Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. I have a minimal windows installation (just office) and run early warning mode. Sometimes installer files (windows update) do increase scanning time because their are a lot of new arrivals (Windows update). Yesterday (after windows update) it took 35 secs, now 28 secs on an old dual core (E5200@3GHz) with sata-2 SSD (with 140MB/s write 180MB/s read speed)
     

    Attached Files:

  2. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,861
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 4 Files and whitelisted

    Properties
    Name FntCache.dll
    Location C:\Windows\system32
    Size 780 KB
    Time 0.1 days ago (2013-10-11 16:37:33)
    Entropy 6.3
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description Windows Font Cache Service
    Version 7.0.6002.23200
    Copyright © Microsoft Corporation. All rights reserved.
    Service FontCache
    SHA-256 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D

    Scoring (11.0)
    Starts automatically as a service during system bootup.
    Program starts automatically without user intervention.
    Time indicates that the file appeared recently on this computer.
    The file is in use by one or more active processes.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\FontCache\

    Properties
    Name usbehci.sys
    Location C:\Windows\system32\DRIVERS
    Size 39.0 KB
    Time 0.1 days ago (2013-10-11 16:37:14)
    Entropy 6.2
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description EHCI eUSB Miniport Driver
    Version 6.0.6002.18465
    Copyright © Microsoft Corporation. All rights reserved.
    Service usbehci
    SHA-256 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14

    Scoring (7.0)
    Starts automatically as a service during system bootup.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\usbehci\

    Properties
    Name usbhub.sys
    Location C:\Windows\system32\DRIVERS
    Size 193 KB
    Time 0.1 days ago (2013-10-11 16:37:14)
    Entropy 6.4
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description Default Hub Driver for USB
    Version 6.0.6002.18875
    Copyright © Microsoft Corporation. All rights reserved.
    Service usbhub
    SHA-256 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4

    Scoring (7.0)
    Starts automatically as a service during system bootup.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\usbhub\

    Properties
    Name usbccgp.sys
    Location C:\Windows\system32\DRIVERS
    Size 71.5 KB
    Time 0.1 days ago (2013-10-11 16:37:14)
    Entropy 6.6
    Product Microsoft® Windows® Operating System
    Publisher Microsoft Corporation
    Description USB Common Class Generic Parent Driver
    Version 6.0.6002.18875
    Copyright © Microsoft Corporation. All rights reserved.
    Service usbccgp
    SHA-256 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F

    Scoring (7.0)
    Starts automatically as a service during system bootup.
    Time indicates that the file appeared recently on this computer.
    The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
    The file is a device driver. Device drivers run as trusted (highly privileged) code.
    The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

    Startup
    HKLM\SYSTEM\CurrentControlSet\Services\usbccgp\
     
  3. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    467
    Location:
    italy
    Hi, erik/Mark:

    what about 8.1 support?
     
  4. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,861
    Location:
    Germany
    Hi Erik and Hi Mark

    Can you check the 2 Files and whitelisted

    Properties
    Name opr06DNK.tmp
    Location C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015
    Size 3.3 MB
    Time 0.1 days ago (2013-10-11 17:21:16)
    Entropy 8.0
    SHA-256 997C1446142F6296908179705982FCB1E307A0D83C8ABB746DCE604B54C17EB1

    Scoring (22.0)
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    The file name extension of this program is not common.
    Authors name is missing in version info. This is not common to most programs.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    Time indicates that the file appeared recently on this computer.
    Program contains PE structure anomalies. This is not typical for most programs.

    Forensic Cluster
    * C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015\opr06DNK.tmp
    11.1s C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015\opr06DO1.tmp

    Properties
    Name opr06DO1.tmp
    Location C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015
    Size 3.7 MB
    Time 0.1 days ago (2013-10-11 17:21:27)
    Entropy 8.0
    SHA-256 81AB495A62174068C46EB5E44D2352C59A40C53F4AF05C1FCDCCFF3CFCCEA078

    Scoring (22.0)
    Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
    The file name extension of this program is not common.
    Authors name is missing in version info. This is not common to most programs.
    Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    Time indicates that the file appeared recently on this computer.
    Program contains PE structure anomalies. This is not typical for most programs.

    Forensic Cluster
    -11.1s C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015\opr06DNK.tmp
    * C:\Users\Alexander Robrecht\AppData\Local\Opera\Opera\cache\g_0015\opr06DO1.tmp
     
  5. tomdy2k

    tomdy2k Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Good back up for my new WSA?

    should i buy? it and Malware bytes found a bunch of old spy ware bits and cookies that WSA missed.:)
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,890
    Location:
    Canada
    are they left overs?:D
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,481
    If you can pay it, why not?
    Its one of the best AM out there. :D
     
  8. tomdy2k

    tomdy2k Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    174
    Thank you.
     
  9. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,974
    Location:
    Parallel Universe
    Always.:thumb:

    I say go for it. And you got first hand experience of how good it works.;)
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.8 Build 206 BETA

    Changelog
    • FIXED: Kickstart now recognizes all 'SanDisk Cruzer' USB flash drives as removable drives; new SanDisk Cruzer USB-sticks have their fixed disk bit set instead of removable drive.
    • FIXED: A problem related to outputting number of detected files and traces
    • FIXED: Detection of Sophos SafeGuard MBR boot loader.
    • IMPROVED: Forensics-based universal detection of the Sinowal/Torpig Trojan.
    Download
    http://www.surfright.nl/downloads/beta

    Please let me know how this version runs your computer :thumb:
     
  11. nsm0220

    nsm0220 Registered Member

    Joined:
    Aug 30, 2013
    Posts:
    138
    Location:
    USA
    lets see here 1.G Data and Ikarus still here checked 2.with kis checked 3.kis fps going up not checked 4.Ikarus fps going down checked 5. behavior blocker not checked needs more work.
     
  12. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    516
    Location:
    The Netherlands
    Hi Erik,

    HitmanPro 3.7.8 Build 206 BETA running great on Windows 8.1 64bit.
    Got a warning from Avast 2014 RC3's hardenings mode.
    After allowing HitmanPro to run I got 2 false positives about Avast.
    See my screenshot.
     

    Attached Files:

  13. fmon

    fmon Registered Member

    Joined:
    May 5, 2013
    Posts:
    1,232
    Avast is a fake AV, I knew that all the time. :D
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Fixed. Our remnants are stored in the cloud so this can be addresses instant. I wonder though why Avast choose to do something with Image Execution Options. Fake AV's usually piggy back on legit AV programs via this key; HitmanPro therefore is listing the entry. I will install myself to see that Avast 2014 writes in that key.

    Thanks for reporting :thumb:
     
  15. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    516
    Location:
    The Netherlands
    Thanks for the great support on a rainy sunday here in The Netherlands.:thumb:
    Malwarebytes Anti-Malware had the same detection and also solved it for me:
    https://forums.malwarebytes.org/index.php?showtopic=134539
     
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,014
    Location:
    Outer space
    Running fine on Win7 x64 & x86 :)

    Rainy indeed :D
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,540
    Just finished a scan with the latest beta...

    Code:
    HitmanPro 3.7.8.206
    www.hitmanpro.com
    
       Computer name . . . . :  xxxxxxxxxxxx
       Windows . . . . . . . : 5.1.3.2600.X86/4
       User name . . . . . . :  xxxxxxxxxxxx
       License . . . . . . . : Paid (778 days left)
    
       Scan date . . . . . . : 2013-10-14 07:42:13
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 8m 2s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 8
    
       Objects scanned . . . : 2,032,226
       Files scanned . . . . : 40,005
       Remnants scanned  . . : 1,417,335 files / 574,886 keys
    
    Suspicious files ____________________________________________________________
    
       C:\Program Files\Sygate\SPF\smc.exe
          Size . . . . . . . : 2,532,576 bytes
          Age  . . . . . . . : 651.2 days (2012-01-02 01:49:56)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 2F8823D5339BCBE5F8C198FC0619E555462BBB298ECDFFB9889584D9276E9814
          Product  . . . . . : Sygate® Security Agent and Personal Firewall
          Publisher  . . . . : Sygate Technologies, Inc.
          Description  . . . : Sygate Agent Firewall
          Version  . . . . . : 5.5.00.2710
          Copyright  . . . . : Copyright ©  1999 - 2004 Sygate Technologies, Inc. All rights reserved.
          RSA Key Size . . . : 1024
          Service  . . . . . : SmcService
          Parent Name  . . . : C:\WINDOWS\system32\services.exe
          Authenticode . . . : Valid
          Running processes  : 1964
          Fuzzy  . . . . . . : 10.0
             This file's reboot survivability is vigorously protected. This is typical to malware.
             Uses the Windows Registry to run each time the user logs on.
             Program starts automatically without user intervention.
             The file is in use by one or more active processes.
             Starts automatically as a service during system bootup.
             Program is code signed with a valid Authenticode certificate.
             The file appears to be part of an installation package or setup program. This is typical for most programs.
          Startup
             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SmcService
             HKLM\SYSTEM\CurrentControlSet\Services\SmcService\
          References
             C:\Documents and Settings\All Users\Start Menu\Programs\Sygate Personal Firewall\Sygate Personal Firewall.lnk
             HKU\S-1-5-21-1417001333-2049760794-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Sygate\SPF\smc.exe
             HKU\S-1-5-21-1417001333-2049760794-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\PROGRA~1\Sygate\SPF\smc.exe
    
    
    
    
     
  18. lucien_phoenix

    lucien_phoenix Registered Member

    Joined:
    Oct 20, 2012
    Posts:
    130
    Location:
    Germany
    The new Beta runs fine so far,but i guess i have a False Postive

    please can you white list it.Hope i do it right.

    https://www.virustotal.com/de/file/adaff0b3ccf52c7625351e0e1863a9f77896de4657503145bcefc5c20aea9568/analysis/

    With Hitman Pro 3.7.7. - Build 205 this Casual 3 Match Game seems to be
    ok,MalwareBytes Pro and Bidefender Antivirus Plus 2014 says no Problem.



    Code:
    HitmanPro 3.7.8.206
    www.hitmanpro.com
    
       Computer name . . . . : xxxxxxxxxxxxxxx
       Windows . . . . . . . : 6.1.1.7601.X86/4
       User name . . . . . . : xxxxxxxxxxxxxxxxx
       UAC . . . . . . . . . : Disabled
       License . . . . . . . : Paid (218 days left)
    
       Scan date . . . . . . : 2013-10-14 12:25:00
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 3m 29s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 2
    
       Objects scanned . . . : 1.042.500
       Files scanned . . . . : 15.389
       Remnants scanned  . . : 416.317 files / 610.794 keys
    
    Malware _____________________________________________________________________
    
       C:\Program Files\Spooky Bonus deutsch\SpookyBonus.exe
          Size . . . . . . . : 2.555.904 bytes
          Age  . . . . . . . : 3.0 days (2013-10-11 11:39:07)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : ADAFF0B3CCF52C7625351E0E1863A9F77896DE4657503145BCEFC5C20AEA9568
        > Ikarus . . . . . . : Trojan.Crypt!IK
          Fuzzy  . . . . . . : 117.0
          References
             C:\Users\Lucien Phoenix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SpookyBonus.exe.lnk
    
    
    
    
     
    Last edited: Oct 14, 2013
  19. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Whitelisted. Thanks :thumb:
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Fixed. Thanks! :thumb:
     
  21. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    571
    Location:
    Bosnia
    Just updated to 207.
     
  22. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    No issues with .207 (W7/64 Ult.)
     
  23. SIR****TMG

    SIR****TMG Registered Member

    Joined:
    May 31, 2004
    Posts:
    811
    Ran new build on windows 7 64 bit and vista 32 bit no problems.....:D
     
  24. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    869
    Location:
    2500'
    Everything good with XP Pro SP3 as well.
     
  25. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,094
    Location:
    Germany
    New build running fine on Windows 8 Pro x64.
     
Loading...