Hitman Pro Support and Discussion Thread

Thanks, plat:1098 - just wanted re-assurance, I guess. I will just drop HMP for now.

 

Pretty much, I just ran Hitman Pro and it says Windows 7.exe is malware.

it says:

not-a-virus: HEUR:RiskTool.win32.BitCoalMiner.gen

I attached a PNG capture of the program details.
I really don't want to delete it because it's Windows 7.exe but it says it's BitCoalMiner. That doesn't sound too good.
It's also just 6289kb.

 

Windows 7.exe IS a BitCoinMiner

 

Hi @erikloman and Hi @markloman

Can you check the 1 File and whitelisted the 1 File please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Hi @erikloman and Hi @markloman

Can you check the 4 Files and whitelisted the 4 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Thank you. I just deleted it because it also came up as a bitcoinminer in malwarebytes.

 

Please evaluate as a false positive. Thanks

Edit:

 

Did you upload the file to VirusTotal.com? HitmanPro indicates that the file has been altered since it was signed.

 

No, Jotti. Also scanned w/Emsisoft and that .dll was listed during the scanning process and was clear. If the driver or any component was corrupted in any way, there would have been an indication, even a bluescreen maybe. This is a brand new installation of Windows with the Nvidia drivers for the 1080 gtx just loaded.

I have HitmanPro enabled in the context menu. Scanning the SysWOW64 and System32 folders produced no detections. So, I thought with all that, perhaps it's a false detection, right? But maybe SurfRight will see things differently.

 

Hi,

It's flagged because the file is code-signed but the signature is found to be invalid.
Authenticode . . . : Invalid

Can you do a right click on that file and then go to the properties, digital signatures, click on the shaX then details and see if it shows "The digital signature is OK"

 

Since then, I've installed later driver so this detection is no longer relevant and HitmanPro hasn't indicated anything since. OK, so this was a valid detection, thank you.

 

Hi @erikloman and Hi @markloman and Hi @RonnyT

Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

Chrome is going to be unilaterally blocking code injection into browsers in 2018: https://www.engadget.com/2017/12/01/chrome-windows-block-third-party-apps-crashes/

Will this affect Sophos / HMP's browser protection feature with Chome?

 

I already posted about that here.

https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-579#post-2722191

 

Thanks for pointing me in the right direction!

 

@erikloman or @markloman or @RonnyT
HMP x64 version no longer shows Report file as safe in the context menu whereas the x86 version does. Why is that?

Spoiler

 

Also, as requested previously, please whitelist the files shown in my post above. They are simple vbs files that I coverted to .exe files. The files are LenovoUserGuide.exe and Hide.exe. Let me know if you need the .vbs files.

Spoiler

Code:

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : 20FU-CTO1
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . :
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-12-02 15:08:49
   Scan mode . . . . . . : Context
   Scan duration . . . . : 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1

   Objects scanned . . . : 1
   Files scanned . . . . : 1
   Remnants scanned  . . : 0 files / 0 keys

Malware _____________________________________________________________________

   D:\ThinApps\Hide.exe
      Size . . . . . . . : 69,120 bytes
      Age  . . . . . . . : 229.1 days (2017-04-17 13:14:47)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : FF6954D5E93981B299DA6DD5DFD3CA7AA34FFB14AA594EBAB5413C008D6CE3AF
    > Bitdefender  . . . : Trojan.Generic.21144887
    > Kaspersky  . . . . : UDS:DangerousObject.Multi.Generic
    > HitmanPro  . . . . : Mal/Generic-S

Code:

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : 20FU-CTO1
   Windows . . . . . . . : 6.1.1.7601.X86/4
   User name . . . . . . :
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-12-02 14:40:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 54s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 939,015
   Files scanned . . . . : 7,846
   Remnants scanned  . . : 111,588 files / 819,581 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : 864C2258
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\system32\drivers\iaStorA.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 91856AB0 \??\C:\Windows\system32\drivers\hmpalert.sys+121520
   Solution
      DriverObject . . . : 864C2258
      DriverName . . . . : \Driver\iaStorA
      DriverPath . . . . : \SystemRoot\system32\drivers\iaStorA.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 8BE0E784 \SystemRoot\system32\drivers\storport.sys+34692

Malware _____________________________________________________________________

   C:\ProgramData\Lenovo\userguides\viewer\LenovoUserGuide.exe
      Size . . . . . . . : 69,120 bytes
      Age  . . . . . . . : 59.1 days (2017-10-04 13:13:45)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 0675CE8B1308358E92E936F538DB25EE362F1202D96322C188A97DA13BF73142
    > Bitdefender  . . . : Trojan.Generic.22507451
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 98.0
      References
         C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools\Access Help L460\Lenovo User Guide.lnk

 

For some reasons "Report that this file is not safe" isn't shown for files with 3 detections.
But with less than 3 detections it is shown.

HitmanPro x64 - 2 Detections = "Report that this file is safe"

HitmanPro x64 - 3 Detections = "Report that this file is safe" = missing

 

not - not safe, but safe I never noticed that about 2 vs. 3 detection's since I rarely ever see anything flagged. Only those 2 files and it is starting to get annoying.

 

Hi @erikloman and Hi @markloman

Can you check the 3 Files and whitelisted the 3 Files please. I use the FP function into the Programm to submit the Files to you

With best Regards
Mops21

 

HitmanPro has saved me a couple of times, although I have a hardcore security setup: Bitdefender Total Security+Zemana Anti Malware+Voodoo-Shield Pro+HitmanPro & HitmanPro Alert

 

HitmanPro build 290 BETA

Changelog

• IMPROVED: Kovter (fileless malware) detection
• IMPROVED: Cookie detection in Microsoft Edge and IE (for Windows 10 Fall Creators Update)
• UPDATED: User interface, matching Sophos colors
• UPDATED: HitmanPro icon, matching Sophos colors
• FIXED: Vulnerability in zlib
• FIXED: Vulnerability in libpng
• INFO: Several minor fixes and improvements

Download
32-bit http://dl.surfright.nl/HitmanProBeta.exe
64-bit http://dl.surfright.nl/HitmanProBeta_x64.exe

 

@RonnyT Thanks

 

@RonnyT
On Juli 2016 I've sent Erik Danish translations for HitmanPro/.Alert, and recieced a license for my work.
.Alert have been in Danish for a long time, but HitmanPro, despite several updates, never included the Danish translation.
Any chance it vil happen this time?

 

No problems with Hitman Pro build 290 beta.

Win10 1709 build 16299.125 x64/Norton Security v22.11.2.7