Hitman Pro Support and Discussion Thread

If you scan again, the classification of above is the same?

 

erikloman,i have sent log files to your email.Please confirm whether it was a false positive or infection.

 

No, not unless they vastly improve on the false positives.

 

It's ok now...thanks Eric.

 

I think it is a false positive. What version of Rollback RX are you using?

 

I am using Rollback Rx 10.2 Build 2698745870 on Windows 8.1 Pro with WMC 64-bit.

 

Hi Erik

Can you check the 2 Files please and whitelist it

Properties
Name ieframe.dll
Location C:\Windows\System32
Size 10.6 MB
Time 10.1 days ago (2013-12-13 16:19:15)
Entropy 6.4
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description Internet Explorer
Version 8.00.6001.19489
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 C886B6F9BF24CA49F83720EAA4ECECA982DC3106BC785E86CFF593DDE20DFA8B

Scoring (7.0)
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}

References
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\
HKU\S-1-5-21-911542882-2029379874-2294310465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\

SHA256: c886b6f9bf24ca49f83720eaa4ececa982dc3106bc785e86cff593dde20dfa8b
Dateiname: ieframe.dll
Erkennungsrate: 0 / 49
Analyse-Datum: 2013-12-23 17:41:00 UTC ( vor 0 Minuten )



Properties
Name ie4uinit.exe
Location C:\Windows\system32
Size 170 KB
Time 10.1 days ago (2013-12-13 16:19:14)
Entropy 7.3
Product Windows® Internet Explorer
Publisher Microsoft Corporation
Description IE Per-User Initialization Utility
Version 8.00.6001.19489
Copyright © Microsoft Corporation. All rights reserved.
SHA-256 961C74CA8377C776F90C5CC135589490A6523FBA763A39CA3BA7982A9475218F

Scoring (10.0)
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.

Startup
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\

SHA256: 961c74ca8377c776f90c5cc135589490a6523fba763a39ca3ba7982a9475218f
Dateiname: ie4uinit.exe
Erkennungsrate: 0 / 49
Analyse-Datum: 2013-12-23 17:45:58 UTC ( vor 0 Minuten )

 

I ran a scan earlier this morning, and got this odd result...

...

 

they are improving on the detection rate of false positives

 

The only noteworthy false positive I had was with Samsung Kies. HitmanPro always flagged its registry keys like secman.DLL

 

I have it under control...

 

See also post #29 here:
https://www.wilderssecurity.com/showthread.php?t=357569

 

Seems like they need to.

 

And HMP is supposed to be a bloatware scanner? I've posted this issue before, and it was temporarily fixed, but not anymore. Don't really care anyhow, as I've uninstalled Kies for the umpteenth time without issues.

 

You can only get these results when other software is actually interfering with the auto run entries. What other security software do you have on your machine? You can also PM me the list to keep it personal.

 

Hitman Pro Doesn't Catch Tracking Cookies!

I've tried searching for an answer here and on the web, but can't find anything related. Please forgive me if this has been already covered.

I'm using the paid version of Hitman Pro, and have been using it in tandem w/ SuperAntiSpyware (free version) to clear tracking cookies (adware) on a regular basis. (Some always get by one, but are caught by the other.)

Suddenly Hitman Pro will not catch cookies in any browser except IE (which I only use to check website builds for compatibility.)

My primary browser is Firefox, and I now get zero hits w/ FF cookies. Same result w/ Chrome, Opera and Safari. It seems to be behaving as usual w/ IE cookies, though, if I open IE and click around to a few websites.

I just completed installing a second SSD and moving all my data files (documents, pictures, etc.) to it. (Boot SSD was almost full.) W7 64 bit, all applications, "appdata" etc. remain on the boot drive ("C".)

The change in Hitman Pro's behavior seems to have come after installing the new drive and moving the files. It still scans the "C" drive, but finds no cookies. I've also run scans directly on the "roaming" folder and the cookie files w/in the FF "profiles" folder. None of this turns up a hit... but the cookies are there, because SuperAntiSpyware is still catching them (well over 100 in one instance.)

I've removed and re-installed Hitman Pro, thinking that it might have somehow lost a path when I moved the data files, but that had no effect.

Any insights into this... or is this a known issue of some kind?
(I just decided to go with the paid version a few weeks ago, and am not at all happy that it now seems to be malfunctioning!)

1 more note: I also have Hitman Pro (paid version) on my laptop (W7 32 bit) and it is catching adware tracking cookies in all browsers, as normal.

 

Re: Hitman Pro Doesn't Catch Tracking Cookies!

Are you using a portable version of Firefox?

 

Re: Hitman Pro Doesn't Catch Tracking Cookies!

No, it's FF 26.0, installed on the system.

 

Re: Hitman Pro Doesn't Catch Tracking Cookies!

Also, in case it's helpful to know, the version of Hitman Pro is 3.73 - build 193 (64 bit). (This is what it updated itself to after the re-install. I did not check what version it was prior to re-installing.)

 

Re: Hitman Pro Doesn't Catch Tracking Cookies!

That version is ancient
You should run build 208 from our site:

http://www.hitmanpro.com/downloads

 

Re: Hitman Pro Doesn't Catch Tracking Cookies!

The re-install was from disk. It first updated to 3.73 - build 193 (64 bit) but when I ran it again (as administrator) it did update itself a second time to build 208 (64 bit).

 

Mark Loman has been analyzing a malware attack that was being served via Yahoo:
http://www.washingtonpost.com/blogs...-com-hit-with-malware-attack-researchers-say/

Details:
https://twitter.com/markloman/status/419081512311848960
https://twitter.com/markloman

The malware was found by researchers at Fox-IT.
http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/

 

what kind of malware is it?adware?from advertisements?

 

Via ads.yahoo,com
https://twitter.com/markloman/status/419081512311848960

According to Fox-IT, various malware families have been served through Yahoo since December 30.

• ZeuS
• Andromeda
• Dorkbot/Ngrbot
• Advertisement clicking malware
• Tinba/Zusy
• Necurs

Mark observed these:
https://twitter.com/markloman/status/419092837624733696
https://twitter.com/markloman/status/419222699354095616

 

that is very bad, thanks for the info