Hitman Pro Support and Discussion Thread

You mean that HitmanPro installed ASK.com and Babylon toolbars?!?
If so, where did you download HitmanPro?

 

It was not Hitman.

Hitman is still at 58% 23m 53s, still scanning the System32 directory. I'm confused why system interrupts are so high, assuming, if that's still the case.

 

My guess is that your harddrive is running in PIO mode?

 

Most of the times high CPU usage by interrupts is due to faulty/modified drivers.

Try what shadek said, boot into Windows as you normally do (no safe mode) and then try to run HMP with Brute Force.

I think what he meant is that he wants to use HitmanPro to get rid of ask.com and babylon adware

 

USB DVD SLIMDRIVE was causing the hangs, disconnected and everything OK.

 

When will Hitman Pro once again run with 5 AV checkers

 

HitmanPro 3.7.5 Build 200 Beta
http://www.surfright.nl/en/downloads/beta
Build 200 (2013-05-29)
• IMPROVED: Detection of zero-day ransomware through forensic clustering.
• IMPROVED: Java exploit drive-by-download detection through forensic clustering.

 

Uninstalled.

 

why --------------------------------------------------------------------------------

Uninstalled

 

Crash 197,199,200 beta:

https://www.wilderssecurity.com/showpost.php?p=2233106&postcount=5350

 

HitmanPro 3.7.5 Build 200 Beta - All fine here

 

C:\Dokumente und Einstellungen\Steffen\Lokale Einstellungen\Anwendungsdaten\PunkBuster\COD4\pb\PnkBstrK.sys
Size . . . . . . . : 139.448 bytes
Age . . . . . . . : 505.1 days (2012-01-11 20:25:15)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 12C5AD34F550D47E3EB507733C21EE5B111B153F5F638D366DB6CD2BFB94F4A3
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\Dokumente und Einstellungen\Steffen\Lokale Einstellungen\Anwendungsdaten\PunkBuster\WAW\pb\PnkBstrK.sys
Size . . . . . . . : 139.488 bytes
Age . . . . . . . : 505.0 days (2012-01-11 21:48:0
Entropy . . . . . : 7.7
SHA-256 . . . . . : B521667C371DC46F5CFA81730F2A29091C32BCA2699B6321C79A097068DEF160
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.

C:\WINDOWS\system32\drivers\PnkBstrK.sys
Size . . . . . . . : 139.448 bytes
Age . . . . . . . : 505.1 days (2012-01-11 20:25:15)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 12C5AD34F550D47E3EB507733C21EE5B111B153F5F638D366DB6CD2BFB94F4A3
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 26.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common
to system tools, drivers and hacking utilities.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.


Cookies _____________________________________________________________________

 

Latest engines incorporated are?

 

Afaik the engines used at the moment > Bitdefender, Emsisoft, G-Data, IKARUS,

 

So BitDefender x3, Ikarus plus some secondary scanners?

 

AFAIK G-Data uses Bitdefender + Avast! (or AVG). However, It's been a long time since I used it.

 

Can we have a remote look why it crashes on your system via QuickSupport? Please send me PM.

 

GData 2013 uses BD & avast.
GData 2014 uses BD & in-house engine (similar to EAM).

 

I just got a ransomware virus and I tried using Hitman Pro to get rid of it (already tried the safe mode methods, but my computer would automatically restart if i attempted to log in through safe mode). Once I chose to boot via the HitmanPro USB, instead of leading me to the blue Windows/welcome screen, it said "Windows is loading files...", then a startup repair window trying to repair my computer, followed by "Windows cannot repair this computer automatically". The only other option besides closing the window (which causes my computer to restart and continue this cycle) is to view diagnostic details and to view advanced options for system recovery.

The options listed are:

​

Startup Repair

​

System Restore

​

System Image Recovery

​

Windows Memory Diagnostic

​

Command Prompt

​

Lenovo Product Recovery


Since that wasn't difficult for me enough, in an attempt to figure this out, I had a bunch of tabs open and didn't realize I was looking at a completely different tab I had open and I read instructions from a different source with probably a solution to a completely different problem. I ended up typing this in the command prompt

1) X:\Sources> Bcdedit /export C:\BCD_Backup
2) X:\Sources> C:
3) C:\ cd boot
4) C:\ boot\ attrib bcd -s -h –r
5) C:\ boot\ ren bcd bcd.old
6) C:\boot\Bootrec /rebuildbcd

Now when I attempt to boot with the HitmanPro USB I get Windows Boot Manager telling me

"A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

If you have a Windows installation disc, insert the disc and restart your computer. Click "Repair your computer," and then choose a recovery tool.

Otherwise, to start Windows so you can investigate further, press the ENTER key to display the boot menu, press F8 for Advanced Boot Options, and select Last Known Good. If you understand why the digital signature cannot be verified and want to start Windows without this file, temporarily diable driver signature enforcement.

File: \Windows\system32\winload.exe
Status: 0xc0000428
Info: Windows cannot verify the digital signature for this file"

When I press enter to continue, it just says:
"Choose an operating system to start:
(Use the arrow keys to highlight your choice, then press ENTER.)

​

Windows 7 Professional

To specify an advanced option for this choice, press F8."

If I press enter again (or F8 ), it brings me back to the previous screen, i.e. an infinite loop.

 

You might want to get a copy Hiren Boot CD and see if you can reload your Bootloader. You could also get a couple of Rescue Disk, kaspersky or Dr web make some good ones. Other than that you can try and do a recovery image from your HD. Just make sure you use Hiren boot CD and get everything off that you need before recovering the image.

 

Oh, I also used Windows Defender Offline though booting by USB and it worked fine (though it didn't actually remove the virus), not sure if that makes any difference. Are there any other options to booth through a USB as opposed to a CD? I can use a CD if necessary, but it's more convenient for me to use a USB (I have to add a separate attachment to use CDs on my laptop and the last time I had to put something on CDs to recover my computer I ended up having to use 12 CDs)

 

HitmanPro 3.7.6 Build 201 BETA

Last week, in Build 198 BETA, we introduced the repair of Symbolic Links on Windows Defender and Microsoft Security Essentials. This new build improves the repair by also including sub folders, corresponding Winsxs files and resetting the ACL security on the files.

In addition, we fixed an unexpected termination of HitmanPro that occurs on some computers during the Remnant Scan (at the end of a scan).



Changelog

• ADDED: Repair for NTFS Symbolic Links placed by ZeroAccess on Windows Defender and Microsoft Security Essentials. Now repairs folders and corresponding files in Winsxs folders as well. In addition, ACL security is reset.
• FIXED: Unexpected termination of HitmanPro during remnant scan on computers with FAT32 system volume.
• IMPROVED: Detection of zero-day ransomware through forensic clustering.
• IMPROVED: Java exploit drive-by-download detection through forensic clustering.

Download
http://www.surfright.nl/downloads/beta

Please let us know how this version runs on your computer

 

Ran build 201 and no problems, scans were a bit slower. First over four minutes and the second just over three minutes on Windows 7 HP SP1 x86.

 

WOW !!!!

OS XP Home SP3

Hi Erik, 201 beta is OK !!!

Congratulations.

 

Hitman Pro 201 beta on Windows 7 32 Bit Sp1
runs fine.Scan Speed the same as before.