Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    266
    How do you arrive at that number? From the GUI it indicates AV 3 engines. :)
     
  2. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    because they use G Data and Ikarus
     
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    Only old detections. New files are scanned with Kaspersky, Bitdefender and Emsisoft.
     
  4. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,853
    Oh wow, I wasn't aware they had added Kaspersky! I'd say BD, Kaspersky, and EAM is more than enough. Those are 3 of the top-performing AVs in terms of detection.
     
  5. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    but you see ever since EAM got BD as an av engine they became more lazy with detection when its come to their own av engine. trust me i had see their detection rate like a football team that was good but then got lazy you can thank hitman pro and vt for the data
     
  6. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    How you can know this, in emsisoft dublicate detections are deaktivated, so you see more often bd detections, this does not mean emsi would not be able to detect this malware.
     
  7. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    As far as I recollect the Emsisoft engine in EAM is not designed to work on its own but to complement the Bitdefender engine. Hence all signatures, which are already included in Bitdefender, are considered redundant and are removed.

    But as a professional reviewer, you don't have to know that...
     
  8. markusg

    markusg Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    248
    @FleischmannTV
    same i wanted to say :)
    and Emsis engine has a, i personaly think high detection rate of adware.
     
  9. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    @markusg

    Sorry, I must have overseen your posting as I was writing mine.
     
  10. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,377
    Location:
    Germany
    Hi Erik and Hi Mark

    Here is another one File for whitelist for you

    I have send the File via the right click as a False Positive

    Properties
    Name NPSWF32_11_8_800_168.dll
    Location C:\Windows\system32\Macromed\Flash
    Size 15.4 MB
    Time 0.1 days ago (2013-09-10 12:46:50)
    Authenticode Valid
    Entropy 7.0
    RSA Key Size 2048
    SHA-256 958BC3755C9225B3E9AA75578750A13BF58DD469240A8BD8C3402A5AEDABAECA

    Scoring (6.0)
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    Authors name is missing in version info. This is not common to most programs.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    Program is code signed with a valid Authenticode certificate.

    Startup
    HKLM\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer\

    References
    C:\Windows\system32\Macromed\Flash\flashplayer.xpt
     

    Attached Files:

  11. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,377
    Location:
    Germany
    Hi Erik and Hi Mark

    Here are another some Files for whitelist for you

    I have send the File via the right click as a False Positive

    Properties
    Name ieframe.dll
    Location C:\Windows\System32
    Size 10.6 MB
    Time 0.9 days ago (2013-09-10 19:20:54)
    Entropy 6.4
    Product Windows® Internet Explorer
    Publisher Microsoft Corporation
    Description Internet Explorer
    Version 8.00.6001.19458
    Copyright © Microsoft Corporation. All rights reserved.
    SHA-256 93C9B02E9327BB9556002E626489E0E08B6A5322070F4913F7223D8EF1BEA09F

    Scoring (8.0)
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is in use by one or more active processes.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
    HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

    References
    HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
    HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

    Properties
    Name ie4uinit.exe
    Location C:\Windows\system32
    Size 170 KB
    Time 0.9 days ago (2013-09-10 19:20:53)
    Entropy 7.3
    Product Windows® Internet Explorer
    Publisher Microsoft Corporation
    Description IE Per-User Initialization Utility
    Version 8.00.6001.19458
    Copyright © Microsoft Corporation. All rights reserved.
    SHA-256 59F78D3957B64B148DB7332BEAF6661536A638B5463CC01D42D6C5C906029A14

    Scoring (11.0)
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

    Properties
    Name iedkcs32.dll
    Location C:\Windows\System32
    Size 379 KB
    Time 0.9 days ago (2013-09-10 19:20:53)
    Entropy 6.0
    Product Windows® Internet Explorer
    Publisher Microsoft Corporation
    Description IEAK branding
    Version 18.00.6001.19458
    Copyright © Microsoft Corporation. All rights reserved.
    SHA-256 40357EA977D32F13EB9239D52CB9BC71EAA00A10EAB4CC063667A5CE8AB705B5

    Scoring (6.0)
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\

    Properties
    Name themeui.dll
    Location C:\Windows\system32
    Size 602 KB
    Time 0.9 days ago (2013-09-10 19:20:50)
    Entropy 6.2
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description Windows Theme API
    Version 6.0.6002.18888
    Copyright © Microsoft Corporation. All rights reserved.
    SHA-256 C1ACC264F7542464C5B6B80D3D9EAB82AF21BA624B1746DF98142D8D4C383C64

    Scoring (6.0)
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\
     

    Attached Files:

  12. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    My HitmanPro found Gen.Win32.FileInfector!IK in my Windows Temp file this morning on my daily scan. Looked to have picked up this morning (I do not visit risky sites-so unsure how). Anyway, can anyone tell me anything about it? Hitman Pro did delete it-doing other scans as I type.
    Thanks,
     
    Last edited by a moderator: Sep 14, 2013
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    If it's only in the temporary folder, it could be one of the bundled software you've deselected. At least that's the case for me.
     
  14. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    as long its not in memory then you are fine you can always get rid of it using something like cclearer
     
  15. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    It was in C:\Windows\Temp\TMP00000008604C...etc. Hitman Pro cleaned it and it's been deleted, No other scans (Hitman or others) show anything, so I guess I am good.

    Sorry, I am not the brightest bulb in the IT marque:doubt:
     
    Last edited: Sep 15, 2013
  16. User request

    Option to specify folder location of log files in configuration/setup (instellingen)
     
  17. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Hi All, Just want to get on the thread, as I install HMP. :)
     
  18. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I installed Hitman Pro. I see it's an annual renewal, so can anyone tell me if a renewal is cheaper than the original cost? Thanks in advance. :)
     
  19. i30krab

    i30krab Registered Member

    Joined:
    Sep 20, 2013
    Posts:
    1
    Location:
    USA
    Re: Hitman Pro Support and Discussion Thread (using Hitman pro)

    Hi, I am a new member of this forum. Would someone please help me!
    I am using Microsoft Windows XP Professional
    Operating System Version 5.1.2600


    Originally I installed the software and it became corrupted and slowed down my computer. Also the software intereferred with micrsoft security essentials Then I had to create a system restore point and back up file just to be able to remove it from my computer. I would like to reinstall Hitman pro and activate it only when I wish to scan.
    Thank you!
     
  20. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,051
    Location:
    United Surveillance States
    Someone please correct me if I'm wrong, but my understanding is that HitmanPro is only active during a scan. It adds the driver before and deletes it after scanning. It doesn't have a resident component.
     
  21. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    69,532
    Location:
    U.S.A.
    Re: Hitman Pro Support and Discussion Thread (using Hitman pro)

    i30krab, first, welcome to Wilders!

    Hitman Pro offers unlimited free scanning, and free 30-day version to remove detected malware. In their HitmanPro 3 page, they state:
    Unless the corruption was caused by malware, you should be able to re-install it, and use its scanning feature for FREE, as many times as you want.
     
  22. Malwar

    Malwar Registered Member

    Joined:
    May 5, 2013
    Posts:
    297
    Location:
    USA
    I got a suggestion. Maybe take out Ikarus or Gdata engines or both and add malwarebytes or webroot or both. If you can try to I am not saying you should thanks, Malwar :) :cool:
     
  23. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I believe their current partners (Kaspersky, Bitdefender and Emsisoft) is sufficient.

    Malwarebytes would be a great partner as they target other malicious content than the mainstream vendors... that is Emsisoft's strategy too, so I dare to say the three above partners is enough.
     
  24. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    webroot is not good at zero day malware Ikarus world had beat it if in a zero day malware detection test
     
  25. boombastik

    boombastik Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    265
    Location:
    Greece
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.