Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    @simmersK00L,

    Regarding the lost 9 days by renewing early, perhaps Erik can fix that for you. You'd probably best contact @erikloman by private conversation.

    Regarding your new license not being activated in HMPA -
    Did you buy a new HMPA license, or did you buy a new HMP license?
    The HMPA license is for both HMP and HMPA, but the new HMP license is for HMP only.
    If you bought the wrong license, HMP only and not HMPA, also best contact @erikloman by private conversation, I hope Erik can fix that for you.
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Send me a PM with your product key and I'll get that sorted out.
     
  3. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    HMP Ignore.png
    Code:
    HitmanPro 3.7.15.281
    www.hitmanpro.com
    
       Computer name . . . . : BJM-PCW10
       Windows . . . . . . . : 10.0.0.14393.X64/4
       User name . . . . . . : BJM-PCW10\bjms
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Paid (776 days left)
    
       Scan date . . . . . . : 2017-01-17 18:38:39
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 5m 45s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 4
    
       Objects scanned . . . : 1,560,487
       Files scanned . . . . : 24,245
       Remnants scanned  . . : 265,359 files / 1,270,883 keys
    
    Miniport ____________________________________________________________________
    
       Primary
          DriverObject . . . : FFFFD486DFDC28E0
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF801D87E5360 \??\C:\WINDOWS\system32\drivers\hmpalert.sys+152416
       Solution
          DriverObject . . . : FFFFD486DFDC28E0
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF801D4CC3840 \SystemRoot\System32\drivers\storport.sys+14400
    
    Suspicious files ____________________________________________________________
    
       C:\Program Files\Sandboxie\SbieDrv.sys
          Size . . . . . . . : 205,968 bytes
          Age  . . . . . . . : 34.9 days (2016-12-13 20:13:30)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 33D68239D655054CE8822438E96D2648193419D8D94F979A4B67AF57BCEF6CBD
          Product  . . . . . : Sandboxie
          Publisher  . . . . : Sandboxie Holdings, LLC
          Description  . . . : Sandboxie Kernel Mode Driver
          Version  . . . . . : 5.16
          Copyright  . . . . : Copyright © 2004-2016 by Sandboxie Holdings, LLC
          Service  . . . . . : SbieDrv
          LanguageID . . . . : 1033
          Fuzzy  . . . . . . : 43.0
             The file is hidden from Windows API. This is typical for malware.
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Starts automatically as a service during system bootup.
             The file is a device driver. Device drivers run as trusted (highly privileged) code.
          Startup
             HKLM\SYSTEM\CurrentControlSet\Services\SbieDrv\
    
       C:\Users\bjms\Downloads\hmpalert3.6.3.578.exe
          Size . . . . . . . : 4,878,992 bytes
          Age  . . . . . . . : 1.1 days (2017-01-16 16:46:00)
          Entropy  . . . . . : 7.3
          SHA-256  . . . . . : 2769BF217257CC541B2F9D17D9EA8CA119784D527160D439CEF06778B110046A
          Product  . . . . . : HitmanPro.Alert
          Publisher  . . . . : SurfRight B.V.
          Description  . . . : HitmanPro.Alert
          Version  . . . . . : 3.6.3.578
          LanguageID . . . . : 1024
          Fuzzy  . . . . . . : 24.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
    
       C:\Users\bjms\Downloads\SandboxieInstall64-517-1.exe
          Size . . . . . . . : 5,483,768 bytes
          Age  . . . . . . . : 4.1 days (2017-01-13 16:03:18)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : 5FA09D9E5A211B77B380210344BFBE539D2D9975663F0123EF89F9A243DD08FE
          Product  . . . . . : Sandboxie
          Publisher  . . . . : Sandboxie Holdings, LLC
          Description  . . . : Sandboxie Installer
          Version  . . . . . : 5.17.1
          LanguageID . . . . : 0
          Fuzzy  . . . . . . : 25.0
             The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
    
    
    
    
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    "hmpalert3.6.3.578.exe"?? :argh:
     
  5. guest

    guest Guest

    Weird ;)
    "It may belong to a rootkit."

    I did a scan myself (i have the same files) and it detected nothing suspicious :cautious:
     
  6. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    The scan was initial Alert Scan with .578 install.
     
  7. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, HitmanPro scan detects nada.
     
  8. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    perhaps my bad?? I got email from sophos, I like apps so quickly renewed, assumed last license worked for both, so assumed it was the same "deal."
     
  9. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    ok, if I goofed and underpaid, I'm happy to pay price for combined license.
     
  10. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    @bjm,
    If those strange detections are found only if the HMP scan is initiated by HMPA 3.6.3.578 beta, and not when the scan is initiated by HMP 3.7.15.281, it may be specifically a HMPA 3.6.3.578 beta issue.
    In that case, perhaps it would be better to post in the HMPA thread. Although, I guess @erikloman will notice these posts in the HMP thread as well.
     
  11. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    I posted here because HitmanPro.Alert called HitmanPro.
    At the moment, I was amused, just wanted to share.
    Odds are one-off as no one else reports.
    Thanks!
    BTW ~ can you help with #7398, #7400
     
  12. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    I don't know.
    I don't know if many users test the HMP scan initialized by HMPA. I usually don't.
    Furthermore, not everyone tested HMPA 3.6.3.578 beta, as Erik mentioned the hmpnet.sys being not co-signed by Microsoft had to be fixed. Some users, myself included, are still waiting for a next HMPA build to test.

    I noticed those posts, but I have no answers.
    I hope Erik or Mark can provide an answer to your questions.
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Yeah, I was curious how HitmanPro deep-scanning technology analyzes, classifies behavior of static setup installers.
    Thanks
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro reads raw disk sectors. It can happen that a file is on the physical disk but already deleted in the file system. Windows then has to flush the actual change to the disk.

    This canlead in a rare instance to display this suspicious items.

    Also if you run a file system virtualization product it can also lead to discrepancy to files served by Windows and actual files on the disk. The virtualization driver serves his version of the disk and HitmanPro reads the actual disk.
     
  15. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Using the new HMPA build 579 beta, I tested the HMP scan initiated by HMPA.
    No strange scan results on my system.
     
  16. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    Great!
    and HitmanPro Threats detected: 0 (Default scan) means HitmanPro's behavioral, deep-scanning technology found 0 malware. #13, #83
    "If the malware is active (or will become active), it will find it"
    Thanks!
    Edit: EWS returns Threats: 0 with Unknown
     
    Last edited: Jan 18, 2017
  17. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    Erik fixed my renewal license snafu not only for hmp.a but also for hmp, and added a bonus! Very generous. Great software, good people.
     
  18. guest

    guest Guest

    Nice :thumb:
    What was the bonus? Do they "extended" the license for some more days?
     
  19. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    323
    Location:
    USA
    yes he did, and more than 9 days :D
     
  20. Jan42

    Jan42 Registered Member

    Joined:
    Feb 9, 2016
    Posts:
    11
    Does the program update itself automatically or, when a new version comes out, do you have to download the new version and install it manually ?
    The reason I ask is that I have not seen any updates yet, probably because I am relative new to the program and not been using it for a long time.
    I have a paid licence for hmp. Hmp works, in my opinion, very well and finds more than most other av products. I have read alot about this product and seen it in action on various youtube videos.
    I can't find anything about program updating anywhere on the official website. And there is no button to check for updates.
    Don't get me wrong, I absolutely love this product and think it is one of the best out there.
    I think there should be information on the official website about how and if the program updates itself whenever a new version is out. Naturally I would assume that it updates itself automatically.
    Anyway, sorry for the somewhat noobish question :oops:
     
  21. guest

    guest Guest

    It is automatically updating itself, you don't have to install it manually.
    The latest release is: HitmanPro 3.7.15 Build 281 (October 2016)
     
  22. Gapliin

    Gapliin Registered Member

    Joined:
    Feb 12, 2012
    Posts:
    81
  23. Jan42

    Jan42 Registered Member

    Joined:
    Feb 9, 2016
    Posts:
    11
    Thanks mood and Gapliin for the replies, very much appreciated.
    Indeed I have the version 3.7.15 build 281. I think I have the paid license for about a month or two. I honestly didn't know how the update procedure works.
    Thanks for the clarification or confirmation.
    This product is absolutely great, it even gets rid of cookies if you happen to pick them up, which I like as well :thumb:
     
  24. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    634
    Location:
    United States
    So I used to use Hitmanpro free on my Windows 7 computer and you had to install it. I have Windows 10 now and the regular version, not Alert, and I can't enable windows shell intergration anymore, it's just greyed out. I'm assuming this is because it doesn't install on the computer anymore?
     
  25. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    I have HMP installed on my Win10 machines.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.