Hitman Pro Support and Discussion Thread

I don't know if the problem exists also on W7 since I don't have that file on that box.
Maybe I should move it over there and test W7 too.

 

My problem has not been specifically with that file, but rather in trying to use VT from within HMP on any file that has been flagged. It just doesn't seem to work for me.

 

I gotcha.
The only reason I mention that file is because it's the only one being flagged for me on two machines, so it's the only chance I've had to use the VT feature.

 

I copied the same file to the Windows\System32 folder on my W7 machine and ran a scan.
HMP flagged it and the VT API key thing worked fine (the VT page opened).
So it looks like perhaps this is only happening on XP, SP3.

 

That's exactly what I'm using -- XP SP3

 

I've white listed it (it wasn't, thought I did ).

You saw HitmanPro close after clicking on VT ? Sounds like an issue. Can you reproduce is several times?

 

I reproduced it about 2-3 times last night before I posted about it.
I would be happy to try to reproduce it some more times as you have requested, but now that you have whitelisted that stdvcl32.dll file, nothing turns up on the scan anymore! What now? My machines are too clean. Maybe remove stdvcl32.dll from the whitelist?

 

Just updated to build 164.

 

Hi everybody
Another great test of Force Breach.

http://www.youtube.com/user/Britec09

 

Does anyone know of any promotions / discount coupon for hitman pro. Thanks. (PS Pls pm me too if poss)

 

Hi Eric

Can you whiteliste the files

SHA256: b2302e61453bf32cfb5e886a13eb8780c6837c0b22e41b7750278f38e523ec8a
SHA1: 698a2d9f00ef2320d36e23774629b088a1388ae5
MD5: ff9578aad7acd2df58082bf5046f1b28
File size: 10.6 MB ( 11111424 bytes )
File name: ieframe.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:51:19 UTC ( 1 Minute ago )

SHA256: cde65b1225216feb00cacd7e26bb3cecc9b9d71d8b272665660e80cbb83d1e41
SHA1: 8d4bcd23af079c85936ecf7e868e61e335cdaca4
MD5: c0b2de7cdb7cbd4b99c89444bccb34a7
File size: 378.5 KB ( 387584 bytes )
File name: iedkcs32.dll
File type: Win32 DLL
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:53:36 UTC ( 0 Minuten ago )

SHA256: ed2bbd925758a5b23461ea8dfb845e0f34973c4c336634f507f1bf5e952b8ec4
SHA1: 7755917939b8efd9614b48a1bc9f4a171141d578
MD5: 09b57458e671a236ae528763c7cc3a08
File size: 170.0 KB ( 174080 bytes )
File name: ie4uinit.exe
File type: Win32 EXE
Detection ratio: 0 / 42
Analysis date: 2012-08-14 17:55:20 UTC ( 0 Minuten ago )

 

I'm still happy to test but need something to test it with.

 

I believe this is a false positive also...

 

Hi Eric

Any infos about it

 

Hi Eric

Any infos about it

 

EWS is showing files that got recently deployed/updated. This way you can find malware that was recently deployed. But you should ONLY run EWS when you are an expert AND suspect malware infection. If you don't suspect infection, don't run with EWS.

The above files belong to Internet Explorer and are most likely recently updated. If you choose More Information at the end of each row you'll see why they are listed.

Hope this helps.

 

Erik

RegfromApp gets flagged during a normal scan. I don't understand why so many AV products have problems with stuff that comes from Nirsoft. a-squared is one such product.

Al

 

deleted

 

Google SafeBrowsing has a problem with it as well.

Every software publisher that treats itself seriously should digitally sign its publications.

I've white listed the file.

 

very true

 

Thank you very much Eric

 

Hi Eric

Need you the Infos of the Files or Need you the Scan log

Whiteliste please

 

Just did a scan with HMP with the following results. Showed up at the end when searching Remnants. Is this a FP?

 

Exactly the same with me. Uploaded to Virustotal: 0/42

SHA256: 386b4aec48ac753ae9beeac104030760d0a5a8fb11a53f4bc1b1d956c0bfeb62
SHA1: b3cb285fcd6fef456ec5858553e11c097091e219
MD5: 3146ec4d3e06181fe6fac7652368d4b7
Size: 664 bytes ( 664 bytes )
Name: d3d9caps.dat

Scanned locally with Norton and Malwarebytes and both said that it was clean too. In my system since 3 March 2012

 

HMP just hit on it today, but I was doing website reviews and a few websites MBAM blocked for malware. Since it detected under Remnants it might be something that MBAM blocked. Anyway I accidentally deleted the file with HMP. Nothing in quarantine. I hope I don't need this file if it turns up to be a FP.