Hitman Pro Support and Discussion Thread

Hitman Pro 3.6.2 Build 174 BETA

Changelog

• IMPROVED: Detection of Symmi malware.
• IMPROVED: Detection of malware that starts through Scheduled Tasks.
• IMPROVED: Operations on Boot Configuration Data (BCD) are now handled by Crusader service.
• FIXED: On some systems the Settings dialog was blank.
• UPDATED: Internal white lists

32-bit http://dl.surfright.nl/HitmanPro36beta.exe
64-bit http://dl.surfright.nl/HitmanPro36beta_x64.exe

 

Latest beta running smooth here (W7 HP SP1 x86).

 

Same here on x64

 

mine just updated to 174

 

I used the search first but not finding the answer. I have a week old install of Win 8. I just ran Hitman and it says services.exe located in C:\Windows\System32 is possibly infected. I ran malwareBytes...Nod32...SuperAntiSpyware...Emsisoft Anti Malware...and clean. Is this a false positive?

 

Can you post a screen shot or a log?

 

Computer name . . . . : JEFF
Windows . . . . . . . : 6.2.0.9200.X64/4
User name . . . . . . : Jeff\Lucille
UAC . . . . . . . . . : Enabled
License . . . . . . . : Paid (-284 days left)

Scan date . . . . . . : 2823-11-12 11:11:52
Scan mode . . . . . . : Normal
Scan duration . . . . : 2m 45s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 0
Traces . . . . . . . : 3

Objects scanned . . . : 967,144
Files scanned . . . . : 13,885
Remnants scanned . . : 184,593 files / 768,666 keys

Suspicious files ____________________________________________________________

C:\Windows\system32\services.exe
Size . . . . . . . : 410,624 bytes
Age . . . . . . . : 3.8 days (2823-11-08 14:48:34)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Services and Controller app
Version . . . . . : 6.2.9200.16420
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Running processes : 980
Fuzzy . . . . . . : 31.0
Address Space Layout Randomization (ASLR) capability is stripped from this system file. This is an indication of malware infection.
Program is running but currently exposes no human-computer interface (GUI).
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.



[/code]

 

You forgot to paste the version of HitmanPro.

 

3.6.1.164

 

Please update to 3.6.2 build 174.

The services.exe problem is fixed since build 170.
See also: http://www.surfright.nl/nl/hitmanpro/whatsnew

 

Thanks.

 

But there's no medicine for that, man

 

huh??

 

Hi Erik

Can you whitelisted the 2 Files please

SHA256: db01f812aab8ecc6419ed6cc80d6043067e8d47a4ae13cf2b9bee71529f7be65
SHA1: 0e6e8992814f7f3af502a64bd81f30502f8f1b8d
MD5: 41be5ef58672301e2d79d185310f29fe
File size: 823.4 KB ( 843208 bytes )
File name: KiesPDLR.exe
File type: Win32 EXE
Detection ratio: 0 / 44
Analysis date: 2012-11-13 11:40:28 UTC ( 0 Minuten ago )

SHA256: 037784a4c71f67e289f0b70f2a202fe17bf85fc0cd92a8708490456205f08220
SHA1: 0bc12611fa227f58b2a0458d56fcd93ab14565cf
MD5: a3e477acda2c5a427e56fb075adeb536
File size: 13.9 MB ( 14586808 bytes )
File name: NPSWF32_11_5_502_110.dll
File type: Win32 DLL
Detection ratio: 0 / 44
Analysis date: 2012-11-13 11:48:55 UTC ( 0 Minuten ago )

 

Hi Erik

Can you whitelisted the 2 Files please

SHA256: 4950f4ad0577b7c1000ad9048d3bc45ee9b4508fc47248502a73e296cdac655e
SHA1: a8575179fcf8ca4012c1428e6199309b3f365dbd
MD5: 4f3bc96f7c45ed12955892c310f1e3db
File size: 13.8 KB ( 14160 bytes )
File name: asdws.sys
File type: Win32 EXE
Detection ratio: 0 / 41
Analysis date: 2012-11-15 08:48:31 UTC ( 1 Tag, 10 Stunden ago )
scan with virustotal.com

Dateiname : KiesPDLR.exe
Größe : 1104824 byte
Typ : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : d24b30b55a3e3bb9040957d79d78eb46
SHA1 : d36a0ab74c8061aca9ff959c71bf2bd731f65952
scan with virscan.org

 

@Mops21,

Within HMP you can report these as safe if you are sure they are.

 

Hi

Thank you very much for it.

I use the free Version from HMP can i make it in the Free Version Report the Files As Safe or only in the paid Version

Can i send the Files to Erik for check or analyse

 

Unless you are a security expert it might be better to turn off EWS (advanced options).
You can sent files (FP's or FN's) to HMP support.

 

Actually you should only use the EWS option if you know how to use it, as Erik has explained to Mops21 the last time he posted about this.

 

Hi

Did you mean the support@hitmanpro.com or info@surfright.nl

 

Hi Mops21. I've whitelisted them

 

Thank you very much for the Information

Or can i send my FPs to supprt@hitmanpro.com

 

@Mops21: Or as gerardwil suggested you can choose to use "Report that this file is safe" following detection (if you're sure it is) by clicking on arrow at rh side and dropping menu down. In this way I believe files will be confirmed safe or not, and shortly whitelisted if ok, if I'm not mistaken. It might be an easier way perhaps. https://www.wilderssecurity.com/showpost.php?p=2145271&postcount=4821

 

Thank you very much. I will post it here i use the free Version from HMP

 

Re: HitmanPro.EndpointSecurity coming soon

can you use it on linux as well also are there any future plan for cloud base UTM DNS

i love your product very much its one of best software ever created

only pity thing is i use linux more and i wish you provide cloud base for other coutries too something like (Hitman utm DNS) with 5 years promoting license


https://www.wilderssecurity.com/showthread.php?t=331472