Hitman Pro Support and Discussion Thread

Hitman Pro combines a propriety local behavioral scanner and a signature based cloud scanner using multiple vendors. Scanning the registry in the cloud with MBAM is impractical.

Hitman Pro provides better malware detection and removal (especially rootkits) than MBAM (see MRG results here). But MBAM has better remnant cleanup.

Hitman Pro 3.6 will have a better remnant clearer that should be at least on par with MBAMs remnant cleaner. See other posts in this thread about this feature.

No release date has been set yet on 3.6.

 

Ok yes i agree that would be impractical...i was talking of only key registry areas which usually get infected not the whole registry

waiting for 3.6 den
will read this read thread for the time being

erikloman thnx for developing such a wonderful software

 

The Hakin9 magazine has an interesting article about the C&C servers of the TDL3 rootkit (latest TDSS rootkit variant) and tells "How to pwn a botnet, starting from the malware binary".

The magazine also has an article about "Proactive Defenses and Free Tools". Too bad Hitman Pro isn't listed. Hitman Pro is still the only malware cleanup application that is able to remediate TDL3 rootkit infection. Sure, there exist some dedicated tools, but Hitman Pro is the only all in one solution also able to cleanup the secondary malware that TDL3 drops on the infected computer (like ex. rogues).

Anyway, pick up a copy. Very nice magazine

 

I never get tired saying: Hitman Pro in the building

 

I am actually proud to be a customer of Hitman Pro.

 

Just did a scan & once again some of the same OK apps are giving FP's Along with some others ?

Here's the dirty details

View attachment HMP - FP's.txt

 

Thanks. I will have a look.

 

I agree, Hitman Pro detects 110 % - so take care

 

it simply rocks

 

The FPs in your list are now fixed. We have millions of users and only 1 - 5 users have these files. So impact is VERY limited. Thanks again.

 

HAHAHA
I guess most Wilders members can identify between fp's and legit files

 

@ erikloman

I guess you were talking about my FPs being fixed ? If so Let's hope this time they stay fixed

 

From CloneRanger's FP list, I found this one a bit hard to determine whether it was an actual FP:

SHA-256: 0045CE8C56F3C2CB129D5FABC547D44F32DB5E6EC92D3FC93C1E978450490689

(TIP: search this hash @ VirusTotal)

I can't post VT due to board rules

 

@ erikloman

Why are you asking Noob ?

RE - 0045CE8C56F3C2CB129D5FABC547D44F32DB5E6EC92D3FC93C1E978450490689

On Vt it says File name: 7f7795b5-159e-430a-8329-9dbd17be6f42

Which file is that in my log ? As i don't see it ?

 

Search your log for the hash. A file can have difference names.

 

Perhaps 'Endoscope.exe' (as on VT; Additional information;sigcheck)

It might go places where you don't want something poking around...

 

@ erikloman

Ah this one IceSword_en1.12_repack\IceSword.exe

IceSword.exe is a legit ARK Had it for several years ! It's included in here - http://www.kernelmode.info/forum/viewtopic.php?f=11&t=10&sid=2e8c1e994410ee107bd48306f78e561a - along with ALL the other Safe ARK's which you don't need to detect as bad etc

 

26 vendors flag this old file (that should say something like they had years to fix the FP) and only 5 out of literally millions Hitman Pro users have this file. Only you (I guess) have reported the file as safe through the Hitman Pro interface.

Oh, the list you mentioned is incomplete as it doesn't list Hitman Pro . According to here - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=19&start=0) - Hitman Pro (and Dr.Web CureIt) are the only all-in-one TDL3 rootkit removers since November 2009. TDL3 is the most prevalent rootkit of the last 12 months and the most advanced rootkit to date. Also notice the (+) behind our classification which indicates we can clean every variant to date. And we were the first to clean the TDL3-x64 rootkit.

 

Originally Posted by erikloman

I know what you mean, you're being cautious As you probably know, vendors still have tons of files, legit & otherwise that even after years they havn't got round to testing My guess is, it's either one of those, or a FP that they havn't been advised of !

Yeah i know it's not something that most people would have, but that doesn't automatically make it unsafe. Plus the folks on Kernelmode.com wouldn't host Icesword if it was dodgy.

At some point i sent it to Avira as they once FP'd it, and now they don't

Here it is on my comp working fine

 

Just seen your edit

Well as you've just posted on there you could have included it

Yeah TD's are very naughty

 

The thread containing the list is locked

 

I know, but if you post in here - http://www.kernelmode.info/forum/viewforum.php?f=11&sid=f8970e38349d598edf5b5f6bbbe3a6c2 - they might add it on

As it's not a dedicated ARK, they might not though, only one way to find out

Good luck

 

You are right in stating that we do not provide a 'processes, threads, drivers and hooks'-like interface in the traditional sense of an ARK. I can assure you that we have all the bells and whistles underneath. Hitman Pro is made for the regular average computer user. They would be clueless if we would provide an ARK like interface.

Besides I saw eSage's TDSS Remover listed so I thought that at least Hitman Pro should also be listed as being a first class rootkit (TDSS) killer that can be used by non-experts

 

@ erikloman

Well get posting then

 

I am kinda waiting for dr. web purchase link directly from surfright so I can get both for the same price.. Erik?