Hitman Pro FP

Discussion in 'other anti-malware software' started by subhrobhandari, Mar 25, 2010.

Thread Status:
Not open for further replies.
  1. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Well, just ran a scan and it found atapi.sys as a rootkit. Must be an FP, the md5 of the file is "cdfe4411a69c224bd1d11b2da92dac51". Anyone knows where to contact them for fixing the FP?
     
    Last edited: Mar 25, 2010
  2. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    there is a rootkit that does patch that file. i would run a scan with dr webcure it that seems to fix the issue well.
     
  3. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    I agree, I did already scan with virustotal and Cureit, both came with OK. Also even Prevx and MBAM didnt come up with anything. And searching that MD5 in google revealed a lot old results, so I think the file is legit.
     
  4. AbsoluteZero

    AbsoluteZero Registered Member

    Joined:
    Sep 11, 2009
    Posts:
    31
    I actually cleaned this same file with hitman pro off of someones computer not long ago after they complained that there computer was experiencing random shutdowns. It struck me that their machine might have had a rootkit after I attempted to visit several security websites only to be redirected to fraudulent websites. So if I were you I would try going to google and searching for several security vendors like AVG, Avira, Norton etc. Just to see if the computer is possibly infected or not. I would use sandboxie while doing it though just in case.
     
    Last edited: Mar 25, 2010
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    Try running Kasperky's TDSS Killer and see if that detects anything. Tdl3 infects your HD port driver, in most cases this will be atapi.sys. The rootkit essentially lies to windows and shows a copy of the original atapi.sys, that way any check summing, uploading to VT etc will come up clean.
     
    Last edited: Mar 25, 2010
  6. tipo

    tipo Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    408
    Location:
    romania
    apati.sys or atapi.syso_O`cause atapi.sys i heard about but apati.sys i didn`t...so in that case hitman pro is telling the truth and not just a FP
    :thumb: cheers
     
  7. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    My bad for that typo, atapi.sys is the name.


    I already did, that said its completely clean. I did scan complete hard drive with these: ESS, Prevx, A2M, MBAM, CureIt, Bluepoint, Hitman Pro and SAS. Only Hitman flags the file. All others provided the system completely clean. Interestingly, Hitman only detects it when a normal scan is done. But it doesnt detect the same file if I do a context menu scan. Then it says that file is clean.


    I already use Prevx Safeonline, Zemana and Sandbox. Also I never got any sign of possible infection. In fact the last time I got infected was two years ago.
     
    Last edited: Mar 25, 2010
  8. AbsoluteZero

    AbsoluteZero Registered Member

    Joined:
    Sep 11, 2009
    Posts:
    31
  9. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Thanks, I reported the file.
     
Loading...
Thread Status:
Not open for further replies.