Hitman Pro Support and Discussion Thread

Re: Anyone tried out Hitman Pro?

Trend Micro is not a very good product for detection. I have tried it myself and its lousy. All thats good from it is URL blocking. I actually think Sophos would be a great add on for its ability to detect rogues. It seems that every new fake av uploaded to virustotal I almost always see sophos as 1 of the few detecing the rogue. Though my favorite would be Kaspersky.

 

Re: Anyone tried out Hitman Pro?

Any Update Erik on the new version and the new Goodies?

TIA,

TH

 

Re: Anyone tried out Hitman Pro?

I came across this trojan when quarantined I started getting popups for every executable file loading up after restart. Saying netedmyt.dll was missing. I had to copy a fresh imm32.dll file over to this infected machine in the windows\system32 folder to get rid of the popups. Would be nice if hitman could automatically copy a clean imm32.dll file into the machine when infected with this trojan.


a variant of Win32/Kheagol.C trojan" />
</Scanners>
<File path="C:\WINDOWS\system32\netedmyt.dll" hash="8E4C71B8FA0808BBFA44C59ED350BF6E0822F79807FAB1F14254ABF9AE3F5D11" q="b7d5acee-7390-473f-84fd-d38cc8c12c81"

 

Re: Anyone tried out Hitman Pro?

A new build will be out next week. With a new network stack supporting additional proxies, reduced memory usage and speed improvements when scanning computers with an active on-access AV enabled.

Also, we see that a lot of users running Hitman Pro and then MBAM to remove data and registry remnants. This is because MBAM is strong on removing registry keys and data files from systems were the malware is no longer present.

MBAM does so as it is removing them purely based on the name and path of a key or file.

In order to illustrate, just copy:

C:\Windows\system32\notepad.exe to C:\Windows\system32\sdra64.exe

... and perform a scan with MBAM. Notice it lists Spyware.Zbot on sdra64.exe (which is notepad.exe as we just made a copy of it).

While this seems like a very strange approach but it works pretty well for MBAM: they get every Zbot (Zeus) variant without looking at the contents of the file.

MBAM does this also on data files and registry keys.

We are working on Hitman Pro 3.6 which has similar function. This should result in a more complete removal of malware remnants.

What are your opinions on this?

 

Re: Anyone tried out Hitman Pro?

What exactly is the relation of netedmyt.dll with imm32.dll? If we can establish a relation we can decide at which point to to copy an original imm32.dll.

 

Re: Anyone tried out Hitman Pro?

Could anyone tell me, please, if you have to have a paypal a/c to purchase
HMP?
Thanks.

 

Re: Anyone tried out Hitman Pro?

Sounds most impressive and keep up the great work! Any news you can give as to the new Vender (Partner) you are going to add to the cloud scanning?

TIA,

TH

 

Re: Anyone tried out Hitman Pro?

Here is some info!

TH

 

Re: Anyone tried out Hitman Pro?

Thanks TH,
It's just that when I tried to buy(using popular debit card) it took me to
paying via paypal, and was wondering if you have to use paypal, since I
don't really want a/c with them. Thanks for your reply.

 

Re: Anyone tried out Hitman Pro?

I don't think you can use Debit Cards you will need PayPal or Credit Card unless I'm missing something here!

TH

 

Re: Anyone tried out Hitman Pro?

Yeah Visa debit card (immediate payment) always usually works for me elsewhere. Maybe they don't accept it, thanks.

 

Re: Anyone tried out Hitman Pro?

The netedmyt.dll is a random name trojan that infects the imm32.dll file. Once the trojan was removed anytime an executeable is launched it looks for the random name dll trojan because of the modified imm32.dll file so you get popups galore.

Here is a link with someone with the same problem that was resolved by copying a clean imm32.dll to the system32 folder.

https://www.wilderssecurity.com/showthread.php?t=268349

 

Re: Anyone tried out Hitman Pro?

OK I don't have one of those as I use PayPal myself!

TH

 

Re: Anyone tried out Hitman Pro?

Thanks TH,
I think I'm just too paranoid (about paypal etc) probably shouldn't be?!! LOL!

 

Re: Anyone tried out Hitman Pro?

Erik,
I think static, name/paath-based cleanup would be nice to have only after the actual advanced heuristics and signature-based engines did their jobs. It should be done for residual leftover cleanups only.
My 0.02 Euros.

 

Re: Anyone tried out Hitman Pro?

Good point dlimanov. There could be an additional scan feature under the 'next' button, so you have early warning scoring, and another such as 'data and registry scan' (or whatever it might be called).

Obviously someone can change legitimate applications to other names, and it is then detected as malware, but the majority of users I assume wouldn't be changing/modifying application names. So would definitely be a good feature to have on an infected system.

 

Re: Anyone tried out Hitman Pro?

You don't meed a PayPal account to pay with creditcard. The creditcard payment process just gets handled by PayPal.

Just enter your information on the left side of the page:


We will add creditcard via our own payment provider a.s.a.p. as I now know some people don't want to pay through PayPal .

 

Re: Anyone tried out Hitman Pro?

While MBAM uses this scheme also for PE-files, we plan to use it only for data files and registry keys (remnants).

PE-files (and their related startup keys) are already identified by the multi-vendor cloud or by the behavioral scan of Hitman Pro.

 

Re: Anyone tried out Hitman Pro?

Thank you . This is valuable information. I will see if we can included this in one of the next builds.

 

Re: Anyone tried out Hitman Pro?

erik, I've noticed on some forums, people have complained paypal not as quick as they used to be with refunds etc. So not sure if it's a lack of trust, more so, a decline in paypal service.

For example, amazon's service is excellent. Not sure if amazon offer electronic downloads, but trust with amazon (well, from what I can tell) is A+.

Anyone know if amazon can offer electronic software downloads/licences?

 

Re: Anyone tried out Hitman Pro?

LOL I thought I would give this a try after a year. Runs very fast.

But, when SSM throws up the following warnings,...when in doubt deny!

 

Re: Anyone tried out Hitman Pro?

A tab on the scan results page lists the remnant scan results. The remnant scan can either be chosen explicitly on the initial Next button or the scan gets triggered when malware is found. Also a setting can be set under settings to scan always for remnants.

And as said, the remnant scan doesn't work on PE-files. Only on data files and registry keys.

The thing to scan for remnants is that some testers run Hitman Pro and then use MBAM to see whether there is malware left. Most testers don't look at the results and conclude that Hitman Pro didn't delete all malware. Registry keys and data files are not malware themselfs. They are just used by malware. They pose NO RISK to the computer.

Hitman Pro 3.5 has large portions of code that heuristically tries to relate folders, data files and keys belonging to malware files (specifically for rogue AVs and alike) but that isn't obviously as good as MBAMs definition based cleanup

Hitman Pro 3.6 will be about cleaning up remnants (data files, registry keys, cookies, etc.). MBAM has a long track record. So it will take a while before our defintions will be on par. But it is a start

 

Re: Anyone tried out Hitman Pro?

Thanks for the reply Erik.

 

Re: Anyone tried out Hitman Pro?

whats this new engine that is coming to HMP?

 

Re: Anyone tried out Hitman Pro?

Cannot comment on that subject, yet