Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Hi HMP,
    Had a Suspicious Ignore. VirusTotal reports clean. Should I report clean via HMP based upon VirusTotal.
    Seems, if VT report clean then HMP would already know. So, what's best practice.
    Suspicious files ____________________________________________________________

    C:\Users\bjms\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
    Size . . . . . . . : 42,296 bytes
    Age . . . . . . . : 2.4 days (2015-07-10 15:15:46)
    Entropy . . . . . : 5.6
    SHA-256 . . . . . : B99D7E9D0119C892099E642FF8B29312D6149E922D160DB7A9B693DEB4F4EF3C
    Product . . . . . : HPSF_Config
    Publisher . . . . : Hewlett-Packard Company
    Description . . . : HPSF_Config
    Version . . . . . : 1.0.0.0
    LanguageID . . . . : 0
    Fuzzy . . . . . . : 22.0
    The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
    Time indicates that the file appeared recently on this computer.
    ~ Removed VirusTotal Results as per Policy ~
     
  2. oma53

    oma53 Registered Member

    Joined:
    Mar 10, 2008
    Posts:
    87
    Hello


    Could someone explain what this means?


    Upon checking with HitMan Pro, which usually shows nothing, this is what the log file states. This started yesterday and I assumed it was a false positive. When I checked today, it show the same as yesterday.


    I have ran all of my security and it comes up clean.


    Thank you


    (This is a portion of the log file in case I have trouble attaching it)

    Potential Unwanted Programs _________________________________________________


    C:\Program Files\Security\ (SecurityVerifier)

    C:\Program Files\Security\mbar\ (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\ (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\actions.ref (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\Configuration\ (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\Configuration\build.conf (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\Configuration\config.conf (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\Configuration\database.conf (SecurityVerifier)

    C:\Program Files\Security\mbar\Data\Configuration\local.conf (SecurityVerifier)
     

    Attached Files:

  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    In #6651 I tried to mention.. { "It may belong to a rootkit".. got my attention }.
    So, I didn't know if I should tell HMP that the Suspicious / Ignore item is deemed safe by Virus Total. When I tell HMP item is safe. Does HMP then re-check..?
    Thanks
     
  4. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 1 File and whitelisted the 1 File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  5. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 9 Files and whitelisted the 9 Files please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  6. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 1 File and whitelisted the 1 File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  7. Andra

    Andra Registered Member

    Joined:
    Jul 17, 2015
    Posts:
    13
  8. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Ran into a significant problem with HMP.A today: I used the scan function and it came back with 10 "traces," including a couple of items that were tagged as "CouponBar" and several as "YahooToolbar." IIRC they were all Registry items, most in HKLM\SOFTWARE and some in HKU.

    I decided to delete them; HMP.A created a restore point before proceeding. Good thing it did that, because next thing I knew, I could no longer download images for e-mails in Outlook 2007, and Outlook could no longer retrieve e-mail from one of my e-mail accounts. :eek:

    Worse yet, when I tried to do a System Restore, Vista informed me that the service could not open. Had to reboot into Safe Mode, and then I could open the System Restore UI.

    I kept my fingers crossed as Vista rebooted again, waiting anxiously for its report on whether the restore was successful. Several minutes later, fortunately, it was. Outlook is working normally once again.

    Next I ran a new scan of the computer with HMP.A and this time it came up with 8 traces, including the two CouponBar and six YahooToolbar traces. Took a screenshot, but I'm not touching those again!

    Could one or more of these "traces" be false positives? Deleting them broke some fairly important functionality on my system.
     
  9. PallMall

    PallMall Guest

    From where did you perform the scan? From HitmanPro.Alert or from Hitmanpro? When it comes to the scan feature HitmanPro.Alert either uses your HitmanPro application if you have it installed either downloads it otherwise.

    Whatever, have a look at what is launched on Windows Start. Maybe you have a process starting with Windows which is problematic. Generally speaking if HitmanPro cleans up, then reboots your system, and you find yourself again with traces then obviously not everything was eradicated with the first scan.
     
  10. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    See my reply over in the HMP.A thread, where I originally saw your reply. Now I see it here too. :confused:

    I guess in future I'll continue posting on that particular question here.
     
  11. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @JEAM: please do a scan with Hitmapro, no matter if you do it from within HMP.A, or a installed HMP
    and post a screenshot, to help analyze your issue.
     
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,038
    Location:
    Texas
    We have two Hitman Pro threads which can be confusing to say the least.

    Hitman Pro Support and Discussion Thread

    HitmanPro.Alert Support and Discussion Thread
     
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Please scan again and click on one of the alerts, to see which engine flagged MRT.exe as Trojan.
    Than post a screenshot.
    Most likely it was Bitdefender..

    MRT.exe is Microsoft Removal Tool.
     
  14. PallMall

    PallMall Guest

    Your had written indeed on HMP.Alert's thread : "I performed the scan from HMP.A (which is why I'd posted it here).
    I'm not sure that there is anything bad to clean up on my system. If anything, it looks like maybe something that was not bad (a FP?) got deleted, leading to the decreased Outlook functionality. No other scanner that I've tried finds these problems (Norton 360 resident, ESET Online Scanner, MRT, MSERT, Windows Defender, MBAM)
    "

    OK- I agree with Hiltihome, perhaps the best is indeed to "do a scan with Hitmapro, no matter if you do it from within HMP.A, or a installed HMP
    and post a screenshot, to help analyze your issue.
    "

    False positives is always possible though surprising with HMP. Nothing is sure at 100%.

    Good thing to stay here on HitmanPro's thread, your issue doesn't concern HitmanPro.Alert specifically. The fact both applications may interact shouldn't be confusing.
     
  15. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    OK, here's the screenshot. (Moderator: please modify/delete if there is any potentially sensitive information shown there, thank you.)

    HMPA Yahoo Toolbar.jpg
     
  16. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    @JEAM: Your screenshot shows items, that are not active threats.
    Removing all of them should not cause the issues you described in your first post.

    If I where you, I would make a restore point and remove those items.

    Just in case, do a image of your system partion, if something goes wrong, which I doubt.
     
    Last edited: Jul 25, 2015
  17. Lagavulin16

    Lagavulin16 Registered Member

    Joined:
    Nov 26, 2014
    Posts:
    195
    Location:
    Emerald City
    @markloman Off the cuff perhaps, but wondering if you guys may eventually consider introducing an antilogger app. Kind of like those folks over at Zemana (wink); except, of course, at least as good or better. SurfRight Antilogger... imagine the possibilities. :D
     
  18. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    They already have, HitmanPro.Alert
     
  19. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    When I upgrade my PC to Windows 10 (will be released this week), will my license still be accepted, or do I need to contact Surfright to reset it?

    (Did anyone try this with the Windows 10 betas?)
     
  20. theshadow247

    theshadow247 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    323
    Location:
    ontario.canada
    every thing working good hear.win.10 pro hitman pro,242.mbea.shadowdefender.
     
  21. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Hmm... making a restore point and removing them is precisely what I did the first time, and then all the reported problems started happening. When I went back to that restore point, the problems stopped.

    In the future I think I'll just ignore these "traces" and leave them alone.
     
  22. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    582
    Location:
    South Carolina, USA
    hitmanpro flags the same "couponbar"-regkey on my computer and, on my computer, it is a false-positive..

    on my computer, the regkey is an activex-killbit.. i am not sure how the activex-killbit was added to my registry but i will guess that it was added by "spywareblaster"..

    here is what my hitmanpro scan-log shows:
    ------------------------------------------------------------------------
    Potential Unwanted Programs
    HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
    -------------------------------------------------------------------------
    here is what the regkey looks like in my registry:

    HMPFP1.jpg

    jeam, you can do scans with "adwcleaner" and/or "junkware removal tool", and "malwarebytes", to try to get rid of the yahoo toolbar, and "yahoo companion", if you want to.. scanning with ESET's "online-scanner" is another option..

    incidentally, "junkware removal tool" will NOT run on my "windows xp" computer.. if you are using "windows xp", it may run on yours, but it doesn't run on mine..

    https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    http://thisisudax.org/

    http://www.eset.com/us/online-scanner/
     
    Last edited: Jul 26, 2015
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    If you can't remove these "traces", there must be some serious issues with your PC.
     
  24. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    582
    Location:
    South Carolina, USA
    or there is a problem with hitmanpro's cleaning-process, and that is causing a problem..

    or it could be a problem with the yahoo toolbar(s), where removing them causes a problem..
     
  25. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    Neither the ESET Online Scanner nor MBAM Free find these thingies. I'll try the JRT and Adwcleaner, thanks for the suggestions.

    BTW I'm on Vista so hopefully both of these tools will work.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.