Hitman Pro Support and Discussion Thread

HitmanPro 3.6.2 Build 168 RELEASED

HitmanPro 3.6.2 Build 168 RELEASED

Full Changelog

• ADDED: Windows 8 RTM support.
• ADDED: Windows Server 2012 support
• ADDED: Scan and clean registry of unloaded user profiles.
• ADDED: Scan for Potentially Unwanted Programs (PUP). Default action is Ignore.
• ADDED: Settings for Potentially Unwanted Programs.
• ADDED: Action to hide Potentially Unwanted Program family.
• ADDED: Apply actions to items of same family or classification.
• ADDED: Detection for RTLO unicode filename spoofing.
• ADDED: Detection for malware hiding its source executable filename from process memory.
• ADDED: Reset Settings to revert to default settings, reset reported false positives and ignored items.
• ADDED: Application exits with code 7 when a license error has occured.
• ADDED: XML Log now contains Cookie and PUP in attribute type.
• ADDED: Command line switch /logtype=txt|xml.
• ADDED: Command line switch /nopups. Note: /noremnants implies /nopups.
• ADDED: Command line switch /deactivate.
• FIXED: Command line swich combination /quiet /lic no longer show message box when activation has failed.
• FIXED: On some systems the scan for remnants never ended due to malformed NTFS record.
• IMPROVED: Detection of ransomware starting through LNK files.
• IMPROVED: Scoring on executables requiring elevation.
• IMPROVED: Gossip cloud classifier now uses Bing Azure.
• IMPROVED: ASLR detection on Services.exe.
• IMPROVED: Removal of new ZeroAccess CLSID variant.
• IMPROVED: Handling of Volume Boot Record (VBR).
• IMPROVED: Repair of disabled Task Manager policies.
• IMPROVED: Command line switch /log=file.txt exports log in text format.
• IMPROVED: Uninstall procedure.
• UPDATED: Internal embedded white lists.
• REMOVED: Windows 8 Release Preview embedded white list
• REMOVED: Windows 8 Consumer Preview embedded white list

Users are automatically updated.

 

Mine says 169

 

"ADDED: Scan for Potentially Unwanted Programs (PUP). Default action is Ignore."

^^^^ Seems weird to me. There is only Ignore & Delete. I would have thought there would have been a Report too? If the default is Ignore, then why even have the new feature?

 

Its called potentially unwanted program. These are applications/toolbars that the user unconsciously got installed along with his downloaded application (stuff like AskBar, Softonic, SearchQU, Funmoods, etc.). These entries are shown with a grey shield in HitmanPro.

In addition to ignore & delete, there is also:
"ADDED: Action to hide Potentially Unwanted Program family."

Hope this helps.

 

Is it going to Report while Ignoring? If it just ignores, how will the end user know if it found something? Maybe I just don't understand the terminology?

 

Potentially Unwanted Programs are not malicious, but software the user most likely did not want.

Ignore means you want to keep them on the machine at that moment.

Hide means you want to keep the entire family on the machine and don't want to list them anymore.

There is no need to report them as there is nothing to classify as PUPs are not malicious, just most likely unwanted.

Hope this helps.

 

Mine says 169 too.

 

On XP mine says 168 on Win7 it says 169 (auto-installed later than XP). I'm also getting a false positive in XP and Win7.
DrWeb on Virus total says it's clean (1 week ago and today) so there seems to be a discrepancy between DrWeb with Virus Total and DrWeb with HMP. Why would the DrWeb sigs be so far apart?

Another thing I noticed is if you scan a folder from the explorer context menu, you cannot expand the details of the
detection. I did this on Win7 for the SARDU folder and got the FP, but could not show all the details like below.

 

Mine 170. Jealous?

 

Hi Eric

Which Versions Number is right 168 or 169

 

No, mine is 170 as well

 

Just auto updated to 171

Al

 

Same here, obviously something wasn't done right before the latest release.

 

Thank you Erik for updating my last translation.

 

For some reason it can never update. It will progress to a point and then just stop. I always have to go online and download the whole thing again. Any solutions?

 

Hi Eric

Can you update the Download Seite for the Build 171 please

http://www.surfright.nl/en/downloads/

HitmanPro 3.6.2 Build 170

Changelog

ADDED: Windows 8 RTM support.
ADDED: Windows Server 2012 support
ADDED: Scan and clean registry of unloaded user profiles.
ADDED: Scan for Potentially Unwanted Programs (PUP). Default action is Ignore.
ADDED: Settings for Potentially Unwanted Programs.
ADDED: Action to hide Potentially Unwanted Program family.
ADDED: Apply actions to items of same family or classification.
ADDED: Detection for RTLO unicode filename spoofing.
ADDED: Detection for malware hiding its source executable filename from process memory.
ADDED: Reset Settings to revert to default settings, reset reported false positives and ignored items.
ADDED: Application exits with code 7 when a license error has occured.
ADDED: XML Log now contains Cookie and PUP in attribute type.
ADDED: Command line switch /logtype=txt|xml.
ADDED: Command line switch /nopups. Note: /noremnants implies /nopups.
ADDED: Command line switch /deactivate.
FIXED: Command line swich combination /quiet /lic no longer show message box when activation has failed.
FIXED: On some systems the scan for remnants never ended due to malformed NTFS record.
IMPROVED: Detection of ransomware starting through LNK files.
IMPROVED: Scoring on executables requiring elevation.
IMPROVED: Gossip cloud classifier now uses Bing Azure.
IMPROVED: ASLR detection on Services.exe.
IMPROVED: Removal of new ZeroAccess CLSID variant.
IMPROVED: Handling of Volume Boot Record (VBR).
IMPROVED: Repair of disabled Task Manager policies.
IMPROVED: Command line switch /log=file.txt exports log in text format.
IMPROVED: Uninstall procedure.
UPDATED: Internal embedded white lists.
REMOVED: Windows 8 Release Preview embedded white list
REMOVED: Windows 8 Consumer Preview embedded white list

HitmanPro 3.6.2 Build 171

Changelog

FIXED: /lic command line switch was broken.
IMPROVED: PE header anomaly detection.
UPDATED: Portugues language.

http://www.surfright.nl/en/whatsnew

 

Hi Eric

Can you whitelisted the Files please

SHA256: ae424dede248868a04e789dd052586572623e0410102829e5bd8afa3dbf19d2a
SHA1: b8ac868a1433326ec79d27d9ffc4d465ae4f0ea4
MD5: 60d255d3de6d4bba814418ed85c721a5
File size: 822.9 KB ( 842680 bytes )
File name: KiesPDLR.exe
File type: Win32 EXE
Detection ratio: 0 / 44
Analysis date: 2012-10-11 14:14:02 UTC ( 0 Minuten ago )

SHA256: 5cc8e0368d4d16cfddbd0c826b08f1d93df3c7c310026c6c91afdc0cd752e77c
SHA1: 21dd37b89ceac4fca7b67a97cfce1d1502f69023
MD5: f1e8c34892336d33eddcdfe44e474f64
File size: 130.0 KB ( 133120 bytes )
File name: cryptsvc.dll
File type: Win32 DLL
Detection ratio: 0 / 44
Analysis date: 2012-10-11 14:21:44 UTC ( 1 Minute ago )

SHA256: bd4339673b89b2ae946c0d5bf8b5569a812f55352a43ff36b305048fc268a84d
SHA1: 39a0643d3845833036f8d7c3764759d1d73dfa2d
MD5: ba7488ea536bcdd2f551a075bbe62c76
File size: 10.6 MB ( 11111424 bytes )
File name: ieframe.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-10-11 14:26:26 UTC ( 1 Minute ago )

 

thanks , updated to 171

 

Hi,

I am using HitmanPro trial version. Default scan/ Early Warning turned up two MS files from (10/10 updates) that I ignored. However, there were at least 5-7 traces that were not shown, just listed as 7 threats detected. How do I find out what the traces are?

Did search for an answer but my search terms were not specific enough to bring up good results, so apologies.

Thanks.

 

Daily scheduled scan is broken in 171. Scans after every reboot or logoff/logon on XP. Daily behaves the same as At Startup. Will check Win7. Also, FPs reported for 168 still remain in 171.

Al

 

Hi Erik.
Will HitmanPro add in a near future the option "Action for potentially unwanted modifications (PUM) ?

 

HitmanPro 3.6.2 Build 172 BETA

Changelog

• FIXED: Force breach was broken in build 171.
• IMPROVED: Detection of ransomware.
• IMPROVED: Various minor improvements.

32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

 

thanks alot

 

Hi Eric

Is with Version 3.5 or the New 3.6 please correct your post

 

Neither 3.5 nor 3.6 but......