Hitman Pro Support and Discussion Thread

which antivirus in the cloud?
i saw last Comment that have Kaspersky Emsisoft Bitdefender but last scan i
did i saw signature of ikarus,

 

WinPatrol suspicious?



...

 

http://i.imgur.com/w7UC7iQ.png

 

The GUI for 203 says one thing the log says something else.

> G Data . . . . . . : Trojan.Generic.KDZ.7466
> Ikarus . . . . . . : Trojan.SuspectCRC!IK

Al

 

i know i have the latest version of hitmanpro i say that i see and i still see
signature of ikarus antivirus

 

Newly uploaded files are not being scanned by Ikarus, because it is no longer in the cloud, but if older files have been detected by Ikarus in the past, then HMP remembers this.

 

but Kaspersky is really worth the change of 3 AV ?
Dr Web, G Data , ikarus ?

 

Only Surfright can answer that, though Dr. Web was already gone earlier:
https://www.wilderssecurity.com/showpost.php?p=2209660&postcount=5216

 

Re: hitmanpro kickstart & sidekick 2.2 hang

I have tried sidekick and kickstart on two computers now, and in both cases they hang, although in different locations.

On the newer computer (a Dell running xp) where I can bootup from a usb flash drive, Kickstart declares itself (2.2) and offers its three choice boot menu and asks for my choice. When I enter a choice, 1, no number appears on the screen and nothing happens, it just hangs. Also, on the same computer, when I try to bootup through Sidekick, Sidekick declares itself and also offers the three choices, whereupon it hangs just as Kickstart did booting directly from the usb flash drive. I used this computer just to test; it has no ransomware problem.

On the older computer with the ransomware problem which cannot bootup from a usb flash drive, I get the message:

"1. HD System Type - (00)

HitmanPro.Sidekick 2.2 - (c) 2012, 2013 SurfRight"

At that point it hangs. It does not even show the three bootup choices.

Does anyone have any ideas? Of course, I do not care directly if it works on the newer uninfected computer, but what it does on that computer may give a clue about why it doesn't work on the infected computer.

 

Re: hitmanpro kickstart & sidekick 2.2 hang

Is there a trick to creating a SideKick usb from within HMP 3.7.7.203? I click on the little icon at the bottom of the GUI, get the next screen showing Step 1 (insert the usb). After doing that, that's the end of the line for me - nothing else happens.

 

I have started using Hitman Pro a little bit recently and am very impressed with it's malware detection abilities. I have used it in the past a while back, and used to use it back in the early days when it largely relied on 3rd anti spyware scanners like Spybot and Spyware Doctor to do the scanning.

I was given a computer today to clean multiple infections from (it had AVG 2013 installed). A quick scan with Malwarebytes revealed a few threats - including ZeroAccess (which I come across fairly often) along with various PUPs/Adware which I all removed. However, upon rebooting there was still an infection remaining which replaced the usual download completion message in Internet Explorer with a message stating that the download contained a virus and was deleted.

I did a scan with Kaskersky's TDSSKiller which found and deleted 2 suspicious items - but the infection still remained. I was tempted to try HMP next, but decided to download Baidu Antivirus as it can run alongside other antivirus software. But it found no threats.

Finally I ran a scan with HMP and it was able to find and delete the infection. In the future I can see myself using HMP a lot more and buying a licence.

 

I just meant vendor names thanks.

 

Hi Erik and Hie Mark

Can you Whitelisted the Files please

Properties
Name asdnet.sys
Location C:\Windows\system32\DRIVERS
Size 15.3 KB
Time 0.3 days ago (2013-08-13 22:53:03)
Authenticode Valid
Entropy 6.7
RSA Key Size 2048
Service asdnet
SHA-256 BE83BBA33EA752E82AE9CC9CDFD90C73E0F3C838650D1EE72CEE880C376698CE

Scoring (6.0)
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

Startup
HKLM\SYSTEM\CurrentControlSet\Services\asdnet\

Properties
Name cryptsvc.dll
Location C:\Windows\system32
Size 130 KB
Time 0.4 days ago (2013-08-13 19:44:51)
Entropy 6.5
Product Microsoft® Windows® Operating System
Publisher Microsoft Corporation
Description Cryptographic Services
Version 6.0.6002.18881
Copyright © Microsoft Corporation. All rights reserved.
Service CryptSvc
SHA-256 DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92

Scoring (11.0)
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc\

Properties
Name tssecsrv.sys
Location C:\Windows\system32\DRIVERS
Size 23.5 KB
Time 0.4 days ago (2013-08-13 19:45:32)
Entropy 5.8
Product Microsoft® Windows® Operating System
Publisher Microsoft Corporation
Description TS Security Filter Driver
Version 6.0.6002.18868
Copyright © Microsoft Corporation. All rights reserved.
Service tssecsrv
SHA-256 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E

Scoring (7.0)
Starts automatically as a service during system bootup.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SYSTEM\CurrentControlSet\Services\tssecsrv\

Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 0.4 days ago (2013-08-13 19:45:22)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19453
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 D9344AE4F7B0FF8AAC7CE5C03E3A109D383A7EF9CBF5F73A618AC7DA605E5B2D

Scoring (8.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

Properties
Name iedkcs32.dll
Location C:\Windows\System32
Size 379 KB
Time 0.4 days ago (2013-08-13 19:45:20)
Entropy 6.0
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IEAK branding
Version 18.00.6001.19453
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 E02F8CEB9530BD9BD51FB774139D83FF71FBDFDAF5D940E99F01C65CA7A1D0E8

Scoring (6.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 0.4 days ago (2013-08-13 19:45:20)
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19453
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 2ECE68782BC19975431212690028EBC95FD3CB8CDF97A64F63EA12109A5A4229

Scoring (11.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

Thank you very so much

 

~ Snipped as per TOS ~ Just report false positives with the built-in function in Hitman Pro! You guys are spamming this great thread with personal stuff!

 

user is not able to report it.
C:\Users\Rene\Downloads\JRT.exe
Size . . . . . . . : 1.158.897 bytes
Age . . . . . . . : 1.0 days (2013-08-14 13:21:55)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 4724C5E19DA74197D1B4A2A4851EE907548BA06ACFAB2B6D7B3C878A9052C8D7
Product . . . . . : Junkware Removal Tool
Publisher . . . . : Thisisu
> Ikarus . . . . . . : Virus.Win32.PePatch!IK

 

We just published a beta version of HitmanPro 3.7.7 build 204. Changes:

• ADDED: Forensics-based universal detection of the Sinowal/Torpig Trojan.
• IMPROVED: Compatibility with TeaTimer from Spybot S&D.
• UPDATED: Embedded white lists.

32-bit: http://dl.surfright.nl/HitmanProBeta.exe
64-bit: http://dl.surfright.nl/HitmanProBeta_x64.exe

If you experience any problems, please let us know. Thanks!

 

Running the build 204 beta...


The first time I got a freeze and had to reboot.

Tried to run again and got a BSOD, this time.

 

204 beta is running fine here

 

I use a separate standard user account for online payments. I use to scan with hitman pro before I start any online transaction. But does hitman pro scans files of the standard user account since it always start with admin credentials (UAC Prompt for admin password)?

 

204 (64-bit) no issues and 0 EWS

 

204 runs quicker than ever on XP, happy, happy, happy.
Phil.

 

HitmanPro scans all user accounts and also interrogates files that start automatically, files that have shortcuts, stuff that runs in memory, files that are located in important system locations and everything else that has been added to the hard disk the last few weeks. The UAC prompt is for the driver that is deployed temporarily for e.g. direct disk access and our universal rootkit detection technology.

 

Thanks

 

I saw a Hitman Pro advert about a month back offering Emisoft anti malware with Hitman Pro , one of them was free with the offer. I am not understanding this, why would I need 2 anti malware programs? Is Emisoft an A/V or an anti malware program like Hitman Pro? The only thing I can think of is that Emisoft is a real time protection like Malwarebytes Pro and Hitman Pro is a scanner. Lost and a customer of Surfright. I also have Eset Smart Security 6, how much do I need?

 

It's probably better to listen the answer form the official developer, but to fill the gap...

I believe the offering was because of SurfRight's cooperation with Emsisoft. You have a full right to ignore it or accept it. EAM is more into a full AV so I hope that means your question has been answered.