Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    It's detecting PunkBuster as suspicious again:
     

    Attached Files:

    • FPs.jpg
      FPs.jpg
      File size:
      75.7 KB
      Views:
      1,383
  2. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    i think it have never stoped to do so, i see it in many reports i have
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you send me the log? Maybe I can solve this in a permanent way.
     
  4. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    C:\Windows\SysWOW64\GameMon.des
    Size . . . . . . . : 4.340.664 bytes
    Age . . . . . . . : 117.3 days (2012-11-09 16:01:12)
    Entropy . . . . . : 7.9
    SHA-256 . . . . . : A56AC896ADF05D67279AFD62A9BB61E262289A1BEA81F3032F3CD8AC95152A4E
    Product . . . . . : nProtect Game Monitor
    Publisher . . . . : INCA Internet Co., Ltd.
    Description . . . : nProtect Game Monitor Rev 1884
    Version . . . . . : 2012.7.10.1
    Copyright . . . . : Copyright ⓒ 2000-2011 INCA Internet
    Service . . . . . : npggsvc
    Fuzzy . . . . . . : 29.0
    The file name extension of this program is not common.
    Starts automatically as a service during system bootup.
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common
    to system tools, drivers and hacking utilities.
    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    A rootkit http://en.wikipedia.org/wiki/NProtect_GameGuard

    Can be used for good. Hmmm grey area.
     
  6. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Personally I think it's best to err on the side of caution with such things.Although this particular thing isn't bad,I'd rather be informed of anything "rootkit like".
     
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    The hang is gone :)


    :thumb:
     
  8. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    370
    Any discount up and running for it ?:rolleyes:
     
  9. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    370
    hitmanpro kickstart dosent work on windows 7 X64bit. got infected with Ransomware Zero day. kaspersky didnt detect it. did fix an usb installed kickstart doing as video say i just getting to system restore. via USB. kickstart
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Have you tried Kickstart 2.0 which is in HitmanPro BETA build 191?
    http://www.surfright.nl/downloads/beta
     
  11. chabbo

    chabbo Registered Member

    Joined:
    Jun 28, 2009
    Posts:
    370

    yes was take the download from the website. But didnt work

    but i did go safe mode with network. and started up Taskmanager super fast becouse i did only have 5 sec on me to kill skype.** before it shudown computer agin.
     
  12. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Code:
    HitmanPro 3.7.2.190
    www.hitmanpro.com
    
       Computer name . . . . : 
       Windows . . . . . . . : 6.1.1.7601.X64/4
       User name . . . . . . : 
       UAC . . . . . . . . . : Disabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2013-03-09 11:16:15
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 5m 23s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 4
    
       Objects scanned . . . : 1,331,195
       Files scanned . . . . : 9,867
       Remnants scanned  . . : 313,798 files / 1,007,530 keys
    
    Suspicious files ____________________________________________________________
    
       C:\Users\Brandon\AppData\Local\PunkBuster\BF3\pb\dll\wc002286.dll
          Size . . . . . . . : 942,907 bytes
          Age  . . . . . . . : 430.7 days (2012-01-03 19:08:52)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 151573760160ED491B4528616FF16C058966B9555B73E804AF1CD60B3F8EB33D
          Fuzzy  . . . . . . : 29.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
    
       C:\Users\Brandon\AppData\Local\PunkBuster\BF3\pb\dll\wc002288.dll
          Size . . . . . . . : 948,118 bytes
          Age  . . . . . . . : 396.8 days (2012-02-06 17:13:51)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 3192353354FE593051B33886088D4C312ACB9A653D874281B2EBF131B80415CB
          Fuzzy  . . . . . . : 29.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
    
       C:\Users\Brandon\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
          Size . . . . . . . : 139,328 bytes
          Age  . . . . . . . : 444.9 days (2011-12-20 14:16:22)
          Entropy  . . . . . : 7.8
          SHA-256  . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             The file is a device driver. Device drivers run as trusted (highly privileged) code.
             Program is code signed with a valid Authenticode certificate.
    
       C:\Users\Brandon\AppData\Local\PunkBuster\BLR\pb\PnkBstrK.sys
          Size . . . . . . . : 140,360 bytes
          Age  . . . . . . . : 247.9 days (2012-07-04 13:36:23)
          Entropy  . . . . . : 7.8
          SHA-256  . . . . . : 0F41B3843E2D2D1BB1ACF8B7CAA293309CC1CF8CF478B1AC86DD6BB214928DC4
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : 22.0
             The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Program contains PE structure anomalies. This is not typical for most programs.
             The file is a device driver. Device drivers run as trusted (highly privileged) code.
             Program is code signed with a valid Authenticode certificate.
    
    
    
    
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The BETA section on the Downloads page has Kickstart 2.0. Not the regular download.
     
  14. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    391
    Location:
    Land of the Mer Lion
    I just updated to Build 190 earlier and I am getting a "HitmanPro 3.7 has stopped working.." Can someone help me please?

    See images attached.

    Incidentally I went back to Build 189 and all was well. Funny thing is the Build 190 installer seemed to be flagged. See image(I cancelled it when it was uploading together with K-Lite codec pack).
     

    Attached Files:

    Last edited: Mar 9, 2013
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you test this Beta 191 here:
    http://www.surfright.nl/downloads/beta
     
  16. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    391
    Location:
    Land of the Mer Lion

    Attached Files:

  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    +1
    I prefer having it flagged as suspicious.
     
  18. dreis

    dreis Registered Member

    Joined:
    Mar 10, 2013
    Posts:
    1
    Hi, I don't know if you can help me, but when I boot my ransomware computer from the USB flashdrive, hitman kickstart pro opens up but there's nothing written on any button and then when I click one an error occurs with a blue screen. "STOP Error 0x00000050: PAGE_FAULT_IN_NONPAGED_AREA"
    That then restarts my computer. Any help?
     
  19. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I think the question is if it should be a part of the EWS scan only, otherwise I would get alerted every time, and especially if I have HMP running at startup cause I've a game that uses nProtect (god forbid). :p
     
  20. garack

    garack Registered Member

    Joined:
    Jan 15, 2013
    Posts:
    12
    Hey, got one Bug when using a normal 4 GB USb Stick:

    With the latest 191 Beta and the official 190 Download my Computer only starts to Repair the System, no matter if i select 1 or 2 at boot..

    When repairing the System the Computer is giving a log that only says that the Startup was reapaired and Windows starts fine. Without Hitman...

    Without the Hitman BootStick all is fine. Windows starts normal. Strange is that the same Stick works on my 2 other Windows Systems.

    System is: Win764 Ultimate Desktop i2500k Asus Mainboard with a single Windows Installation.

    Other Systems are the same, one is a notebook.

    Edit: New test with another USB Stick and the 191 Build get the same results: Windows booting in System repair mode. So something messed up the MBR when it starts with hitman?

    Edit2: Tried to boot in repair mode from CD and done this:

    bootrec /fixmbr
    bootrec /fixboot
    bootrec /rebuildbcd

    But the problem is still the same..

    fixboot c: is not working , invalid command..

    And one question: After setting up Hitman to a USB Stick and then using it after formating for other bootable Software (Kapsersky Rescue for example) the hitman Boot choice is coming up when starting with the stick.

    It means that the MBR is not overwritten. I do this with Gparted and create a new partitionstable...But how to clear the Hitman MBR from a stick, so i can use it for Other Bootable USB tools?
     
    Last edited: Mar 14, 2013
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Do you use hard drive encryption or RollbackRX / EAZ-FIX ?

    Thats a Kaspersky issue. Don't know why Kaspersky isn't able to overwrite our MBR. But you can remove Kickstart MBR from your USB stick by right-clicking the USB stick in HitmanPro (in the Kickstart dialog). From the context menu, choose: Erase USB-stick.
     
  22. Dark Lord

    Dark Lord Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    120
    Hi "Erik"

    why won't Hitman work if system is installed with RollbackRX/EAZ-FIX ? o_O

    If so is the error only an incompatibility with Hitman and RollbackRX/EAZ-FIX? :doubt:
    OR
    Is it common problem to every anti-virus program if RollbackRX/EAZ-FIX been installed. :cautious:

    Regards,
    Dark Lord
    :D
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro does work with RollbackRX/EAZ-FIX. Just set the Disk Access Mode to Compatible.

    The above question was regarding HitmanPro.Kickstart. And not the general HitmanPro application.
     
  24. CincyNightFlyer

    CincyNightFlyer Registered Member

    Joined:
    Mar 17, 2013
    Posts:
    2
    Location:
    United States
    HW Acer Aspire 5000, Fsys FAT32, OS XP
    Fighting Citadel virus

    Tried HM pro , got prompt to start at MBR or bypass, neither worked
    Tried holding cntrl key while booting HM Pro, same results
    PC acts as if it is dead now, processor comes on for a sec then goes off
    Ideas?
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Multi boot/multi disk in system?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.