 20:15:40)
      Entropy  . . . . . : 7.0
      SHA-256  . . . . . : E181F28C9915DC807AE575552EE4504F915866DB002A8FDAC84D3E4FA1D54B10
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 6.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\
      References
         C:\Windows\system32\Macromed\Flash\flashplayer.xpt
      Forensic Cluster
          0.0s C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
          0.3s C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe
          0.5s C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

 

If you have a multi-boot/multi-disk system then it currently will not work on your system.