Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,995
    I think it would be very popular as well. Here are some informal poll results; but they seem to indicate that many people do not use mobile security on their phone. I suspect many of those would use a program like HMP for Android instead of a full blown av. So HMP may be something that could appeal to many people.

    https://www.wilderssecurity.com/showthread.php?t=338377&highlight=phone security
    https://www.wilderssecurity.com/showthread.php?t=306366&highlight=phone security
    https://www.wilderssecurity.com/showthread.php?t=326125&highlight=phone security
    https://www.wilderssecurity.com/showthread.php?t=338624&highlight=phone security
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.3 Build 192 BETA

    Changelog
    • ADDED: Removal of child pornography images dropped by Urausy ransomware.
    • ADDED: Detection of zero-day Urausy ransomware through forensic file clustering.
    • ADDED: Kickstart hardening to protect HitmanPro processes from Winwebsec malware family.
      Use Kickstart against Disk Antivirus Professional, AVASoft Antivirus Professional or other rogue antiviruses.
    • IMPROVED: Forensic file clustering speed.
    • IMPROVED: Reduced memory usage during forensic file clustering.
    • IMPROVED: Processing of registry key values.
    • FIXED: On some BIOSes, when booting with Kickstart, Windows loader would hang with either frozen screen or blinking cursor.
    • UPDATED: Kickstart Bootstrap loader 2.1.
    • UPDATED: Embedded white lists.
    Download
    http://www.surfright.nl/downloads/beta
     
  3. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Nice changes in beta. :D:thumb:
     
  4. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    407
    Where's Dr. Web?
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Working fine on Win7x64 :)
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    Dr. Web is gone and I noticed 192 is released :)
     
  7. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Is it going to be replaced?
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,750
    Location:
    EU
    In my case 190 updated to 192. I didn't use a beta this time.
     
  9. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    I was talking about Dr. Web :)
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.3 Build 192 Released!

    Removing child pornography
    New in 3.7.3 is the deletion of child pornography images, dropped by the latest Urausy ransomware. HitmanPro harnesses its forensic file clustering feature to relate images to the ransomware so that they get deleted along with the ransomware. An example:

    Urausy-child-pornography-Kickstart-smaller.png

    Kickstart improvements
    Also new in 3.7.3 is an improved Kickstart Bootstrap loader that now supports more BIOSes (see changelog below).

    In addition, Kickstart now protects HitmanPro processes (on Vista and Win7) so that rogue antivirus software cannot kill HitmanPro processes.
    Examples or rogue antiviruses are Disk Antivirus Professional and AVASoft Antivirus Professional, both members of the Winwebsec malware family. These can now be easily removed using HitmanPro.Kickstart.

    Finally we've reduced the memory usage and improved speed of the forensic file cluster feature. Some of you might have noticed a significantly longer scan with previous builds. This should be fixed with this version.

    Happy Easter!

    Changelog
    • ADDED: Removal of child pornography images dropped by Urausy ransomware.
    • ADDED: Detection of zero-day Urausy ransomware through forensic file clustering.
    • ADDED: Kickstart hardening to protect HitmanPro processes from Winwebsec malware family.
      Use Kickstart against Disk Antivirus Professional, AVASoft Antivirus Professional or other rogue antiviruses.
    • IMPROVED: Forensic file clustering speed.
    • IMPROVED: Reduced memory usage during forensic file clustering.
    • IMPROVED: Processing of registry key values.
    • FIXED: On some BIOSes, when booting with Kickstart, Windows loader would hang with either frozen screen or blinking cursor.
    • UPDATED: Kickstart Bootstrap loader 2.1.
    • UPDATED: Embedded white lists.
    Download
    http://www.surfright.nl/downloads
     
    Last edited: Mar 28, 2013
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Dr.Web is no longer in our Scan Cloud. We are in the process of adding a new engine. I cannot elaborate on which engine. Sorry.
     
  12. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    Hitman Pro seems to be getting better and better :thumb:

    (i remember the first time i used Hitman Pro some years ago, and it installed several free anti spywares in my computer. Awesome evolution since then :))
     
  13. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,131
    Location:
    USA
    I was just automatically upgraded from 2.7.2.190 to 2.7.3.192.

    Is it now necessary to create a new Kickstart usb drive or boot CD?
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It is highly recommended to create a new USB drive / boot CD. Both have been updated.
     
  16. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,288
    That´s totally disgusting! Great move by Hitman Pro. I believe that there isn't any AV that does that. Is this kind of detailed work that distinguishes and makes Hitman Pro a really special and useful tool :thumb:
     
  17. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
  18. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik

    Here is another one for you please whitelist it

    Properties
    Name StarMoneyOnlineUpdate.exe
    Location C:\Program Files\StarMoney 9.0 S-Edition\ouservice
    Size 648 KB
    Time 0.0 days ago (2013-03-28 18:54:46)
    Authenticode Valid
    Entropy 5.3
    Product StarMoney
    Publisher Star Finanz-Software Entwicklung und Vertriebs GmbH
    Description Online-Banking Software StarMoney
    Version d40_bb
    Copyright Copyright © 1996 - 2013 Star Finanz GmbH
    RSA Key Size 2048
    Service StarMoney 9.0 OnlineUpdate
    Parent Name C:\Windows\system32\services.exe
    SHA-256 3F805FF28CD748D9B6170E2FCA1BB121F39917B0B7CC17AF09357F33A9859CDD

    Scoring (7.0)
    This program is actively listening for inbound network connections.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is in use by one or more active processes.
    Starts automatically as a service during system bootup.
    Program is code signed with a valid Authenticode certificate.

    Memory
    PID 7316

    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\StarMoney 9.0 OnlineUpdate\

    Network Ports
    127.0.0.1:58816


    SHA256: 3f805ff28cd748d9b6170e2fca1bb121f39917b0b7cc17af09357f33a9859cdd
    SHA1: 369af7bdf822c5702a1363b8cedcd6e5485736c6
    MD5: e71f906e7994a9403d7c5a8ce5c5f583
    Dateigröße: 647.6 KB ( 663184 bytes )
    Dateiname: StarMoneyOnlineUpdate.exe
    Datei-Typ: Win32 EXE
    Erkennungsrate: 0 / 45
    Analyse-Datum: 2013-03-28 18:39:54 UTC ( vor 3 Minuten )
     

    Attached Files:

  19. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
    Hi Erik

    And here is the Scan Log for you

    Code:
    HitmanPro 3.7.3.192
    www.hitmanpro.com
    
       Computer name . . . . : ALEXANDERROB-PC
       Windows . . . . . . . : 6.0.2.6002.X86/2
       User name . . . . . . : AlexanderRob-PC\Alexander Robrecht
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2013-03-28 19:28:04
       Scan mode . . . . . . : EWS
       Scan duration . . . . : 7m 37s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 4
    
       Objects scanned . . . : 3.858.953
       Files scanned . . . . : 60.303
       Remnants scanned  . . : 2.257.851 files / 1.540.799 keys
    
    Early Warning Scoring _______________________________________________________
    
       C:\Program Files\StarMoney 9.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
          Size . . . . . . . : 663.184 bytes
          Age  . . . . . . . : 0.0 days (2013-03-28 18:54:46)
          Entropy  . . . . . : 5.3
          SHA-256  . . . . . : 3F805FF28CD748D9B6170E2FCA1BB121F39917B0B7CC17AF09357F33A9859CDD
          Product  . . . . . : StarMoney
          Publisher  . . . . : Star Finanz-Software Entwicklung und Vertriebs GmbH
          Description  . . . : Online-Banking Software StarMoney
          Version  . . . . . : d40_bb
          Copyright  . . . . : Copyright © 1996 - 2013 Star Finanz GmbH
          RSA Key Size . . . : 2048
          Service  . . . . . : StarMoney 9.0 OnlineUpdate
          Parent Name  . . . : C:\Windows\system32\services.exe
          Authenticode . . . : Valid
          Running processes  : 7316
          Fuzzy  . . . . . . : 7.0
             This program is actively listening for inbound network connections.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program starts automatically without user intervention.
             Time indicates that the file appeared recently on this computer.
             The file is in use by one or more active processes.
             Starts automatically as a service during system bootup.
             Program is code signed with a valid Authenticode certificate.
          Startup
             HKLM\SYSTEM\CurrentControlSet\Services\StarMoney 9.0 OnlineUpdate\
          Network Ports
             127.0.0.1:58816	
    
    
    
    
     
  20. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman
    Thanks for the update 192, will try to see if the new Kickstart USB Drive connect this [now] time. #5153.

    I Know Kickstart work because of a friend of a friend was have the RWScreen on his PC, and I cleansed it with a Kickstart USB drive [two reboots], and convince him to buy a 3 year sub while I was there to show his appreciation to SurfRight.

    With regards
    Take Care
    TheQuest :cool:
     
  21. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman

    Still no luck, just sat Initializing try to Initialise. o_O

    With regards
    Take Care
    TheQuest :cool:
     
  22. ght1

    ght1 Guest

    So the main engine is Bitdefender now (in G Data, in Emsisoft, in Ikarus?). Kaspersky or Norton would be great. :thumb:
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    It doesn't work like that, you can't just add whichever program's signatures without an agreement and licensing fees to said company. If the terms aren't favorable they won't be added to HMP, even more so if they greatly overlap with existing detection signatures provided by other companies which are already in HMP.
     
  24. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    http://www.surfright.nl/en/hitmanpro/whatsnew
     
  25. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Got it. TY! :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.