HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Lately I have been finding the hitmanpro.com domain frequently unreachable from a USA IP address. But if I connect via VPN to an IP in the EU, no problem!
     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    The error I was getting had to do with DNS. I changed one of my DNS servers to Google's 8.8.8.8 and the then the HMPA download worked.
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Interesting. Normally I use OpenDNS from my ISP connection. My VPN has private DNS servers, so maybe that is why that worked better.

    I wonder if by making Google DNS my router's secondary would help when something like this happens? Both primary and secondary are now set to OpenDNS.
     
  4. jimmytim

    jimmytim Registered Member

    Joined:
    Jun 1, 2015
    Posts:
    22
    so i stumbled on a post

    http://bbs.kafan.cn/thread-2089134-1-1.html

    this person is testing old-ish version (12/12/2016) of av program in a closed environment, against wannacry, including HitManPro.Alert(3.6.1 Build 574), just to test their proactive defence

    what are peoples thoughts?
     
  5. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Yes, I was using OpenDNS too when I couldn't connect.
     
  7. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Thanks for that info! :thumb:

    Turns out my router has 3 slots for DNS servers, so I put Google in third place. Funny thing after that, is my internet connection always went to Google DNS after I added it, even as tertiary.

    So I yanked out OpenDNS and put both Google DNS servers in as my primary and secondary.

    Web pages seem to load up much quicker now. Maybe OpenDNS (Cisco) is having issues?
     
  8. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    155
    Location:
    UK
    Yep, I use OpenDNS too. Changed the second server entry in my router and all working now :)

    I checked via www.downforeveryoneorjustme.com and that showed test.hitmanpro.com down too, which is what prompted my previous post. The site is still showing down via downforeveryoneorjustme so presumably they're using Open DNS as well.

    Thanks everyone!
     
  9. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks Krusty. Are you on W7 or W10? I am on 10 and I know there was issues awhile back.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I think that the tester is using a system without any personal files. A frequent mistake by testers.

    If there are no documents or images getting encrypted by the ransomware, then CryptoGuard has nothing to protect and therefore won't trigger and rollback the ransomware.

    If you test, make sure there are at least a handful of documents and images on the system. Standard Windows sample images don't get encrypted by ransomware as these are skipped by ransomware for obvious reasons (too easy to detect).

    The screens we posted from WannaCry are from machines with a few documents. Then CryptoGuard kicks in. Even HMPA 2.6.5 from April 2014 catches WannaCry.

    Hence, stuff needs to get encrypted. Otherwise there is no point to demand ransom.

    Note that most ransomware are stupid. They demand ransom regardless wether documents or images were encrypted, at the end of the operation.

    Hope this helps.
     
    Last edited: May 14, 2017
  11. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    Not a surprise to see Bitdefender, Kaspersky and Emsisoft doing great :argh:

    Hitman Pro Alert version 2 was able to protect the system against this ransomware, version 3 should be more than enough to block this threat.
     
  12. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    check the picture, he has encrypted files on his desktop...
    http://fj.ikafan.com/attachment/forum/201705/13/235004vmmmzrmxr1s19anp.jpg
     
  13. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    BTW, I saw Mark Loman on Dutch TV. To be honest, I thought he should have promoted HMPA a bit more, or wasn't he allowed to? :D
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Win10 CU x64.
     
  16. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Thanks and no issues. Good to know. Thank you.
     
  17. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    I will PM you. Having an issue with Chrome extension.
     
  18. jimmytim

    jimmytim Registered Member

    Joined:
    Jun 1, 2015
    Posts:
    22
    cool, thanks for the info
     
  19. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136

    Hi Erik,

    So patient zero opens an attachment and HMP.A stops WannaCry from encrypting that computer, but ETERNALBLUE will still go from THAT computer to other computers. Is that correct?

    Ed.
     
  20. eddiewood

    eddiewood Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    136
    From the BBC:

    I hope the Loman guys have Sophos stock options!
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    All of a sudden, BleachBit is being "terminated to prevent execution of malicious code" by HMP.A CryptGuard (3.6.4 build 588 ). This happening to anyone else?
     
  22. mrhex1

    mrhex1 Registered Member

    Joined:
    Jul 2, 2016
    Posts:
    19
    Location:
    Timbuktu
    Many years ago I noticed that Comcast's primary DNS servers for cable Internet connection ALWAYS seemed to time out. Guess what happened when I put google as my primary & secondary DNS? I stopped having so many problems with websites & slow browsing sessions.
     
  23. httpe

    httpe Registered Member

    Joined:
    May 15, 2017
    Posts:
    1
    Location:
    China

    Hi, erikloman

    I am the tester of that post. I have rechecked my test condition and found the problem.
    Under the original test, I have only placed personal files (text, image etc.) in Desktop folder, under which condition HMPA did not protect the test machine from the ransomware.
    However, after adding some personal files to My Documents and redo the test, HMPA do prompt properly and protected the files.
    I am wondering whether this behavior is expected or a bug.
    Could you comment on it?
     
  24. mrhex1

    mrhex1 Registered Member

    Joined:
    Jul 2, 2016
    Posts:
    19
    Location:
    Timbuktu
    I don't pretend to know the Dutch customs & what not, but from the Defcon talks that I have seen with the Germanic/Scandic regions of Europe tend to be less pretentious than say their yank & Anglo-Saxon counterparts. The Defcon talk that stood out to me was the Netherlands toool locksport folks. The viewpoint of the lock enthusiasts was that if a company makes a claim as in the example of Medeco. I am taking extreme liberties here, that their lock is "near unpickable", then that company should be held up as an example. Put your money where your mouth is kind of claim. Not to say that Medeco locks are of low quality.

    Liability can also be different in some European countries. Most of the IT knowledge that I go after tends to settle on physical lock designs of high security. Most of the best brands tend to be Abloy, Assa, Abus, Fischet, etc. Abloy is Finnish, Abus is German, with the others in Europe.

    Finally I would further say that the Loman brothers probably like to see their product succeed on its merits alone. Not of flashy advertising & marketing hype.
     
  25. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Anti-virus stocks rally with ‘WannaCry’ cyber attack expected to hit again...

    In the U.K., antivirus company Sophos Group PLC SOPH, +7.82% shares surged 7.2%..."

    Congtraz ! Bonus Time for The Loman Brothers -- The Ransomware Warriors of Intercept X :)



    http://www.marketwatch.com/story/anti-virus-stocks-rally-with-wannacry-cyber-attack-expected-to-go-on-the-rampage-again-2017-05-15?siteid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A marketwatch%2Fsoftware MarketWatch.com - Software Industry News #42371397390456966701
     
    Last edited: May 15, 2017
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.