Hitman Pro Support and Discussion Thread

Malware served via Yahoo affected millions

We've wrote a blog post on the various malware served during Yahoo malvertising campaign:

Malware served via Yahoo affected millions
http://hitmanpro.wordpress.com/2014/01/05/malware-served-via-yahoo-affected-millions/

 

Re: Malware served via Yahoo affected millions

Thanks...I will have a read. I go to Yahoo everyday to login to check my e-mail. I am not worried that I will get an infection. I have protection!

P.S. I notice that the previous blog post, was in June 2013. A long time between posts.

 

Re: Malware served via Yahoo affected millions

https://www.wilderssecurity.com/showthread.php?t=358102

 

Erikloman can you check the pm and confirm

 

Is planning to develop a mobile version ?
TH.

 

No, but we do have a router-based solution:
http://www.hitmanpro.com/utm

 

TH.

 

Had an error today on first bootup after instaling hitmanpro v3.7.8 build 208 for the first time.

"hmpsched.exe has encountered a problem and needs to close. We are sorry for the inconvenience."

error signature:
"szAppName : szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000 "

This is on installing on win xp pro sp3 with only outpost pro firewall v7.6 as security.

Anybody else come across this error?

 

Hi Erik

Can you check this 1 File and whitelist the File please

Properties
Name NPSWF32_12_0_0_43.dll
Location C:\Windows\system32\Macromed\Flash
Size 15.5 MB
Time 0.0 days ago (2014-01-17 17:44:22)
Authenticode Valid
Entropy 7.0
RSA Key Size 2048
SHA-256 A9835C091ACCD6F090BBF916EDD6A83CEF0BD65AD0FB75F538B68B3770ECBF34

Scoring (6.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Program is code signed with a valid Authenticode certificate.

Startup
HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\

References
C:\Windows\system32\Macromed\Flash\flashplayer.xpt

SHA256: a9835c091accd6f090bbf916edd6a83cef0bd65ad0fb75f538b68b3770ecbf34
Dateiname: NPSWF32_12_0_0_43.dll
Erkennungsrate: 0 / 48
Analyse-Datum: 2014-01-17 17:05:25 UTC ( vor 0 Minuten )

 

EWS registration. I whitelisted it.

 

Good Mornig @all

Hi Eric can you whitelist these here. It seems all a part
of my Creative Soundblaster Audigy 2 Soundcard Driver.
Its still boring me to see these Guys everyday at Scan.
-----------------
Name CTEDSPSY.DLL
Location C:\Windows\system32
Size 316 KB
Time 2473.1 days ago (2007-04-12 08:10:22)
Authenticode Self-signed
Entropy 3.1
Product Creative Audio Product
Publisher Creative Technology Ltd
Description E-MU E-DSP DSP System Plugin
Version 6.00.01.1241-2.12.0700
Copyright Copyright© 1999-2007 Creative Technology Ltd
RSA Key Size 512
Service CTEDSPSY.DLL
SHA-256 3F9FABCC92F10234D86E75B5FBC97096FF5EF49694B20B8A425F063C03368F86
----------------

Name CT20XUT.DLL
Location C:\Windows\system32
Size 161 KB
Time 2473.1 days ago (2007-04-12 08:10:26)
Authenticode Self-signed
Entropy 4.8
Product Creative Audio Product
Publisher Creative Technology Ltd.
Description Creative 20X Utility Effects
Version 6.00.01.1241-2.12.0700
Copyright Copyright © 2002-2007
RSA Key Size 512
Service CT20XUT.DLL
SHA-256 66D731C335B8A6CA225B8B5CCB4B89B1920928322E2483D4CAF2CF250606A917
----------------
Name CTEAPSFX.DLL
Location C:\Windows\system32
Size 164 KB
Time 2473.1 days ago (2007-04-12 08:10:1
Authenticode Self-signed
Entropy 4.8
Product Creative Audio Product
Publisher Creative Technology Ltd
Description APS FX Plug-in
Version 6.00.01.1241-2.12.0700
Copyright Copyright© 2000-2007 Creative Technology Ltd
RSA Key Size 512
Service CTEAPSFX.DLL
SHA-256 C1D8E5AF7571B01C039B431862F5937F1315996D8039F48780E856F7640A99D1
----------------
Name CTEDSPFX.DLL
Location C:\Windows\system32
Size 274 KB
Time 2473.1 days ago (2007-04-12 08:10:20)
Authenticode Self-signed
Entropy 4.4
Product Creative Audio Product
Publisher Creative Technology Ltd
Description E-MU E-DSP Effects Plugin Module
Version 6.00.01.1241-2.12.0700
Copyright Copyright© 1999-2007 Creative Technology Ltd
RSA Key Size 512
Service CTEDSPFX.DLL
SHA-256 708A16A6A642F5A21FDFA478964B4D428ACA329CBE6308BAB3759B5C058955E2
----------------
Name APOMgrH.dll
Location C:\Windows\system32
Size 103 KB
Time 2473.1 days ago (2007-04-12 08:10:2
Authenticode Self-signed
Entropy 6.6
RSA Key Size 512
SHA-256 AF92A1806E54F77552750B115E2BC1ABC007DA660963FD833A323590FFEDFA48
----------------

Greets

Lucien

 

Hi Erik

Thank you very much for your information.

And i have some questions for you

1. Any infos for a new Hitman Pro Version

2. Any new infos for Hitman Pro 3.8

3. Any new infos for Hitman Pro 3.9

4. Any new infos for Hitman Pro 4.0

 

This is the release order for coming weeks:
HitmanPro 3.7.9 out very soon (various improvements)
Alert 2.5 stable
Alert 3 beta

 

Its because this stuff is self-signed with VERY poor RSA key length.
I'll see if I can whitelist these.

 

Hi Erik

Thank you very much for your informations

 

Will you fix these False Positives please thanks Eric!!:

C:\Documents and Settings\\Desktop\processhacker\x64\kprocesshacker.sys
Size . . . . . . . : 39,320 bytes
Age . . . . . . . : 140.7 days (2013-08-31 19:35:05)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 7994047EB93571B2F35C52FB67EA47B23E45EC684988FDC81590875C1172D2FA
Product . . . . . : KProcessHacker
Publisher . . . . : wj32
Description . . . : KProcessHacker
Version . . . . . : 2.6
Copyright . . . . : Licensed under the GNU GPL, v3.
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:RiskTool.Win64.PHack.b
Fuzzy . . . . . . : 93.0

C:\Documents and Settings\\Desktop\processhacker\x86\kprocesshacker.sys
Size . . . . . . . : 26,624 bytes
Age . . . . . . . : 140.7 days (2013-08-31 19:35:05)
Entropy . . . . . : 6.1
SHA-256 . . . . . : A3D65E0F04514F60ACAA70F934E3E888211301566415822E6326FA930A551BA1
Product . . . . . : KProcessHacker
Publisher . . . . : wj32
Description . . . : KProcessHacker
Version . . . . . : 2.6
Copyright . . . . : Licensed under the GNU GPL, v3.
> Kaspersky . . . . : not-a-virus:RiskTool.Win32.PHack.d
Fuzzy . . . . . . : 100.0

 

Another FP from Kaspersky it seems:
C:\Users\XXXX\Downloads\PowerTool x64 V1.3 (en)\PowerTool.exe
Size . . . . . . . : 1.483.776 bytes
Age . . . . . . . : 0.0 days (2014-01-19 20:07:49)
Entropy . . . . . : 7.9
SHA-256 . . . . . : A78D973DA78AE34703317B8AE95423404ADC28EBA3EE11BF002AA1CBAA415AEA
Product . . . . . : PowerTool
Publisher . . . . : hxxp://twitter.com/ithurricanept Edit: delinked
Description . . . : Anti-virus/rootkit/bootkit Tool
Version . . . . . : 1.3.0.0
Copyright . . . . : Copyright @ 2010-2013. By ithurricane. All rights reserved.
> Kaspersky . . . . : HEUR:Trojan.Win32.Generic
Fuzzy . . . . . . : 110.0

 

Solved.

 

Solved.

 

HitmanPro 3.7.9 Build 211 BETA

The first new build in 2014. With various improvements and fixes.

Changelog

• Version 3.7.9
• IMPROVED: Ransomware detection through forensic clustering (see screenshot below).
• IMPROVED: Forensic clustering algorithm
• IMPROVED: Remnant scan to repair web browser shortcuts
• IMPROVED: Scanning of Start Menu items on Vista, Windows 7 and 8
• ADDED: Internet Explorer start page and search engine to remnant scan
• ADDED: Firefox Prefs.js to remnant scan
• ADDED: Repair for disabled Command Prompt
• FIXED: Tab handling in trial request dialog
• FIXED: Problem parsing AppInit_DLLs registry value
• FIXED: Crash when the scan stumbles on a specific crafted file
• UPDATED: Botan crypto library

Screenshot


Download
http://www.surfright.nl/downloads/beta

Please let me know how this version runs on your computer

 

Ran fine here

 

Thanks

New beta running fine here

 

Ran the new beta...

I have recently installed this program. Probably, OK.

 

Latest beta .211 running fine here too.

Request: place on mainscreeen the date of the last scan. Now its Settings > History > Logs.

 

Oh thats a good idea! Thanks