Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,049
    Location:
    Baden Germany
    Back in the days of police-style ransomware Kickstart was very usefull, to get access to locked computers.

    For today's threats Kickstart is not necessary, possibly counterproductive..., as malware may not be active, and therefore not detected.

    Maybe Kickstart has a revival, when new (what so ever) threats come out...
     
  2. hjlbx

    hjlbx Guest

    I am also at a complete loss as to where KickStart stands in terms of W10 support or new features, etc.
     
  3. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    Thank your for reporting this!
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    5,654
    Location:
    USA
    I've been wanting to see the context menu scan functionality for a long time. Thank you for bringing that up!
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,369
    Location:
    Among the gum trees
    Same thing here with PrivaZer too. I hope it is a false positive.

    It seems Sophos thinks it is malware.
    Code:
    HitmanPro 3.7.14.265
    www.hitmanpro.com
    
      Computer name . . . . : DAVE-PC
      Windows . . . . . . . : 10.0.0.10586.X64/4
      User name . . . . . . : DAVE-PC\Dave
      UAC . . . . . . . . . : Enabled
      License . . . . . . . : Paid (742 days left)
    
      Scan date . . . . . . : 2016-07-23 12:00:14
      Scan mode . . . . . . : Quick
      Scan duration . . . . : 56s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
    
      Threats . . . . . . . : 1
      Traces  . . . . . . . : 2
    
      Objects scanned . . . : 4,690
      Files scanned . . . . : 4,690
      Remnants scanned  . . : 0 files / 0 keys
    
    Miniport ____________________________________________________________________
    
      Primary
      DriverObject . . . : FFFFE0000338F060
      DriverName . . . . : \Driver\storahci
      DriverPath . . . . : \SystemRoot\System32\drivers\storahci.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF8008A301540 \??\C:\Windows\system32\drivers\hmpalert.sys+136512
      Solution
      DriverObject . . . : FFFFE0000338F060
      DriverName . . . . : \Driver\storahci
      DriverPath . . . . : \SystemRoot\System32\drivers\storahci.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF80088382FE0 \SystemRoot\System32\drivers\storport.sys+12256
    
    Malware _____________________________________________________________________
    
      C:\Program Files (x86)\PrivaZer\PrivaZer.exe
      Size . . . . . . . : 14,911,240 bytes
      Age  . . . . . . . : 0.4 days (2016-07-23 01:31:12)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 7FA761CBBE74A3705E0F07AA258191BA50B060DDA0AD35022A1574C3E225C197
      Product  . . . . . : PrivaZer
      Publisher  . . . . : Goversoft LLC
      Description  . . . : PrivaZer
      Version  . . . . . : 3.0.7.0
      Copyright  . . . . : Goversoft
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      > HitmanPro  . . . . : Mal/DelpBanc-A
      Fuzzy  . . . . . . : 85.0
      Startup
      C:\Windows\system32\Tasks\PrivaZer_SkipUAC
    
    
    
    
     
  6. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,437
    Location:
    Under a bushel ...
    +1
     
  7. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,412
    Location:
    Surrey, England.
    On Virustotal 3/54 engines are currently detecting it - Sophos and McAfee (plus GW Edition).
     
  8. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    36
    Location:
    Italia
    Erik, point out this false positive detected by Hitmanpro (PrivaZer version v3.0.7).

    Screenshot and log HP
     

    Attached Files:

  9. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Confirmed for W7-x64 Prof. with HitmanPro build 265. I installed PrivaZer 3.0.7 (latest donor version) last night and hope/expect it to be a FP!
     
  10. Magic_The

    Magic_The Registered Member

    Joined:
    Jun 24, 2015
    Posts:
    39
    False Positive Radion Crimson!

    Same with Zemana..
     

    Attached Files:

  11. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    994
    Location:
    France
    Hello,

    here is the PrivaZer Team,
    hope we will get a fix soon for this false positive on our new release of PrivaZer.
    Sophos + HitmanPro contacted.
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Fixed the FP.
     
  13. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    994
    Location:
    France
    Hello Erik,
    Sophos fixed also?
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    No. That has to be taken care of by a totally different team. I will ping SophosLabs to speed things up.
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    These are infected, look at the detection rate on these files:
    https://www.virustotal.com/en/file/...f1e7b14ea83d73fc794f636a/analysis/1469356577/
     
    Last edited by a moderator: Jul 24, 2016
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Kickstart support for booting UEFI and Windows 10 environments is currently not planned. @Hiltihome is correct in his statement.
     
  17. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,412
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 2 Files and whitelisted the 2 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  18. bjm_

    bjm_ Registered Member

    Joined:
    May 22, 2009
    Posts:
    4,104
    Location:
    .
    Thanks @Hiltihome
     
  19. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    994
    Location:
    France
  20. The_PrivaZer_Team

    The_PrivaZer_Team Developer

    Joined:
    Feb 14, 2013
    Posts:
    994
    Location:
    France
    Any update Erick,
    (we have hundreds of PrivaZer+Sophos users complaining about this false positive...)
     
  21. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ HMP

    Heads up. HMP detects, NoVirusThanks - "Fast Raw File Copier Pro Setup" as Malware ! Obviously a FP.

    frcp.png

    Also, i just installed HMP & i can't get the .lnk protection to work ? XP/SP2

    fail.png lnk.png
     
  22. bwayne

    bwayne Registered Member

    Joined:
    Aug 1, 2016
    Posts:
    2
    Location:
    USA
    Hitman Pro Issue:
    Hoping someone can help or point me in the right direction (tried getting support from their site but the TeamViewer window would pop up but nothing would actually "connect" - maybe user error).
    Anyway... I've used Hitman for a number of years with no problems. Last two times I've done full scans with it, I'm seeing a number of files showing "upload timed out". Never had this before and they appear to be fairly safe files (examples: smss.exe, ole32.dll, kernel32.dll). Any ideas as to what is causing this?

    New to this forum therefore let me know if I should post somewhere else.
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    810
    Just as a heads up to users. If you performed a clean install of Windows 10 RS1 (from 2nd August) you'll get this warning when scanning:
    Capture6.PNG Capture7.PNG

    MS now requires drivers to be signed by them specifically in order to work properly.
     
  24. Old Faithful

    Old Faithful Registered Member

    Joined:
    Aug 3, 2016
    Posts:
    1
    Location:
    North America
    Couldn't find an answer, new user here. Hitmanpro keeps flagging my hosts file as compromised, and I can't make it ignore it. Is there an eta on resolving this bug? The first time I didn't notice it and it 'repaired' it by DELETING its content...
     
  25. mHazweiO

    mHazweiO Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    21
    Location:
    Bavaria, Germany
    Hi

    From time to time I scan my machine with HitmanPro in the EWS mode. Yesterday I noticed the following warning for the first time:

    upload_2016-8-5_20-24-35.png

    This was the first EWS-scan after upgrading HitmanPro.Alert to build 546.
    This warning only appears in EWS mode. In the standard scan mode everything is fine.


    This is one of the logs:

    Code:
    HitmanPro 3.7.14.265
    www.hitmanpro.com
    
       Computer name . . . . : XXXXXXXXX
       Windows . . . . . . . : 10.0.0.10586.X64/4
       User name . . . . . . : XXXXXXXXX\YYYYYYYYY
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Paid
    
       Scan date . . . . . . : 2016-08-05 20:40:16
       Scan mode . . . . . . : EWS
       Scan duration . . . . : 1m 2s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 1
    
       Objects scanned . . . : 1.908.424
       Files scanned . . . . : 57.650
       Remnants scanned  . . : 501.084 files / 1.349.690 keys
    
    Miniport ____________________________________________________________________
    
       Primary
          DriverObject . . . : FFFFE0014743F970
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF801A90E1540 \??\C:\WINDOWS\system32\drivers\hmpalert.sys+136512
       Solution
          DriverObject . . . : FFFFE0014743F970
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF801A6A62FE0 \SystemRoot\System32\drivers\storport.sys+12256
    
    Repairs _____________________________________________________________________
    
       IRP_MJ_SCSI kernel-mode hook on iaStorA.sys detected and bypassed
       The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files.
    

    I scanned the machine with several antimalware engines (Avira, Eset Kaspersky, from Linux USB-stick) twice (yesterday and today with up to date signatures) both scans didn't show any infections.
    An additional scan with MBAM didn't find anything neither.

    So I played around a bit and unistalled both HitmanPro and HitmanPro.Alert (only standard uninstaller not the uninstallation tool, all registry keys left untouched). Then I reinstalled HitmanPro scanned again in EWS-mode and this time there was no warning. After reinstalling HitmanPro.Alert and scanning in EWS mode the warning was back again.

    So my assumption is that it is triggerd by hmpalert.sys

    For additional antimalware software setup see signature

    Can anyone confirm?
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.