Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.
What is going on with the signature handling on your computer? Seems off.
HitmanPro 3.7.10 Build 248 Released
ADDED: Detection and removal of 'Ads by LaSuperba' malware.
See here for example: https://twitter.com/erikloman/status/649967142121701377
ADDED: Detection and repair of patched dnsapi.dll (both 32-bit and 64-bit)
ADDED: Command line switch /diskmode=compatible|direct.
ADDED: Tracking Cookie scan for Microsoft Edge.
FIXED: Tracking Cookie scan for Internet Explorer.
IMPROVED: Improved Windows 10 compatibility.
IMPROVED: Remnant scan.
IMPROVED: Cloud lookup performance.
Existing users are automatically upgraded.
Seems so yes.
A similar issue, also concerning a Windows Vista 32 bits system, was mentioned at the (Dutch) Security.NL, recently.
See post and thread "False positives Hitman Pro??"
That poster said he/she was planning to contact HitmanPro support.
Anything about that in HitmanPro support logs, perhaps, Erik?
I have a remote session tomorrow. Maybe I can dig something up.
Build 248 Release
second scan 5m59s No threats
Edit: I did a rescan today and it didnt show up again. Fixed. Thanks Erik.
Why is detecting MiPony?
HitmanPro-248 doesn't trust HitmanPro.Alert
Size 32.0 KB
Time 0.0 days ago (2015-10-07 09:53:47)
Product HitmanPro 3.7
The file is hidden from Windows API. This is typical for malware.
The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
The file name extension of this program is not common.
Program is running but currently exposes no human-computer interface (GUI).
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
3.8s C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMuroc System Trace.etl
I get an error when I want to scan a map with a HitmanPro Beta-version. Right click: Scan with HitmanPro. Tested with the old build 247 beta. No problem with non-beta build 248. Apparently it only works with a non-beta-version.
(W10 build 10240 64 bits/Norton Security with Backup v184.108.40.206)
I found more information. The Vista machines exhibiting this issue have files that are signed with a SHA-256 digest algorithm. Windows XP and Vista do not support this algorithm. See screenshot:
Have you tried upgrading to Windows 8 or Windows 10? If so, these files might be residue of a failed upgrade to Windows 8 or 10.
Why do these files popup now? Because these files have a signature that expires on 2015-10-01.
Never upgraded to 8.1 or 10.
Fact is, you have a Windows 8 or 10 file on your computer. Can you post a screenshot of the version information?
Sorry for hurrying but could you please look at my PM again?
There you go, Windows 10 file!
How did it get on your computer?
I have made a workaround for these files in build 249. Get it from http://www.hitmanpro.com/beta
Probably Windows Update. I keep finding update KB's and stuff to either clean off or block MS updates now a major source of spyware. They call it Telemetry GRRR
Already reported, just whitelist/ignore them. Like many tools, it wrongly assumes that some PUP-bundled apps are unwanted, even if you unchecked everything and not PUP is installed.
Yes, regarding Windows 7 and 8 systems.
But Windows Vista, as is deugniet's system?
I don't know. No such files on my Vista x86 system.
Did you install the optional update KB2999226 for Windows Vista, by any chance? I didn't.
The KB2999226 articles says:
Could this be the Windows 10 files Erik was thinking of?
Fixed with beta 249. Thank you Erik.
Scan date . . . . . . : 2015-10-07 19:40:51
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 29s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 0
Yes. KB2999226 installed (20 September 2015/optional update).
Incredible. Microsoft made a mess of it. These files do not validate on XP or Vista
Notify Microsoft about this, Erik?
It's not the first time.
Earlier, EMET 4.1 Update 1 was signed with SHA256, not supported on Vista.
Later, a new EMET 4.1 Update version was released, signed using SHA1.
EMET 5.2 was also signed using SHA1.
But now with KB2999226 Microsoft seems to make the same mistake all over again.
Well, I think Microsoft just doesn't care.
HitmanPro 3.7.10 Build 250 Released
ADDED: Workaround for KB2999226 on Windows Vista.
The files in KB2999226 are digitally signed with the SHA-256 algorithm. Authenticode signatures with SHA-256 digest are not supported on Windows Vista. This resulted in that HitmanPro listed these files as suspicious.
FIXED: Tracking Cookie scan for Internet Explorer.
Users are automatically updated.
Hi Erik and Hi Mark
Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the File to you
With best Regards
Separate names with a comma.