Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I've whitelisted them.
     
  2. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik

    Thank you very much for your answer
     
  3. krutoi

    krutoi Registered Member

    Joined:
    Aug 15, 2011
    Posts:
    3
    just a basic plain vanilla system running win7 - normal bios startup options
     
  4. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    could be a fp:
    C:\Users\Christian\Downloads\installer_Wood_Background_Music_Beat_Wallchan_665381_wallpaper.exe
    Size . . . . . . . : 1.023.288 bytes
    Age . . . . . . . : 170.2 days (2012-12-29 20:59:51)
    Entropy . . . . . : 7.6
    SHA-256 . . . . . : A2589E65C1ACE27B62C630A0AC7DD9130993EECEABF76A3D458965451A77F5F2
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    > Ikarus . . . . . . : Trojan.Win32.StartPage!IK
    Fuzzy . . . . . . : 107.0
     
  5. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    C:\Users\Timm\Desktop\Ordner\Cheategine\Cheat Engine 6.2\xmplayer.exe
    Size . . . . . . . : 188.928 bytes
    Age . . . . . . . : 347.0 days (2012-07-06 18:51:06)
    Entropy . . . . . : 6.0
    SHA-256 . . . . . : 4A7D1838CAB46EB5632A3E3EEDC5F5C4BE5535F1DB6B2E2C0CE1831F7302AC8D
    > Ikarus . . . . . . : Trojan.Win32.Spy!IK
    Fuzzy . . . . . . : 106.0
    C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Life and Mana Crystal Installer.exe
    Size . . . . . . . : 10.240 bytes
    Age . . . . . . . : 101.0 days (2013-03-09 18:41:2:cool:
    Entropy . . . . . : 3.8
    SHA-256 . . . . . : 28A148B11FD5BC0A35BF6311768E00A1CBDDABDD59AF14A5A4B28262CE1E3BCF
    Description . . . :
    Version . . . . . : 0.0.0.0
    Copyright . . . . :
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
    Fuzzy . . . . . . : 106.0
    C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe
    Size . . . . . . . : 110.592 bytes
    Age . . . . . . . : 23.1 days (2013-05-26 16:35:07)
    Entropy . . . . . : 7.9
    SHA-256 . . . . . : 00362933ED3134878970F7191210BD11934A125865001FEF7B39C5687AE31FB0
    Description . . . :
    Version . . . . . : 0.0.0.0
    Copyright . . . . :
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
    Fuzzy . . . . . . : 114.0
    Forensic Cluster
    -12.2s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Config.ini
    -12.2s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Config.ini
    -5.4s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Omnirs Weapons.dll
    -5.4s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons\Omnirs Weapons.dll
    -1.8s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons.obj
    -1.8s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons.obj
    0.0s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe
    0.0s C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Omnirs Weapons Installer.exe

    C:\Users\Timm\Documents\My Games\Terraria\ModPacks\Timms Warning Mod Installer.exe
    Size . . . . . . . : 8.704 bytes
    Age . . . . . . . : 115.9 days (2013-02-22 21:13:05)
    Entropy . . . . . : 4.9
    SHA-256 . . . . . : 1BE84E542718D8DD025F7B3B8FA8DED9BB5148E1CBF589EFA20C0592F89AC38B
    Description . . . :
    Version . . . . . : 0.0.0.0
    Copyright . . . . :
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
    Fuzzy . . . . . . : 106.0

    C:\Users\Timm\Documents\My Games\Terraria\ModPacks\YYY HaMLR Installer.exe
    Size . . . . . . . : 32.768 bytes
    Age . . . . . . . : 270.9 days (2012-09-20 20:51:02)
    Entropy . . . . . : 7.0
    SHA-256 . . . . . : B19A35682C6FEA66965A52457D8C5C269FF446DE3323BADA57C372A65208371B
    Description . . . :
    Version . . . . . : 0.0.0.0
    Copyright . . . . :
    > Ikarus . . . . . . : Win32.SuspectCrc!IK
    Fuzzy . . . . . . : 106.0
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    F.P.
    SHA256: 99c3850a96eccab0a9a366223616e9616e09c73147c196d499477ebb6121c327
    File name: tdsskiller.exe
    Kaspersky TDSS Killer

    Virustotal is 1/47 (Comodo Packed.Win32.MUPX.Gen)

    HMP Scan
    Malware _____________________________________________________________________

    C:\Kaspersky TDSS Killer\tdsskiller.exe
    Size . . . . . . . : 2,240,864 bytes
    Age . . . . . . . : 3.0 days (2013-06-15 22:09:50)
    Entropy . . . . . : 8.0
    SHA-256 . . . . . : 99C3850A96ECCAB0A9A366223616E9616E09C73147C196D499477EBB6121C327
    Product . . . . . : TDSSKiller
    Publisher . . . . : Kaspersky Lab ZAO
    Description . . . : TDSS rootkit removing tool
    Version . . . . . : 2.8.18.0
    Copyright . . . . : © 1997-2013 Kaspersky Lab ZAO.
    RSA Key Size . . . : 2048
    Authenticode . . . : Valid
    > Ikarus . . . . . . : Trojan.Crypt!IK
     
  7. FYI, when I see a FP, I just right click mouse

    a) Select tools, scan with VT
    b) Report this binary/executable as safe

    Next time I don't see this FP in the scans
     
  8. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Okay, thanks Kees.
     
  9. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    Suspicious files ____________________________________________________________

    C:\Windows\system32\hasplms.exe
    Size . . . . . . . : 4.412.872 bytes
    Age . . . . . . . : 300.7 days (2012-08-22 14:01:1:cool:
    Entropy . . . . . : 7.6
    SHA-256 . . . . . : 83BFF779018218B557853A7EE4F0D767B3E158C69BEB0864D8C0E1634277329E
    Product . . . . . : LDK License Manager Service
    Publisher . . . . : SafeNet Inc.
    Description . . . : Sentinel LDK License Manager Service
    Version . . . . . : 14.0.1.28295
    Copyright . . . . : © 2012 SafeNet, Inc. All rights reserved.
    RSA Key Size . . . : 2048
    Service . . . . . : hasplms
    Authenticode . . . : Valid
    Fuzzy . . . . . . : 28.0
    The file name extension of this program is not common.
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    The Entry Point of this file lies in a resource section. This is an indication of malware infection.
    Program starts automatically without user intervention.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common
    to system tools, drivers and hacking utilities.
    Starts automatically as a service during system bootup.
    Program contains PE structure anomalies. This is not typical for most programs.
    Program is code signed with a valid Authenticode certificate.
    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\hasplms\
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Good idea, I hope more users do this so the thread here won't be flooded with FP scan logs :p
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I've posted a few screenshots of HitmanPro.Alert version 2 here.
     
  12. lkm020

    lkm020 Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    5
    Hi Erik,
    I have similar problem to Krutoi. I have an infected Win XP home machine, not a multiboot, just plain old x86 desktop PC. Does not support USB boot, so using sidekick. When booting from sidekick CD I just get the top line of the boot screen, and none of the 3 menu options shows on the screen.
    Typing 1,2 or 3 does nothing.
    Checked out the CD on another machine (laptop) and I get the 3 menu items as expected.
    Any idea what could be causing it? Other bootable CD's work fine on the same problem PC.
    Thanks
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Have you tried other recovery disks? :rolleyes:
    If it gets really tough, i would take out the HDD plug it into another PC, backup all the files i want and wipe that thing.
     
  14. lkm020

    lkm020 Registered Member

    Joined:
    Apr 2, 2006
    Posts:
    5
    Yep. Tried Kaspersky, Norton, System Sweeper. Found and deleted some threats, but the Ransomware still shows the Cheshire Police screen demanding payment. No option now but to backup and reformat as you suggest. :(
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Well if that malware is so tough IMO the best option would be to start from scratch.
    If a malware got through my security setup then my setup simply failed and i just format it, i never trust AV's cleaning capabilities. Some malware are very presistent.
     
    Last edited: Jun 23, 2013
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    can you go in safe mode and run hitmanpro within a usb?and mbampro too or even combofix will cure it:thumb:
     
  17. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,058
    Location:
    United Surveillance States
    Combofix is a good suggestion. My friend removed some nasty malware with it that everything else he tried failed to clean.
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert v2 Public Beta is available

    HitmanPro.Alert v2 Public Beta is available. See here.
     
  19. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    Re: HitmanPro.Alert v2 Public Beta is available

    Just ran a HitmanPro scan and came up with two Riskware items. I quarantined both of them. However, I'm now thinking one of them is OK, but when I click on the file in the HMP History tab, the Restore button is grayed out. How do I restore that file?

    EDIT: My mistake - all's well.
     
    Last edited: Jun 25, 2013
  20. SM6755

    SM6755 Registered Member

    Joined:
    Jun 26, 2013
    Posts:
    3
    Location:
    United States
    I ran into a problem the other day and needed to completely remove Hitman Pro from a system because after I installed it, it was conflicting with a software application I was working on for class. I figured I could just reinstall it and re start my trial program. I thought I had gotten every trace of the program since I install every application using RevoUninstaller Installer Tracer. I removed every registry entry created by Hitman Pro as well as every file created. Somehow when I reinstalled Hitman Pro it knew I only had 23 days of my trial remaining. This leeds me to believe that Hitman Pro has hidden something in my computer somewhere that it is referring to. This scares me a bit and makes me even more paranoid now not only the NSA is watching me and hiding stuff in computers not Antivirus Software does it to?
    If it wasn't a reg key that was created or a file that was created, whats telling it the date it was installed.
     
  21. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    No need to be paranoid, it's a legal mechanism to control licensing. That's all it is.
    BTW, welcome to the Forums.
     
  22. SM6755

    SM6755 Registered Member

    Joined:
    Jun 26, 2013
    Posts:
    3
    Location:
    United States
    I understand and appreciate that. I trust this program whole heartedly but I mean it Hitman Pro has inserted something that my installer didn't catch then I wonder how many other questionable software tools I have installed and did not get all the way out. I mean what other things are there to use to target activations and can those methods be used for other things
     
  23. redgrum

    redgrum Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    50
    Their servers I would imagine; it probably just recognises your pc.
     
  24. SM6755

    SM6755 Registered Member

    Joined:
    Jun 26, 2013
    Posts:
    3
    Location:
    United States
    As long as it is on their end and not in my computer I feel a lot better.
     
  25. mikeataol

    mikeataol Registered Member

    Joined:
    Jun 30, 2013
    Posts:
    2
    Location:
    USA
    sadly, I too got hit with the sirefef, killed it quickly, ran combofix, malwarebytes, and thought I was done until I found I couldnt reinstall MS Security Essentials.

    Windows 7 , SP1, I had JUST updated everything I could about 10 days ago because I had another machine hit by java exploit to send spam from 2 of my email accounts.

    I have tried a million things, fix it tools, link shell extension, rkill,

    eventually found 4 symbolic links that I could only clear as a last resort by using the fsutil reparsepoint /delete

    they did not show in the kickstart, or regular version of HitmanPro

    3 were
    recyclebin/subfolder/antimalware
    recyclebin/subfolder/en-us
    recyclebin/subfolder/backup, all pointing to c:\windows\system32\config

    4th was C:\Users\All Users ---> C:\Program Data which I see as Im typing this on a different machine would appear to be a legitimate symlinkd, so I have recreated it


    just posting this to let you know , I did not see the "bad" symlinks appear in hitman pro that I just downloaded today

    I tried the beta and the stock versions that are available on the site right now.

    I dont think I can be much help with details, because this is day 2 of trying
    and Ive run a million things in the effort

    windows update was also broken in the aftermath, got that working reasonably quickly.

    tried MS fix it tools, link shell extension, rkill, junction link magic, and more
    I am doing a clean install on a wiped 2nd hard drive at the moment
    as
    no tool of any kind shows a problem at this point
    but MS Security essentials errors out with the 0x80070643
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.