Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    Good for you. Personally, I prefer the level road.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~
    An Arab loaded up his camel and then asked whether he preferred to take the uphill path or the downhill path. With a burst of inspiration, the camel replied, "So the level road is blocked, is it?"
     
  2. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    Good one! I think the comprehensive filter lists in the browser extension uBlock Origin can help prevent accidentally connecting to many known malware sites, and that is also why I choose to run HitmanPro.Alert to detect and block exploit code.
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    It's all quite simple and painless if you have added a right-click Explorer context menu option to your Windows File Explorer. Just open your designated "Downloads" folder, right-click on the file you wish to check, and select "Open in VirusTotal Web Site".

    This context menu is available when you have installed the freeware utility "HashMyFiles" by Nirsoft. http://www.nirsoft.net/utils/hash_my_files.html

    You can enable the Explorer context menus under "Options" in "HashMyFiles".

    The file hash gets transmitted automagically, and the web site opens up in your default browser with the most recent scan result for that file hash if it has already been scanned. So there is usually no need to actually upload any files, unless they are either very new, or relatively rare or unknown. Crowdsourcing at its finest! :thumb:
     
  4. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @ Tinstaafl -- Good stuff! You have provided valuable information & links.

    I have had VT on my rt-click menu, under "Send To," for several years. I also have "Scan with HitmanPro" on my rt-click menu. Shame on me --I rarely use either of them.

    The question arises: Just how much security is "prudent" as contrasted with "obsessive"? IMO, the answer to that question is very dependent on the user's habits. If a user surfs the dark web, or downloads cracks, or acts as an arrogant troll in black hat forums, or is a porn addict, or allows his email client to automatically open every message, or if the user's computer is loaded with highly sensitive, unencrypted information, or if his job or financial security would be threatened by a serious breach, or if the user has teen-agers or visitors who may be doing those risky actions unbeknownst -- then, yes, he MUST do either one of three things: (1) pile on security apps & devote a lot of time to doing scan after scan after scan, or (2) run his computer(s) under Kiosk controls, or (best of all) (2) CHANGE his behavior.

    Unless a user obstinately persists in risky, ill-advised behavior, or is a paranoid, or is a "security hobbiest", then *post-detect & restore* is quite sufficient security.
     
    Last edited: Mar 16, 2019
  5. guest

    guest Guest

    I will tell you, there is no valid reason to stockpile half a dozen of security apps and tons of browser extensions.
    Mostly noobs will do such thing, thinking more is better.

    Real paranoids won't need to stockpile because their paranoia won't allow them to do risky things in the first place.

    About kids/visitors, you don't even need security apps, you have the Guest accounts.

    About people manipulating sensitive datas, their organization will setup dedicated machines only for this usage.

    About risky habit users (darknet, crack users, etc...) , those knowing what they are doing will have dedicated machines or VMs. I do.

    Experienced security hobbyists will not abusingly stockpile either, they should know enough to keep their system safe from infection by properly using what the OS offers. They don't even need any software at all (I know I don't need any), just properly tweaking the OS is all they need.

    I am a security hobbyists and also a software tester, and because of that i have to run sometimes 2-3 realtime apps simultaneously on my various systems, but each can be removed from my setup in a second without reducing much my security level.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    10Q guest!!! As always, I learn from your posts. This 1 = a model for Chapter I of a Security SOP (Federal-lingo: "Standard Operating Procedure.")

    Even so, I still love HMP and my Atari 800 and my Commodore 64 and Fortran and Pascal. As for my TRS-80 (a.k.a Trash-80)... uh, not so much love for that one. :rolleyes:
     
    Last edited: Mar 16, 2019
  7. guest

    guest Guest

    Needing and liking is different story. I like a lot my installed security apps, but do i need them? not at all :)
     
  8. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    At the last company I worked for, the IT department had a policy never to attempt to clean a "compromised" machine. Nuke the hard drive and re-image from a clean corporate image was the only procedure sanctioned by corporate data security in this instance. That is truly the only sure way to clean a malware infected computer.

    So prevention is the name of the game. That is what most of the security apps offer that is of any value. Cleaning malware is most often just snake oil sold by marketing experts. You would never really know if you got it all...

    Frequent disk imaging is probably the best safeguard for the home or small office user. Then doing a full restore at the first sign of malware infection is the most complete and effective method of recovery from malware.
     
  9. guest

    guest Guest

    +1

    +1
     
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
  11. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
    +1
     
  12. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    I only ever do a clean install of Windows as an absolute last resort. While I backup my systems these days, years ago I never did, even though I should have known better. As a result of having no clean image to restore from and not wanting to start from scratch, I would opt to do my best to remove the malware, rather than doing a clean install. I would only ever do a clean install of Windows, if it was unbootable and so badly corrupted that ir was not possible to get it booting again.

    These days, I never get infected. But if I did, I would attempt to remove the malware, before anything else. I take the same approach if I have issues with Windows. I do my absolute best to diagnose and fix the issues (even if takes many hours), before restoring from a backup.

    Of course there is the argument, that you can't be sure the computer is completely malware free. If multiple malware scanners report that the system is clean and I see no evidence of anything running that shouldn't be, then I will be very confident that the malware is gone.
     
  13. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:
     
  14. Hijin25

    Hijin25 Registered Member

    Joined:
    Jun 15, 2017
    Posts:
    17
    Location:
    México
    Greetings.

    I want to report that since April 3rd, when I run the hitmanpro scan, this error appears in the windows event viewer:

    Registration name: Application
    Source: Microsoft-Windows-CAPI2
    Date: 04/03/2019 09:33:09 p.m.
    Event ID: 4107
    Task category: None
    Level: Error
    Keywords: Classic
    User: Not available
    Equipment: PC
    Description:
    Error in extracting the third-party root list from the automatically updated .CAB file: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with the error: The certificate It is not valid for the requested use.

    I already do a lot of tests, and the error is only manifested when I run the scan.

    I also followed the steps of this microsoft solution

    https://support.microsoft.com/en-us...-11-is-logged-in-the-application-log-in-windo

    But the error reappears when I run hitmanpro.

    My system is windows 7 64 bits.

    Thanks beforehand for your attention.

    I forgot to mention that the error is repeated 50 times each time it happens.
     
    Last edited by a moderator: Apr 5, 2019
  15. BillR

    BillR Registered Member

    Joined:
    Nov 3, 2015
    Posts:
    11
    Location:
    USA
    False positives(?) just started appearing in HMP 3.8.11 Build 300 64-bit despite files apparently being around for 4 months. HMP (now via HMP.Alert) and OPSWAT (various) have been used for years; I've requested HMP scans many times this year.

    Properties
    Name StateRepository-Machine.srd-shm
    Location C:\ProgramData\Microsoft\Windows\AppRepository
    Size 32.0 KB
    Time 125.0 days ago (2018-12-15 00:41:01)
    Entropy 6.6
    Product OESIS V4 Minifilter Driver
    Publisher OPSWAT, Inc.
    Description OESIS V4 Filter Driver (x64)
    Version 10.3.26.2
    Copyright © OPSWAT, Inc. All rights reserved.
    LanguageID 1033
    SHA-256 C133F2EE6BBD260FF93A35E67884721E8CC35A4AB7DB67378B275063B8F76C52
    Scoring (50.0)
    The file is hidden from Windows API. This is typical for malware.
    The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
    The file name extension of this program is not common.
    Program is running but currently exposes no human-computer interface (GUI).
    The file is in use by one or more active processes.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.​

    Also two current files (signed) also associated with OPSWAT OESIS that score much lower:

    Name libwasys.sys
    Location C:\WINDOWS\system32\DRIVERS
    SHA-256 01B49D355DA7B7A7CAEF95CB26243C55E1CF57C99E39385D9F23FB36EBDFEEEA

    Name libwamf.sys
    Location C:\WINDOWS\system32\DRIVERS
    SHA-256 D99BFD4D9771A4AA47235998432E5B98A269C6051C9450CBA33FE324554970AC
     
  16. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    OESIS appears to be a program that does some "security-type" actions for useful (non-malicious reason). As such, it isn't surprising that HMP's behavior analysis gave you an alert.

    The alert doesn't look like a false positive to me. IMO, it's neither a false positive nor a true positive. As shown in your post, HMP's alert is merely offering several behavioral reasons why the driver *might* be a nasty.

    Evidently you opted for Early Warning Scoring (EWS) on the advanced menu... an option for experts. Based on the behavioral reasons & EWS of 50, it is up to you to analyze it (e.g., upload it to Virus Total &/or research it on the web &/or query OPSWAT about the issue, etc). OR.... if you are very sure this app is *safe*, then simply set HMP to ignore this driver.
     
    Last edited: Apr 20, 2019
  17. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    I'm migrating to a new computer shortly. What's the procedure to move my Hitman Pro license (I have 1 User 3 PCs)? Totally uninstall and then reinstall on the new computer? Or do I have to contact Support?
     
  18. guest

    guest Guest

    Even if you are not using it on one PC anymore, the product key is still bound to it (the key is tied to the hardware)
    Best is to contact the support.
     
  19. CeeBee

    CeeBee Registered Member

    Joined:
    Nov 20, 2015
    Posts:
    60
    Okay, thanks. :thumb:
     
  20. TerryM

    TerryM Registered Member

    Joined:
    Apr 29, 2009
    Posts:
    9
    I just tried HitmanPro. Alert and it has put my pc out of business.It is my fault in that I quarantined a suspicious file and it has disabled my computer.I cannot find how to undo this. Some of my programs do not work. My acronis backup will not run. I cannot run outlook.What a mess. Support does not seem very good. Hard to get help. I read somewhere to go to history but I cannot find this. Any ideas?
     
  21. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Welcome to Wilders! I'm sorry to hear about your problems with HitmanPro.Alert.

    This is the HitmanPro thread, not the HitmanPro.Alert thread. The HitmanPro.Alert support & discussion thread is at HERE. You should be able to get help there. Also, the proponent's support site is at HERE -- in the list of FAQ, the last one ("Still need help?") will give you support's email address -- support@hitmanpro.com

    Live long & prosper. :)
     
    Last edited: Apr 25, 2019
  22. BillR

    BillR Registered Member

    Joined:
    Nov 3, 2015
    Posts:
    11
    Location:
    USA
    All good points. Thanks for your usual insightful analysis, bellgamin. I was mostly surprised that HMP (updated but with same settings) suddenly detected a file that appears to have been around for months (the other two were recently updated). OESIS is part of an OPSWAT security product that I use to monitor that system's security status and to meta-scan files (i.e., automatically test using a mini VirusTotal equivalent).

    [OT: I'm a fan. OPSWAT even allows free personal use of their endpoint security tool with very reasonable limitations using their public online Metadefender Cloud (roughly 1/2 of VT). Uploads hashes; optionally uploads new files. Great for a family with one semi-pro to oversee it, but it does assume commercial skills.]
     
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,840
    Location:
    the Netherlands
    Hi Terry,
    Please see my reply to your post in the HitmanPro.Alert thread.
     
  24. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Hitman Pro download link is triggering a FireFox security alert:

    "Warning: Potential Security Risk Ahead

    Firefox detected an issue and did not continue to files.surfright.nl. The website is either misconfigured or your computer clock is set to the wrong time.
    It’s likely the website’s certificate is expired, which prevents Firefox from connecting securely. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details..."
     
  25. Buddel

    Buddel Registered Member

    Joined:
    Apr 28, 2015
    Posts:
    1,920
    It also triggers an alert from Kaspersky due to certificate issues. Hm...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.