Hitman Pro Support and Discussion Thread

I did the scan...but?

Code:

HitmanPro 3.7.5.196
www.hitmanpro.com

   Computer name . . . . : XXXYYY
   Windows . . . . . . . : 5.1.3.2600.X86/4
   User name . . . . . . : ***Private information***
   License . . . . . . . : Paid (927 days left)

   Scan date . . . . . . : 2013-05-18 08:09:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10

   Objects scanned . . . : 1,984,929
   Files scanned . . . . : 45,707
   Remnants scanned  . . : 1,413,355 files / 525,867 keys

Suspicious files ____________________________________________________________

   C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe
      Size . . . . . . . : 121,104 bytes
      Age  . . . . . . . : 3.0 days (2013-05-15 09:17:27)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 0BAD78488EA45FBB337C7355EEE385A315CDECF63EC1A13ADA0B4DCD30C6D47C
      Product  . . . . . : CPUEater Application
      Publisher  . . . . : Bitsum
      Description  . . . : CPUEater Application
      Version  . . . . . : 6.0.3.19
      Copyright  . . . . : Copyright (C) 2010-2013 Bitsum Technologies
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336530.exe
          0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe
          0.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336532.exe
          0.2s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336533.exe
          0.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336534.exe
          0.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336535.exe
          0.4s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336536.exe
          0.5s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336537.exe
          0.6s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336538.exe
          0.7s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336539.exe
          0.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336540.exe
          0.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336541.exe
          0.9s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336542.dll
          1.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336543.dll
          1.0s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336544.dll
          1.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336545.dll
          1.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336546.dll
          1.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336547.dll
          1.4s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336548.dll
          1.6s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336549.dll
          1.7s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336550.dll
          1.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336551.dll
          1.8s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336552.dll
          1.9s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336553.dll
          2.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336554.dll
          2.1s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336555.dll
          2.2s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336556.dll
          2.3s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336557.dll
          8.5s C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336558.exe

BTW, I have since deleted C:\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP278\A0336531.exe

 

Beta working fine here, got a strange detection today from a scheduled scan with build 193 though:
Name healthreport.sqlite-shm
Location C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\1t5j3ivs.default
Size 32.0 KB
Time 0.2 days ago (2013-05-18 10:23:23)
Entropy 6.2
Product HitmanPro 3.7
Description HitmanPro 3.7 Support Driver
Version 1.3.7.6
Copyright © 2012 SurfRight B.V.
SHA-256 DFE35D9DF11BD68AD2767C01CD49B859EF5D4A220F589D45A146190DE6693D7E

Scoring (49.0)
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file name extension of this program is not common.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Authors name is missing in version info. This is not common to most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.

 

i'm still using Hitman Pro (Year Licens Renewel),a view week ago,after a standard
Hitman Scan, i got the Same Message from Hitman (was a old
3 Match casual Game).And i push the Button (Repair),and i got an sweet
BSOD(i never had some before)maybe there a old traces from the game
i dont know,people say it was the restof this game that causes this bsod.
whats right whats wrong.?
--------
Stop:

0x0000007E (0x0000005,0x00000000,0x8E98BC00,0x8E98B7E0)
--------

i never hat problems with HitmanPro on my Windows 7 Machine,i love
HitmanPro.

Greets

Lucien

PS*sorry for my broken English

 

Can you send the minidump from c:\windows\minidumps\ folder?

 

love the program wish they would come out with a free version and not just a trial

 

Sorry for being a fool bro,this was a old Install,and i forgot to backup this
Minidump,than view days later i made a new install on my machine.Ok i have
to wait hoping that Mess not happens again,and i swear,will this happens
again(i hope not),i will do that Backup.So i said basically i dont have any
Problems with Hitman Pro never,so there is a good Chance that this Mess
not happens again,it might be possible that this BSOD causes from a
very unlucky Situation an Configuration at this Time.Will this in some Way
happens again,i made this Backup,you can count on me.

Greets

Lucien

 

Yes it is very good. Looks very promising. Lol, Im sorry but I couldn't help myself. This thread is so old. HMP should get its own forum section....

 

Erik,

Did you get a chance to look at this?

Al

 

HitmenPro on x64 system does not update to a newer version. This isn't the first time!

 

Solved it. Thanks

 

Ikarus is the father of all false positives (I know, I'm exaggerating a bit). It could cause more harm than good for Hitman in the long run, even though it does have excellent detection rates.

 

HitmanPro 3.7.5 Build 197 RELEASED

HitmanPro 3.7.5 Build 197 RELEASED

Changelog

• ADDED: Java exploit drive-by-download detection through forensic clustering.
• ADDED: Bootkit Gapz removal via Kickstart.
• IMPROVED: Detection of zero-day ransomware through forensic clustering.
• IMPROVED: Detection and removal of malware starting via Command Processor (cmd.exe).
• IMPROVED: Remnant scanner.
• IMPROVED: Forensic clustering.
• FIXED: On some computers keyboard was unresponsive in Kickstart BIOS Boot Menu
• UPDATED: Kickstart 2.2

Existing users are being updated as we speak.

Please let us know how this version runs on your system

 

Erik, do you have more info why the Firefox file was detected as HitmanPro driver? The detection is now gone btw.

Build 197 running fine here (w7x64)

 

Works great here

Win 8 64bit

 

HitmanPro 3.7.5 Build 198 BETA

Changelog

• ADDED: Repair of Reparse Points / Junctions placed by malware on Antivirus programs.

Description
The latest variant of ZeroAccess/Sirefef disables Microsoft Security Essentials and Windows Defender by placing a Reparse Point (Junction/Symbolic Link) on the files of these products. The result is that these antivirus products are disabled by the malware! More info can be found here at KernelMode.info.

This BETA release of HitmanPro now detects and removes these Reparse Points so that the mentioned AV products will function again.

Here a screenshot of how HitmanPro offers to repair the reparse points:



Download
http://www.surfright.nl/downloads/beta

Please let us know how this version runs on your computer

 

No issues here with 198

 

Wow! Hitman Pro suddenly becomes drastically improved with an increased amount of updates! I'm glad I own several licenses and I'm positive I'll renew them in August when they expire.

Great job Erik!

 

More new and useful features in version 3.8 which is slated for release on July 1st.

 

Build 197 Release runs fine here
Build 198 Beta runs fine here

Greets

Lucien

 

XP SP 3:




All scans.

 

Hello,

I have had to remove HMP for the time being. I have started getting a BSOD every time I scan with HMP. I start HMP and the scan, it progresses normally for a bit, then during the scan everything freezes. A bit after the freeze, my system BSOD's. I get a screen where Windows says it is gathering info and will then reboot. On the reboot, it stops on the Windows booting screen before the login screen. After a moment or two, all disk activity stops. I have to do a hard reset but am always given the Windows maintenance screen when windows is booting giving me the option to do a repair or proceed to Windows. If I chose repair, if fails. If I try to continue to Windows, it stops again with no disk activity. The only way to proceed is a hard reset again. This is a never-ending loop. I have to restore an image from my back-ups to get back to Windows. This is reproducible even after an uninstall and reinstall of HMP as it happens every time. Since my Windows is somehow becoming unbootable and I have to restore an image, I have no logs left to try to troubleshoot or forward to SurfRight. I am on Win 8 Pro x64 and since I see no one else having this problem, I am assuming it must be something unique to my system.

 

Have you considered hosting an official, dedicated forum here at Wilders instead of this thread?

I'm excited to hear about the new features when time is right!

 

I think it MIGHT be related to your AX64 Time Machine software. If you set HitmanPro to Compatible Mode I think the issue should be resolved.

Did you have issues with previous builds of HitmanPro?

 

Can you run HitmanPro with the following command line:

HitmanPro.exe /debug:full

And then perform a scan and when it crashes, send the created dump via wetransfer.com to erik@surfright.com .

 

Hi erik,

I will install again and change the mode before I try a scan.

Before now, I did see an occasional BSOD (maybe 1 in 25 scans) and probably 2 0ut of 3 of those were the first scan after HMP did an update. In these cases, it never rendered my system unbootable.

Does Compatible Mode reduce the detection any?