Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.8 Build 208 BETA

    • IMPROVED: Keyboard handling in Kickstart boot menu. On some BIOSes a key press was not detected.
    • IMPROVED: Kickstart boot loader now auto continues after 10 seconds when no option was chosen.
    • IMPROVED: Small textual changes in Kickstart boot menu.
    • IMPROVED: SanDisk USB flash drive handling.
    • UPDATED: Kickstart 2.3.
    • UPDATED: Embedded white lists.
    Download
    http://www.surfright.com/downloads/beta

    Please let me know how this version runs on your computer :thumb:
     
  2. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    627
    Location:
    The Netherlands
    Hi Erik,

    HitmanPro 3.7.8 Build 208 BETA running without any problems here on Windows 8.1 x64.
     
  3. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,737
    False positives with the latest beta?

    Code:
    HitmanPro 3.7.8.208
    www.hitmanpro.com
    
       Computer name . . . . : XXXXXX
       Windows . . . . . . . : 5.1.3.2600.X86/4
       User name . . . . . . : xxxxxx\<MyName>
       License . . . . . . . : Paid (762 days left)
    
       Scan date . . . . . . : 2013-10-30 07:01:40
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 9m 6s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 2
       Traces  . . . . . . . : 4
    
       Objects scanned . . . : 2,015,890
       Files scanned . . . . : 40,927
       Remnants scanned  . . : 1,417,193 files / 557,770 keys
    
    Malware _____________________________________________________________________
    
       C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
          Size . . . . . . . : 1,856,092 bytes
          Age  . . . . . . . : 2.9 days (2013-10-27 08:42:48)
          Entropy  . . . . . : 8.0
          SHA-256  . . . . . : 10A54061920ED4794B5FCDB1D53CDFA1911FF67019C562B9D72ED817EC27DEC6
          Product  . . . . . : Process Hacker                                              
          Publisher  . . . . : wj32                                                        
          Description  . . . : Process Hacker Setup                                        
          Version  . . . . . : 2.31
          Copyright  . . . . : Copyright © 2010-2013, Process Hacker Team. Licensed under the GNU GPL, v3.                         
        > Kaspersky  . . . . : not-a-virus:RiskTool.Win64.PHack.b
          Fuzzy  . . . . . . : 102.0
          Forensic Cluster
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
              0.0s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\processhacker-2.31-setup.exe
    
       C:\$ISR\1\Program Files\Process Hacker 2\kprocesshacker.sys
          Size . . . . . . . : 26,624 bytes
          Age  . . . . . . . : 2.9 days (2013-10-27 08:49:13)
          Entropy  . . . . . : 6.1
          SHA-256  . . . . . : A3D65E0F04514F60ACAA70F934E3E888211301566415822E6326FA930A551BA1
          Product  . . . . . : KProcessHacker
          Publisher  . . . . : wj32
          Description  . . . : KProcessHacker
          Version  . . . . . : 2.6
          Copyright  . . . . : Licensed under the GNU GPL, v3.
        > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.PHack.d
          Fuzzy  . . . . . . : 94.0
          Forensic Cluster
             -4.1s C:\$ISR\1\Documents and Settings\<MyName>\Recent\ScreenShot_ProcessHacker_v2.31 _setup_05.gif.lnk
             -4.1s C:\$ISR\1\Documents and Settings\<MyName>\Recent\ScreenShot_ProcessHacker_v2.31 _setup_05.gif.lnk
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\unins000.exe
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.4s C:\$ISR\1\Program Files\Process Hacker 2\CHANGELOG.txt
             -0.3s C:\$ISR\1\Program Files\Process Hacker 2\COPYRIGHT.txt
             -0.3s C:\$ISR\1\Program Files\Process Hacker 2\LICENSE.txt
             -0.2s C:\$ISR\1\Program Files\Process Hacker 2\README.txt
             -0.1s C:\$ISR\1\Program Files\Process Hacker 2\ProcessHacker.exe
             -0.1s C:\$ISR\1\Program Files\Process Hacker 2\ProcessHacker.exe
              0.0s C:\$ISR\1\Program Files\Process Hacker 2\kprocesshacker.sys
              0.1s C:\$ISR\1\Program Files\Process Hacker 2\peview.exe
              0.2s C:\$ISR\1\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll
              0.3s C:\$ISR\1\Program Files\Process Hacker 2\plugins\ExtendedServices.dll
              0.3s C:\$ISR\1\Program Files\Process Hacker 2\plugins\NetworkTools.dll
              0.5s C:\$ISR\1\Program Files\Process Hacker 2\plugins\OnlineChecks.dll
              0.5s C:\$ISR\1\Program Files\Process Hacker 2\plugins\ToolStatus.dll
              0.6s C:\$ISR\1\Program Files\Process Hacker 2\plugins\Updater.dll
              0.7s C:\$ISR\1\Program Files\Process Hacker 2\plugins\UserNotes.dll
              0.8s C:\$ISR\1\Program Files\Process Hacker 2\plugins\WindowExplorer.dll
              0.9s C:\$ISR\1\Program Files\Process Hacker 2\uninstall.ico
              2.6s C:\$ISR\1\Documents and Settings\<MyName>\Desktop\Process Hacker 2.lnk
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
              2.6s C:\$ISR\1\System Volume Information\_restore{EAF808E9-A451-4F6F-ACB7-2EE5AF7CB4E6}\RP465\A0306407.exe
    
    
    Suspicious files ____________________________________________________________
    
       C:\unzipped\AVZ 4.41\avz.exe
          Size . . . . . . . : 776,704 bytes
          Age  . . . . . . . : 94.8 days (2013-07-27 11:37:21)
          Entropy  . . . . . : 7.8
          SHA-256  . . . . . : 11BC988AB2E090703880F7F4105BC7B86ADC9DB89DF4E9F99A548EDD25A74910
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 22.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
          References
             HKU\S-1-5-21-1417001333-2049760794-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\unzipped\AVZ 4.41\avz.exe
    
    
    
    
     
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Solved. Thanks!
     
  5. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.8 Build 208 RELEASED

    This version has an improved version of Kickstart to help remediate ransomed computers. See the below changelog for the improvements.

    kickstart23.png

    Changelog
    • IMPROVED: Keyboard handling in Kickstart boot menu. On some BIOSes a key press was not detected.
    • IMPROVED: Kickstart boot loader now auto continues after 10 seconds when no option was chosen.
    • IMPROVED: Small textual changes in Kickstart boot menu.
    • IMPROVED: SanDisk USB flash drive handling.
    • UPDATED: Kickstart 2.3.
    • UPDATED: Embedded white lists.
    Download
    http://www.hitmanpro.com/downloads
    http://get.hitmanpro.com

    Kickstart information
    We've updated our Kickstart information page with additional troubleshooting tips: http://www.hitmanpro.com/kickstart

    If you had problems with previous versions of Kickstart, please update your Kickstart USB flash drive to the latest version by clicking on the Kickstart icon on the bottom of the welcome dialog of the HitmanPro application.

    Lastly, the Sidekick ISO's have also been updated to version 2.3.

    Thank you all for testing! :thumb:
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    Hi Erik,

    Could this be a FP?
     

    Attached Files:

  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    What is the SHA-256?
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,749
    Location:
    EU
    f5ed42a50d845c5ab3981ae43d32836c8754e9b86873df38460d6308ca85e9d5
     
  9. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,170
    Any plans on offering a KickStart iso that doesn't require a dedicated usb flash?

    I have a recovery flash with a lot of bootable iso files that I can select for booting depending on the problem. For example, Windows Offline Defender, Win7PE, DaRT, Hard Disk Manager, etc. I would love to add Kickstart to the selection, but I can't.

    I tried to create an iso from the KickStart usb, and it boots, but I can't get HMP to start after KicStart boots the selected OS. I assume there is some hidden code on the KickStart created flash that doesn't run if you try it using an iso image of the flash.

    Why the requirement for a dedicated flash drive to use KickStart?

    Al
     
  10. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    Does sitecom cloud security router allow change of dns to opendns or norton dns?
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    There is also a Sidekick.ISO file that you can use if your computer doesn't allow to boot from USB (old systems). You can use that ISO. You still need an USB drive though with Kickstarter.exe and HitmanPro executables.

    Kickstart 2.3 relaxes the restriction where the above executables need to be on USB drive. You can put it on any fixed drive as well.

    The choice for USB flash drive is for end-user convenience. Non-tech savvy people (99% of the world) know how to handle an USB and HitmanPro allows to turn any existing USB flash drive into Kickstart stick very easily.

    The Sidekick files are in the block area on our Kickstart site on the right: http://www.surfright.nl/kickstart

    Sidekick Manual: http://dl.surfright.nl/Sidekick-User-Manual.pdf
    RAR compressed: http://dl.surfright.nl/Sidekick-ISO.rar
    Self-extracting ISO: http://dl.surfright.nl/Sidekick-ISO.exe

    Hope this helps.
     
    Last edited: Nov 3, 2013
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    548
    Location:
    Hengelo
    Yes, you can. But only if your ISP (or upstream router) allows a static IP address. Simply open the web interface of the router (usually on 192.168.0.1).

    First write down your current connection details: IP address, Subnet mask, Default gateway and Primary DNS; you can find these on the Status / IPv4 Status tab.

    Now, go to Internet Settings and change the Login Method on the IPv4 Settings tab.

    Change the Login Method to Static IP Address en enter the details you wrote down in the first step. Instead of entering the Primary DNS you wrote down, enter the DNS from OpenDNS or Norton DNS.

    Click Apply. Done.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    Does HitmanPro Scheduler / hmpsched.exe need read access to memory of other processes? I always get a lot of blocked events in AppGuard about hmpsched.exe trying to read memory of Media Player Classic HC.
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    That is odd. The scheduler doesn't do anything but wait for the timer to elapse. Only when it elapses it creates a new process in the physical (console) session (the one receiving keyboard input).
     
  15. volvic

    volvic Registered Member

    Joined:
    Aug 17, 2009
    Posts:
    220
    does it support parental controls?

    (netgear supports opendns even on non-static dns)

    what is cost of sitecom cloud security sub?

    do i still need hitman pro or av?
     
    Last edited: Nov 4, 2013
  16. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    Idd indeed. Btw I have set HMP to scan weekly and that works fine.
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    548
    Location:
    Hengelo
    Please watch this video http://www.youtube.com/watch?v=NCSzqBebcSA and read this page for more information: http://www.sitecom.com/en/advice-scs/325

    To keep this thread about the HitmanPro anti-malware tool, I would like to ask you to post questions about HitmanPro.UTM (aka Sitecom Cloud Security) in this thread: https://www.wilderssecurity.com/showthread.php?t=331472
     
  18. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,583
    I fully agree with you, Mark.

    Please post your questions and remarks about HitmanPro.UTM (aka Sitecom Cloud Security) in that thread. Please! ;)
     
  19. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,170
    I think you mentioned this before which did not help me at the time. My computer allows booting from USB. As I said, I have an AIO usb flash that I use for booting various iso files (with grub). I also had the kickstart iso booting from that flash and had also copied the exe and hmp executables to the same flash, but that previously did not work. Are you now saying this will work so that I can keep all my apps, kickstart iso and hmp executables on my AIO flash USB?

    Putting the files on a fixed disk is not an option if the problem is on another PC.

    Al
     
    Last edited: Nov 5, 2013
  20. J-Mac

    J-Mac Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    99
    My wife's computer, Windows 7 Home Premium, is infected with "Antivirus Security Pro". Won't let me do anything at all - it intercepts all attempts to open any programs, etc.

    I downloaded the latest version of Hitman Pro +Kickstarter, 3.7.8.208, and installed it on a USB flash drive. Booted up her computer into HMP, followed all instructions, and started it scanning. However it gets to "Classifying (100%)..." and then just keeps its clock ticking. Right now it has been 1 hour 14 minutes and counting. All that shows as far as found files are two Evernote files (which should actually be there!), and that's it. Nothing else and the scans never do finish.

    This is the fifth time running it with the same result. I cannot access anything else on the computer while HMP is running - it takes up the entire screen. And if I boot into Windows normally the malware won't let me touch any other files. Booting into Safe mode fails - the computer just restarts.

    Any help available?

    Thank you.

    Jim
     
  21. MerleOne

    MerleOne Registered Member

    Joined:
    Mar 6, 2006
    Posts:
    1,325
    Location:
    France
    you may have to try other emergency tools such as the one from Emsisoft. Actually, every antivirus/malware publisher has its own tool, eventually you'll find one that works. Also, they googling for "Antivirus Security Pro" and "removing", you may find a "manual" solution consisting in booting in safe mode, performing some registry edition.

    That's what I would do (and also post on Wilders...).
     
  22. J-Mac

    J-Mac Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    99
    Thanks Merle.

    I'll take a look at the Emisoft tool first.

    BTW, I already spent a good amount of time searching the subject, which is how I found this thread. While there are many published solutions to be found, most are based on being able to at least boot into Safe mode. My daughter (adult daughter living away from here) had this or a very similar infection last year. I went there with a couple of USB drives filled with security tools and had her clean in a very short time. But her machine was able to boot into safe mode and thus fairly easy to clean. My wife's infection is a much bigger PITA.

    Thanks again, and I will post back to let you know how I fare.

    Jim

    PS - Don’t I know you from the DC boards?
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,278
    Location:
    Outer space
    I don't know how locked down your windows is when booting normally, but if you start HitmanPro while holding the CTRL button down, it will terminate all unnecessary processes, often successfully the malware as well. (If you use Vista or higher keep CTRL held down until you've clicked yes to the UAC prompt.)
    In situations like this I would also advice scanning with those bootable AV CD's, so you don't have to worry about malware blocking it.
     
  24. MerleOne

    MerleOne Registered Member

    Joined:
    Mar 6, 2006
    Posts:
    1,325
    Location:
    France
    Yes, I do visit the DC board from time to time...
     
  25. J-Mac

    J-Mac Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    99
    OK, looks a lot better now.

    I dug into HMP's settings and tried changing from Direct Disk to Compatible. Rebooted into the HMP USB drive and this time it actually got through the scan. Found a handful of tracking cookies plus one "Suspicious" file and one Trojan. Got rid of both of those and I was able to get back into Windows 7 without interference.

    I ran Malwarebytes and a Norton AV scan - Norton said it was clean but Malwarebytes found a bunch of remnants and a leftover registry key from the Antivirus Security Pro. I ran Full scans on both MWB and NAV and they both show clean.

    I only have the standard.free Malwarebytes on her machine (Lifetime Pro license on mine - think I'll have to spring for the same on her PC).

    Especially irritating is that Norton AV 2013 is installed, updated, and running in the background on her PC - and it never uttered a peep. Maybe I am expecting too much but this infection isn't even referenced on the Norton or Symantec web sites. (Searching Norton Support for "Antivirus Security Pro" gets zero results). And the Norton forum was of no help whatsoever. Two licenses expire in early January. I won't be renewing them.

    Thanks all!

    Jim
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.