Hitman Pro Support and Discussion Thread

HitmanPro 3.6.0 Build 161 Beta

Changelog

• ADDED: New Text File Log export format which is useful for posting scan logs in forums.
• ADDED: Save Log hyperlink is available directly after scan (before removal).
• FIXED: Boot Configuration Data (BCD) settings were only fixed when a Bootkit was removed. Now HitmanPro always checks BCD and offers repair when misconfiguration (by malware) was detected.
• IMPROVED: Several minor improvements.

Save Log available directly after scan


Example text logs
View attachment ZAccess.txt
View attachment Zbot.txt
View attachment Mebroot.txt

Downloads
32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

Please let me know what you think about the new Text Log format

 

Hi Erik
The "Save Log" will be translated to?
If so,send the file

Have a nice weekend.

 

An old file for software I haven't tested in ages...I should have canceled upload to the cloud.

 

...different snapshot. I decided to ignore.

Scan date . . . . . . : 2012-07-22 12:50:16
Scan mode . . . . . . : Normal
Scan time . . . . . . : 8m 29s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 2

Objects scanned . . . : 1,986,973
Files scanned . . . . : 38,646
Remnants scanned . . : 1,416,263 files / 532,064 keys

Malware _____________________________________________________________________

C:\Documents and Settings\<MyName\Desktop\AntiPhorm_Lite_Full_Download.exe
Size . . . . . . . : 178,627 bytes
Age . . . . . . . : 13.2 days (2012-07-09 06:54:13)
Entropy . . . . . : 7.9
SHA-256 . . . . . : DDA900BABFBFDBA7E72D1E1010381C0B1DE3D27E7732AF41AB1DBCC7D40DD2E5
> DrWeb . . . . . . : Infected
Fuzzy . . . . . . : 115.0



EOF

 

It works perfect Erik!

 

Hi Eric

Any infos about it

 

I've white listed the files.

 

Hi Eric

Thank you very much for your Info

Will you or the translators translate the Scan log

 

The log file contents will not be translated and will be English only.

 

Thanks mr. Loman for actively updating the product and support. And I like to say a general "thank you" to mops21 and all other people contributing in this thread for possible whitelisting and/or other problems/solutions about the use of HitmanPro, much appreciated !

 

HitmanPro 3.6.1 Build 162 BETA

In previous builds of HitmanPro the GUI becomes sluggish when displaying 1.000 or more malware items.
As of build 162, HitmanPro can now display millions of items without becoming slow or unresponsive.

Changelog

• ADDED: Support for displaying huge number of items.
• IMPROVED: Greatly improved performance of the scan result GUI.
• CHANGED: The rows in the scan result view can no longer be expanded/collapsed.
  Instead if you highlight an item in the view it will show the vendor classification (click to show classification).
• CHANGED: Double click will show the More Information panel (if available).
• CHANGED: Removed gradients in the scan result view to streamline with the rest of the GUI.

New GUI shows classification directly beneath malware item (when selected)


Downloads
32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

Please let me know how you like the fast results view

 

Hi,

Just tested newest Beta.

Working well on here: Windows 7 (32-Bit).

Regards,
Kardo

 

good job

 

Hi Eric

Thank you very much for the info about it

 

HitmanPro 3.6.1 Build 163

Today we released a new version of HitmanPro on our primary download server. We will update existing users later through automatic update.

Release notes (compared to build 160)

• ADDED: New Text File Log export format which is useful for posting scan logs in forums.
• ADDED: Save Log hyperlink is available directly after scan (before removal).
• ADDED: Support for displaying huge number of items in the Scan Results view.
• ADDED: HitmanPro can run in Windows Recovery Environment (WinRE) so users can access Quarantine.
• ADDED: WRP/WFP chevron on infected critical Windows system files. As always, these files will be replaced by clean safe versions.
• FIXED: Boot Configuration Data (BCD) settings were only fixed when a Bootkit was removed. Now HitmanPro always checks BCD and offers repair when misconfiguration (by malware) was detected.
• IMPROVED: Removal of the Cidox VBR Rootkit.
• IMPROVED: Deployment of the temporary HitmanPro Support Driver.
• IMPROVED: Greatly improved performance of the Scan Results view.
• IMPROVED: Several other but minor improvements.
• CHANGED: The rows in the Scan Results view can no longer be expanded/collapsed. Instead if you highlight an item in the view it will show the vendor classification (click to show classification).
• CHANGED: Double click on an item in the Scan Results view will show the More Information panel (if available).
• CHANGED: Removed gradients in the Scan Results view to streamline with the rest of the GUI.

Downloads
32-bit http://dl.surfright.nl/HitmanPro36.exe
64-bit http://dl.surfright.nl/HitmanPro36_x64.exe

 

thanks for update markloman

 

Maybe a false positive?

Suspicious files ____________________________________________________________

C:\Windows\system32\Threed20.ocx
Size . . . . . . . : 331.032 bytes
Age . . . . . . . : 52.2 days (2012-06-05 14:43:36)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 55FA48CB7CC27DBE3C629F907D129B25550D46E3B553FB25F4D530FC8E397655
Product . . . . . : ActiveThreed
Publisher . . . . : Sheridan Software Systems, Inc.
Description . . . : ActiveThreed Controls
Version . . . . . : 2.01.0015
Copyright . . . . : Copyright(c) 1991-1997 Sheridan Software Systems, Inc.
RSA Key Size . . . : 512
Authenticode . . . : Self-signed
Fuzzy . . . . . . : 26.0
Program is code signed with a weak certificate. This is common to malware.
Program is code self-signed.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.

 

Not an FP, just suspicious. Its self-signed with 512 bits key size. Cant get much worse. I'll whitelist it shortly so it isnt listed as suspicious.

 

As mentioned by my brother erikloman, this is *not* a malware classification but a warning. More information about weak certificates here:

• http://ssl.entrust.net/blog/?p=1041
• http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

 

The interface change about license is still not implemented as was promised to me by Erik.

 

Some sentences are cut in the middle:

And nothing happens if I enter the API Key of VirusTotal. Why is that option there? What is it supposed to do?

 

We evaluate each feature (by the development team) but so far its a low prio to change this GUI. Its a way to re-enter a different license and a link to purchase a new license before the existing expires. We might leave it as is because we are moving towards HitmanPro 4 development.

 

You can upload suspicious or EWS items to VirusTotal. When a key is entered the VT-upload feature becomes available at the end of each row in the scan result view. Its a third-opinion.

 

FWIW, I don't see that happening on HMP in either XP or W7.

Edit in: XP, SP3

 

neither do I (W7)