Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  2. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  3. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 1 File and whitelisted the File please. I use the FP function into the Programm to submit the File to you

    With best Regards
    Mops21
     

    Attached Files:

  4. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    Hi @erikloman and @markloman

    Looks like a valid Kaspersky dll is flagged as Malware by Bitdefender's engine:

    <Log computer="MYPC" windows="6.3.0.9600.X64/8" scan="Normal" version="3.7.13.258" date="2016-04-07T07:00:05" timeSpentInSecs="237" filesProcessed="102535"><Item type="Malware" malwareName="Malware" score="108.0" status="None"><Scanners><Scanner id="Bitdefender" name="Gen:Variant.Razy.33699" /></Scanners><File path="C:\ProgramData\Kaspersky Lab\AVP16.0.0\Bases\rollback.dll" hash="1611BA652DEA128ED188E600A7C4BD728E0B7163615A78963A7FB7781BBDD5BF" /></Item></Log>
     
  5. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    And one more:
    <Log computer="MYPC" windows="6.3.0.9600.X64/8" scan="Normal" version="3.7.13.258" date="2016-04-12T11:00:07" timeSpentInSecs="67" filesProcessed="72610"><Item type="Suspicious" score="33.0" status="None"><File path="C:\Windows\system32\drivers\hitmanpro37.sys" hash="969B5FF4E762BC84F9B6588ECC9B08026519E081ACC1182885E163762CC3E21A" /><Startup><Key path="HKLM\SYSTEM\ControlSet001\Services\hitmanpro37\" /></Startup></Item></Log>
     
  6. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 7 Files and whitelisted the 7 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  7. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    On a PC (of a family member) that is protected by HitmanPro.Alert HitmanPro found this trace:

    Volume Boot Record (Sector 2048 )
    C:\$VBR_2048

    Should I worry about this? And why did HMPA not protect the PC? (Or did it?)
     
  8. guest

    guest Guest

    Is Shadow Defender running on the PC? If yes, then the message from HitmanPro is a false positive.
    SD is protecting the MBR, therefore the trace from HitmanPro.
    But if SD is not running, then there is maybe a reason to worry...
     
  9. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    No, Shadow Defender has never been installed on this PC.

    No MBR manipulation software at all I think.
     
  10. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    • Ran Bitdefender Rescue CD: found nothing
    • Ran Emsisoft Emergency Kit: found nothing
    • Ran MalwareBytes AntiMalware: found nothing
    • Ran Zemana Antimalware: found nothing
    • Ran MalwareBytes AntiRootkit: found nothing
    • Ran Kapersky TDSSKiller: found nothing
    • Ran MalwareBytes Junkware Removal Tool: found nothing
    And after the clean-up of the reported entry (first step actually, before running the above programs) HitmanPro itself found nothing on the 2nd run.

    Still don't understand how HMP can find something that is not prevented by HPMA...
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro 3.7.14 Build 263 PreRelease

    yeabests1.png yeabests2.png

    Changelog
    • Added detection for fileless malware using WMI to hijack your Browser (Yeabests.cc)
    • Added details of ScriptText used by fileless malware hiding in WMI
    • Fixed problem with Poweliks detection
    • Updated internal whitelists
    Download
    http://www.hitmanpro.com/beta

    Please let me know how this version runs on your computer :thumb:
     
  12. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64 with HMP 3.7.14 build 263, installed over build 258, so far running fine, no issues.
     
  13. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,453
    Location:
    .
    263 > Default|Quick|EWS > okay.
     
  14. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Working good here.
     
  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Build 263 working fine - Win 8.1 x64.
     
  16. guest

    guest Guest

    Is there an option to install the Prerelease to Program Files? :doubt:
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    EDIT: Automatic update is rolling now!
     
    Last edited: Apr 26, 2016
  18. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,982
    http://www.surfright.nl/en/hitmanpro/whatsnew#releasehistory
     
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Build 263, scheduled daily quick scan.
    Don't know what happened here, 28 threats - all FPs, reported all as safe.
     

    Attached Files:

  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Odd, they are all flagged with Backdoor Behavior. Could be caused by Startup Sentinel.
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Thanks Erik. I do recall there had been issues with Startup Sentinel before ... I will remove it if the problem persists.
     
  22. guest

    guest Guest

    If you get no more "Backdoor Behavior" after uninstalling it, then you can maybe report it to the Startup Sentinel-thread.
    So they can investigate it :cautious:
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    I get no threats now if I do a default scan on demand, but then I did report all threats as safe (ignore) with this morning's scheduled scan.
     
  24. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Just ran a scan with the new beta. I realise that I don't seem to run HMP scans as often as I used to. Probably, because I think they tend to take too long on XP compared to days past, previously.

    ScreenShot_HMP_v3.7.14_Build 263 Beta_01.gif ScreenShot_HMP_v3.7.14_Build 263 Beta_02.gif
     
  25. Anguel

    Anguel Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    75
    I get these two warnings on a Dell notebook since a few days, I think they are false positives:
    WMI:root\subscription\ActiveScriptEventConsumer\DellCommandPowerManagerAlertEventConsumer
    WMI:root\subscription\ActiveScriptEventConsumer\DellCommandPowerManagerPolicyChangeEventConsumer
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.