Hitman Pro Support and Discussion Thread

How do you arrive at that number? From the GUI it indicates AV 3 engines.

 

because they use G Data and Ikarus

 

Only old detections. New files are scanned with Kaspersky, Bitdefender and Emsisoft.

 

Oh wow, I wasn't aware they had added Kaspersky! I'd say BD, Kaspersky, and EAM is more than enough. Those are 3 of the top-performing AVs in terms of detection.

 

but you see ever since EAM got BD as an av engine they became more lazy with detection when its come to their own av engine. trust me i had see their detection rate like a football team that was good but then got lazy you can thank hitman pro and vt for the data

 

How you can know this, in emsisoft dublicate detections are deaktivated, so you see more often bd detections, this does not mean emsi would not be able to detect this malware.

 

As far as I recollect the Emsisoft engine in EAM is not designed to work on its own but to complement the Bitdefender engine. Hence all signatures, which are already included in Bitdefender, are considered redundant and are removed.

But as a professional reviewer, you don't have to know that...

 

@FleischmannTV
same i wanted to say
and Emsis engine has a, i personaly think high detection rate of adware.

 

@markusg

Sorry, I must have overseen your posting as I was writing mine.

 

Hi Erik and Hi Mark

Here is another one File for whitelist for you

I have send the File via the right click as a False Positive

Properties
Name NPSWF32_11_8_800_168.dll
Location C:\Windows\system32\Macromed\Flash
Size 15.4 MB
Time 0.1 days ago (2013-09-10 12:46:50)
Authenticode Valid
Entropy 7.0
RSA Key Size 2048
SHA-256 958BC3755C9225B3E9AA75578750A13BF58DD469240A8BD8C3402A5AEDABAECA

Scoring (6.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Program is code signed with a valid Authenticode certificate.

Startup
HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\

References
C:\Windows\system32\Macromed\Flash\flashplayer.xpt

 

Hi Erik and Hi Mark

Here are another some Files for whitelist for you

I have send the File via the right click as a False Positive

Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 0.9 days ago (2013-09-10 19:20:54)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19458
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 93C9B02E9327BB9556002E626489E0E08B6A5322070F4913F7223D8EF1BEA09F

Scoring (8.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 0.9 days ago (2013-09-10 19:20:53)
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19458
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 59F78D3957B64B148DB7332BEAF6661536A638B5463CC01D42D6C5C906029A14

Scoring (11.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

Properties
Name iedkcs32.dll
Location C:\Windows\System32
Size 379 KB
Time 0.9 days ago (2013-09-10 19:20:53)
Entropy 6.0
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IEAK branding
Version 18.00.6001.19458
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 40357EA977D32F13EB9239D52CB9BC71EAA00A10EAB4CC063667A5CE8AB705B5

Scoring (6.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

Properties
Name themeui.dll
Location C:\Windows\system32
Size 602 KB
Time 0.9 days ago (2013-09-10 19:20:50)
Entropy 6.2
Product Microsoft® Windows® Operating System
Publisher Microsoft Corporation
Description Windows Theme API
Version 6.0.6002.18888
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 C1ACC264F7542464C5B6B80D3D9EAB82AF21BA624B1746DF98142D8D4C383C64

Scoring (6.0)
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\

 

My HitmanPro found Gen.Win32.FileInfector!IK in my Windows Temp file this morning on my daily scan. Looked to have picked up this morning (I do not visit risky sites-so unsure how). Anyway, can anyone tell me anything about it? Hitman Pro did delete it-doing other scans as I type.
Thanks,

 

If it's only in the temporary folder, it could be one of the bundled software you've deselected. At least that's the case for me.

 

as long its not in memory then you are fine you can always get rid of it using something like cclearer

 

It was in C:\Windows\Temp\TMP00000008604C...etc. Hitman Pro cleaned it and it's been deleted, No other scans (Hitman or others) show anything, so I guess I am good.

Sorry, I am not the brightest bulb in the IT marque

 

User request

Option to specify folder location of log files in configuration/setup (instellingen)

 

Hi All, Just want to get on the thread, as I install HMP.

 

I installed Hitman Pro. I see it's an annual renewal, so can anyone tell me if a renewal is cheaper than the original cost? Thanks in advance.

 

Re: Hitman Pro Support and Discussion Thread (using Hitman pro)

Hi, I am a new member of this forum. Would someone please help me!
I am using Microsoft Windows XP Professional
Operating System Version 5.1.2600


Originally I installed the software and it became corrupted and slowed down my computer. Also the software intereferred with micrsoft security essentials Then I had to create a system restore point and back up file just to be able to remove it from my computer. I would like to reinstall Hitman pro and activate it only when I wish to scan.
Thank you!

 

Someone please correct me if I'm wrong, but my understanding is that HitmanPro is only active during a scan. It adds the driver before and deletes it after scanning. It doesn't have a resident component.

 

I got a suggestion. Maybe take out Ikarus or Gdata engines or both and add malwarebytes or webroot or both. If you can try to I am not saying you should thanks, Malwar

 

I believe their current partners (Kaspersky, Bitdefender and Emsisoft) is sufficient.

Malwarebytes would be a great partner as they target other malicious content than the mainstream vendors... that is Emsisoft's strategy too, so I dare to say the three above partners is enough.

 

webroot is not good at zero day malware Ikarus world had beat it if in a zero day malware detection test

 

False positive with avast 2014 RC1:
http://i41.tinypic.com/2zfvpyr.png
avast service as fake antivirus