Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.
We are experiencing some lag on the backend. We are working on it. Sorry for the inconvenience.
Thank you, I was so worried this problem was with my Windows, but thank goodness it it not.
It should be normal now. Can you verify?
I can't verify this in my case, whenever it starts to scan malware remnants it takes too much time to scan it all.
So. basically, first it scans files, than when it finishes it scans malware remnants, but for some reason every time it scans system volume information (malware remnants) the scan significantly slows down-sorry, but I just can't wait for scanning for so long!
What I'm trying to say is that it does finish scanning files and folders very fast, but, after that when it starts to scan malware remnants and when it starts to scan malware remnants in system volume information (RP9), the scan itself drastically slows down-I can't really say what could be the reason if exactly 2 days scans were normally, extremely fast with malware remnants and with system volume information (RP9) as well.
Is you System Volume FAT32 or NTFS?
You can disable the remnant scan under Settings.
Eriklo, I'm a bit shamed, how do you see this if it's my system fat32 or ntfs?
All right, Erikloman, big thanks for your help, I can now see that my system volume is NTFS!
Strange. Can't explain why the scan is slow. PM if you want me to have a remote look at the possible cause of the slowdown.
Two issues found with HMP 3.7.9 build 238 on running scan on my Windows XP, IE8 and Chrome 40
1 Choppy sound and lagging video on playing Adobe Flash Player version 16,0,0,305 during scan.
2 Chrome totally crashed after finishing deletion of some tracing cookies and on exit.
No details of the crash was made on the XP event viewer.
I posted about this on another thread. I think this may be a false positive. It's possible I have an extension writing this file, but nothing detects it as ASK other than HMP.
VT hash is 0d055ba6095b1437a49e2f977c82d639e0337cb8395f84dcb9107a4993b9ae96
Comes up clean. Also have run 4 other on-demand full scans that came up clean. The machine is well protected, behind multiple security layers. So if this is dirty, then it's an inside job.
The file is very small, 50k, and I can provide that if necessary, the data is in SQLite 3. If it is not a FP, I would like to find out where it is coming from, and expose the source. The last time I found something like this it was generated by PasswordBox Password Manager. This file re-appears everyday even with HMP deleting it.
The most worrying thing I can find in the file is;
fpathC:\fakepath\Web Datac:\fakepath\web dataTó9FTó9F
More information on this;
1) It comes back each time Chrome is launched.
2) Disabled Extensions, it comes back.
3) Reset Chrome it comes back.
4) Uninstalled Chrome w/Revo, manually removed directory. Reinstalled Chrome from scratch and it comes back.
5) Checked CLEAN server, just setup a few days ago, same file is there.
6) Checked a test machine here with Windows 10 Preview installed 8 hours ago, and nothing else but Chrome on it - same file exists.
I think given all of that we can pretty much be assured this is a false positive, right?
To satiate my OCD, I performed the following;
1) Started up my work notebook at home, same file exists. This notepad has never connected to my home network, and sits behind 500K worth of security appliances/scanners.
2) VPN'd into a work system in the lab, same file exists.
Now what? Either there is some gross compromise I am missing or a FP. Given it appears on a brand new Windows 10 Preview machine when Google Chrome is installed, I think that's a pretty good indicator? I am tempted to create a VM with a fresh Windows 8, and see what happens, but I do not want to devote too much time to this. I've caught some very embedded malware in the past so I tend to explore until I am sure. For example I caught a transparent proxy tagged onto Chrome a few months ago that was plaguing someone and it evaded all scanners.
If I go to that directory, and create the following files;
Create them as text files in the same directory, set them to hidden+read only, then try to launch Chrome I get the error on the attached picture. So these appear to be integrated within Chrome, and any method to stop them breaks Chrome functionality itself. (even on a clean box)
Try AdwCleaner. It will pick it up as well.
So it's a false positive then? I've duplicated this on 11 machines already, including a freshly installed Windows 10 one, and also within a VM with a fresh Win 8.1.
I am curious about one thing about HitMan Pro.
I use CC Cleaner. As you must know, CC Cleaner allows the user to "protect" from being deleted by CC Cleaner certain cookies he/she desires that they remain on his/her system.
If by accident, oversight, or for some other stupid reason I placed a tracking cooking in CC Cleaner's protected cookie status, would HitMan Pro still be able to detect that tracking cookie? I suspect not, but would like a definitive answer please.
Of course HMP can detect and deletet those. No other program cares for CCleaners exlusion list (which is just a textfile for CCleaner).
I ran HitmanPro and it detected three questionable .exe files. There was nothing wrong with these programs. I used the quarantine option and it caused a lot of problems for my operating system. Does anyone know how to undo this quarantine process?
I tried calling a support number, but it was not a working number.
Start HitmanPro, goto Settings, click History.
Did you perform an EWS scan?
Your directions worked just fine. Thank you for good advice. I had searched for an answer many places and nothing described my problem or how to undo my mistake.
Erikloman, I have to report, that my problems are solved regarding HitmanPro slow scans, I reinstalled everything from scratch/ground zero updated to service pack 3 latest, and HitmanPro even with malware remnants scan scans everything in details below 90 seconds.
Wonderful to hear! Thanks for letting us know.
Hello, I did a scan of my computer this morning, and HMP identified this file from Zoner Photo Studio 17 as a trojan: ZPS14_Update_Build100.exe, per Kaspersky . . . . : HEUR:Trojan-Downloader.Win32.Generic
I was interested in knowing if this a false positive or really a threat.
I am running Windows 7 64 Home Premium