Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    relax....it's just the behavior scanner of hitman pro...the next time it flags something like this just click next and it'll upload the files to the cloud where they will be scanned by multi Avs including gdata, dr.web, emsisoft, etc(although dr.web gives the most false positives in my case :argh: ) and then hitman will show you the result of the scanning whether the files are clean or not...then you're given the option to activate your free license to remove them if malicious if you use hitman pro free....
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,439
    Location:
    Outer space
    He's not using Early warning score, recent versions display the text Early warning score above the scan window, plus the EWS shields are blue, not yellow ;)

    @Mats
    I did a search and the first DLL seems to belong to ScreenCapture Control from Tecent Inc. and the other to Foxmail from the same company, so if you've installed those softwares it seems allright. You can upload the files to virustotal.com to have them scanned by 40+ scanners for some peace of mind.
     
  3. Mats

    Mats Registered Member

    Joined:
    Jun 4, 2009
    Posts:
    18
    Oh, it's in the Next drop down menu. I never opened that, I've just clicked Next. Thanks atomomega.

    Your search skills are better than mine, I searched those two .dlls too but didn't come up with Foxmail. And yes I did install Foxmail to trial it last Spring before I settled on Thunderbird. Funny why it took Hitman Pro 9 months to flag those two files.

    And I already had sent those two to Virus Total - they came up clean.

    So, one final question from a noob...

    My Hitman Pro is not yet activated. If I were to tell Hitman Pro to Delete those two files, does that start my 30 day window?
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Is it possible for me to have a remote look why these files are flagged as suspicious? I will send you a PM.

    Yes your trial will start, but you will get a window stating whether you want to start the trial.
     
  5. Mats

    Mats Registered Member

    Joined:
    Jun 4, 2009
    Posts:
    18
    I just had Erik remotely look at and scan my computer to investigate those files. It was determined that they were false positives.

    SurfRight's customer support is very impressive. I can't picture many software companies going to those lengths and giving their customers that kind of personal service. Particularly a customer who has never given them a dime. Wow.

    SurfRight and Hitman Pro Rock!
     
  6. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,307
    That is not how it works for me. Since 131, I always get one file being flagged as suspicious. Hitting next doesn't load anything to the cloud. In my case it is a false positive.

    C:\Toolbx\StatBar.exe
    SHA1=e5831a98d2a730afb8ae6131456ebc81f029e7bb
    SHA256=a8e6a5a6597c714e43cc826fb1596336f0051bdc7bf7b98e46633d4ca96f74a4

    VirusTotal: 0/42

    Al
     

    Attached Files:

    Last edited: Nov 28, 2011
  7. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,307

    Attached Files:

    Last edited: Nov 28, 2011
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Hi Adric. It is an FP. I have solved it in the cloud. Thanks!

    Erik
     
  9. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,307
    Hi Erik, thanks for taking care of wirelesskeyview. I'm still wondering about statbar.exe from my other post. This file was never flagged in previous versions of HMP. I know it's only flagged as suspicious and gets ignored, but I would rather not see it flagged at all ;) As a last resort, I could use the "Report that this file is safe" drop-down, but I want to avoid doing that if the file is accepted as a false positive .

    Al
     
    Last edited: Nov 28, 2011
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,873
    Last edited: Nov 28, 2011
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,873
    Here we go...;)

    ........edwido.exe > 57418033b47c8a2c7a9b14683e422a689094e02ac0706

    SecuritySuite.exe > bf59b41e3ab132423e0ceb2d4cf6f41d8e686925dc777f4

    .......uninstall.exe > c9d595b160306998799c8287e07d539b26c232d899e7fc
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    All three hashes are not SHA-256 hashes (they should be 64 hex characters in length; 64 hex characters = 32 bytes = 256-bits)

    I personally use HashTab to calculate hashes:
    http://implbits.com/HashTab/HashTabWindows.aspx
     
  14. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,873
    Sorry, I downloaded HashCalc and I am sure I used it correctly to calculate the right hashes.

    Anyhow, I just installed HashTab, but I don't see an exe file in my 'Program Folder'

    I just see the following. I thought I should be seeing something in the context menu. Any clues in getting it to work, please?

    ScreenShot_HashTab_HMP_01.jpg
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Go to the Ewido files and right-click and choose properties from the context menu, and choose the File Hashes tab (just like your screenshot).

    Then right-click on the SHA-256 and choose Copy.

    Paste the value in the Post.
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,873
    Thanks, Erik

    I got it right, this time, hopefully.


    ........edwidoctrl.exe > 57418033B47C8A2C7A9B14683E422A689094E02AC0706D06B9BD898BCC9559C9

    ....SecuritySuite.exe > BF59B41E3AB132423E0CEB2D4CF6F41D8E686925DC777F4269F8847FB14DF69D

    ...........uninstall.exe > C9D595B160306998799C8287E07D539B26C232D899E7FC74853A35F35BE234B2
     
  17. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,850
    Is there a way to install the beta? It doesn't ask if I want to leave a copy on my computer. It did when I installed it on my Dad's computer, but not on any other one.

    Also, are there any plans for a future version having real-time protection, and maybe free on-demand removal?
     
  18. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Also curious about this.
     
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes, you can run HitmanPro 3.6 as non-beta, but you will lose your HitmanPro 3.5 install.

    If you rename HitmanPro36beta.exe to HitmanPro36.exe (remove the word beta) then it will upgrade your 3.5 install to 3.6.

    Please let us know how Beta 1 works when running as non-beta.

    Erik
     
  20. MaineMatt

    MaineMatt Registered Member

    Joined:
    Nov 30, 2011
    Posts:
    1
    Location:
    United States
    Sorry if this is a repeat, but search didn't turn anything up...

    Is there a way for hitman pro to scan a drive other than the boot drive? I've got a TDSS variant rootkit infection on a friend's PC that I'm trying to clear up for him, and I've got his drive slaved into my PC, but I can't get Hitman Pro to scan anything other than my C: drive.

    His computer is an older XP Pro machine that he bought as surplus from his employer, so no free trial is available on his machine (it's still a member of a domain). I'm just doing this as a favor to him, so I'm trying to get by without spending any money..
     
  21. .....

    ..... Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    312
    Just tried the x64 version, upgrade was fine. Running ok so far.
     
  22. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro is meant to run ON the infected machine. This is because HitmanPro needs to behavioral scan the system and see what is running in-memory and what is automatically starting. So hooking up an drive from a different system is not going to find much.

    HitmanPro 4 will likely support your configuration though.

    Hope this helps.

    Erik
     
  23. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    If you can't install Hitman Pro in it you can try this:

    http://security.symantec.com/nbrt/npe.aspx?lcid=1034

    It will ask you for internet connection and a reboot in order to detect rootkits.
     
  24. dazed1

    dazed1 Registered Member

    Joined:
    Mar 2, 2011
    Posts:
    161
    HMP is great indeed, i love it! but one thing i hate about it, when you find some supuscios file or malware, it does not have option to directly to go to the file, and you must go and manually search trough folders, and somtimes the file is locateding in many subfloders, so you have to open like 10 of them and search careful which is pain and boring really. :'(

    It could be awesome if you add option for us so we can select the file and jump directly to the folders which are marked by hitman pro, MBAM has this option, and i bet its quite easy for you to make it as well, thanks in advance :thumb:
     
  25. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    This morning I had a FP with a .sys from Trusteer Rapport that HMP identified as a rootkit (the first FP in a year and a half, BTW). I selected 'report as false positive' from the detection results. Is this enough?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.