Hitman Pro Support and Discussion Thread

Re: Beta Build 128

Nope. They can run alongside.

 

http://en.wikipedia.org/wiki/Fingerprint_(computing)

 

I just ran a scan with Hitman Pro (Build 127) and it detected Webroot SecureAnywhere/Webroot Cloud AntiVirus as malware. This is obviously a false positive and related to the latest update of the Webroot Beta, because this was not the case before the update!

 

I ran HitmanPro35beta.exe and it scanned my system. But it began uploading one file, which is part of Avidemux 2.6 experimental, called, avidemux3_qt4.exe.

Why would Hitman upload avidemux3_qt4.exe?

 

You apparently aren't willing to do any research on your own.
The answer is available on the HMP website...

 

Hi!
Im using EWS scan to test my system, (Windows 7 x64, hitman pro 3.5.9 (64-bit).I get a yellow message saying:
"IRP_MJ_SCSI kernel-mode hook on nvstor.sys detected and bypassed"
The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files."

Is there a way to check if this hook and driver are benign and needed for correctly functioning of the system?

 

Uninstall Deamon Tools or more specifically the SPTD from DuplexSecure and reboot the computer. If the message is still there then you might have a rootkit on your system. But my guess is you have SPTD installed.

 

OK! It was SPTD, I deleted it and its message is not any more.

 

I find that hard to believe that I am the only single human on earth that has Avidemux running and using Hitman Pro. Surely this file "avidemux3_qt4.exe" had been on other poeple's system who use Hitman Pro. Surely I am not the only human on Earth.

 

You use a beta to scan an alpha. How on earth could you be the first...
I say; Vitamins.
(However, if you were a troll, I'd say; It's at least an original one. For once)

 

Looking forward to seeing an advanced install for this product. Then it's perfect.

 

For sure, but someone had to be the first one, no. You said "experimental", it's not about the program it belongs to, it's about that specific file. You were the first HMP user to scan that experimental .exe, that's all.

 

I got same message yesterday on a deep scan I ran b/c suddenly at 11 p.m. started getting just-in-time script popup, a message that firewall and updates were turned off, and immediately began experiencing redirects in Firefox (thought that bug was long gone - had that problem a year ago). Couldn't turn automatic updates on at all either in security panel or system panel, although I succeeded in restoring windows firewall.

This image shows 'ignore', but when I told HMP to 'replace' and rebooted, problems remained. Did system restore to previous day and rootkit still came up on HMP as did just in time popup and browser link redirects, although the restore resolved the security center problems.



Downloaded MBAM, but it wouldn't update. (Might have been b/c ESET was running realtime. Have since uninstalled MBAM and will turn off ESET and try again.)

Then downloaded TDSSkiller which found the rootkit and deleted. All was well after that. No popup and no redirects. Subsequent HMP scans are clean as are TDSS.

Running ESET NOD42 AV4 realtime. Did two full scans and it did not pick up this malware. Seems I'm vulnerable to this type of malware when I open IE. Usually use Firefox, but malware seems to appear within a couple of days of using IE7. Had different/worse antimalware problem a month ago which disabled HMP and required a safe boot before I could do a system restore. Thus installed ESET. Ha!! Still this crap gets through.

Next moves - download Rkill and MBAM.

Would Sandboxie or a different AV help prevent this malware getting through? I was up until after 2 a.m. cleaning up this mess.

 

Sandboxie or DefenseWall are excellent against rootkits.

 

indeed

 

Erik,

As I remember, you have said that a v3.6 beta version will be available at the end of July. But now is Aug, where is it?

 

Hello Ariadne22,
which version of nod32 are you using? example 4.2.71.2

did you inform eset about the issue?

dont forget eset has free phone technical support.

 

Its coming. Just keep tuned in

 

BETA Hitman Pro 3.5.9 build 129 (32-bit/64-bit)

Changelog (compared to build 127)

• Detects and removes latest ZeroAccess rootkit
• Improved detection of Sinowall rootkit
• Improved removal of 64-bit version of ZeroAccess rootkit
• Improved kernel-mode guard to block code injection attacks on Hitman Pro scan and removal process.
• Improved Cloud Assisted Miniport Hook Bypass to support detection of detours.
• Improved Crusader's watchdog.
• Added Romanian language.
• ...

32-bit: http://dl.surfright.nl/HitmanPro35beta.exe
64-bit: http://dl.surfright.nl/HitmanPro35beta_x64.exe

Please post any problems you may have with this build as we've made a few changes to the kernel-mode guard. Thanks!

 

Nice
Seems fine on win7 x64.

 

Thanks

 

I am still running v3.5.9.128. I was expecting it to update...automatically...but still waiting. That is the way I usually get the update.

 

Beta's don't auto update. Only the stable releases. If you run build 128 (= previous beta) you should delete it and run this build instead (beta's don't install themselves).

Hope this helps.

 

Hi

I scan my pc today with Hitman pro and i have 2 false positives

~ VirusTotal Results Link Removed per Policy ~

File name: OADriver.sys
Submission date: 2011-08-07 16:01:02 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)


~ VirusTotal Results Link Removed per Policy ~

File name: oahlp32.sys
Submission date: 2011-08-07 16:06:50 (UTC)
Current status: finished
Result: 0/ 43 (0.0%)

 

those files are detected by early warning scoring hence (6.0).
if you run a scan without early warning scoring those files wont show as threats.
you can still right click the files and use the option report as false positive.
early warning scoring is used to help advanced users detect potentially unknown malware but can lead to false positives.