Hitman Pro Support and Discussion Thread

Discussion in 'other anti-malware software' started by yashau, Mar 20, 2009.

  1. Will Johnson

    Will Johnson Registered Member

    Joined:
    Jan 28, 2016
    Posts:
    4
    I have another - Don't know how to post screenshots etc so I'll just type what I see -

    HitmanPro 3.7.20 - Build 286

    Scan results:
    No threats found.

    hitmanpro37.sys Driver
    C:\Windows\system32\drivers\ Unknown (6.0)

    ieframe.dll WRP Run Unknown (7.0)
    C:\Windows\System32\

    It looks like Hitman is reporting one of it's own files as suspicious, have I got that right?
     
  2. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    930
    Another false positive:(. It's just a simple vbs that I compiled into an exe file that I use to hide flashing console windows. The file has been around for a while with no alerts.
    Code:
    HitmanPro 3.7.20.286
    www.hitmanpro.com
    
       Computer name . . . . : 20FU-CTO1
       Windows . . . . . . . : 6.3.0.9600.X64/4
       User name . . . . . . :
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2017-07-28 10:00:02
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 51s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 2
    
       Objects scanned . . . : 1,417,515
       Files scanned . . . . : 13,188
       Remnants scanned  . . : 211,996 files / 1,192,331 keys
    
    Miniport ____________________________________________________________________
    
       Primary
          DriverObject . . . : FFFFE000624802D0
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF8010FA212F0 \??\C:\Windows\system32\drivers\hmpalert.sys+135920
       Solution
          DriverObject . . . : FFFFE000624802D0
          DriverName . . . . : \Driver\iaStorA
          DriverPath . . . . : \SystemRoot\System32\drivers\iaStorA.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF8010E065530 \SystemRoot\System32\drivers\storport.sys+9520
    
    Malware _____________________________________________________________________
    
       D:\ThinApps\Hide.exe
          Size . . . . . . . : 69,120 bytes
          Age  . . . . . . . : 101.8 days (2017-04-17 14:14:47)
          Entropy  . . . . . : 6.5
          SHA-256  . . . . . : FF6954D5E93981B299DA6DD5DFD3CA7AA34FFB14AA594EBAB5413C008D6CE3AF
        > Bitdefender  . . . : Trojan.Generic.21144887
          Fuzzy  . . . . . . : 106.0
          References
             C:\Users\Adric\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FileMan.lnk
    
     
    Last edited: Jul 28, 2017
  3. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    39
    Location:
    The Netherlands
    False positive far as I know..

    Reported it a couple of days ago... No response.
    Hope someone reads it here:

    Code:
    HitmanPro 3.7.20.286
    www.hitmanpro.com
    
       Computer name . . . . : ##############
       Windows . . . . . . . : 10.0.0.15063.X64/4
       User name . . . . . . : ##############\############
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Paid (455 days left)
    
       Scan date . . . . . . : 2017-07-24 06:45:13
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 2m 2s
       Disk access mode  . . : Direct disk access (FsdHigh)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 1
       Traces  . . . . . . . : 6
    
       Objects scanned . . . : 1,504,662
       Files scanned . . . . : 27,639
       Remnants scanned  . . : 201,990 files / 1,275,033 keys
    
    Miniport ____________________________________________________________________
    
       Primary
          DriverObject . . . : FFFF9E8D9760A7F0
          DriverName . . . . : \Driver\stornvme
          DriverPath . . . . : \SystemRoot\System32\drivers\stornvme.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF80361CA12F0 \??\C:\WINDOWS\system32\drivers\hmpalert.sys+135920
       Solution
          DriverObject . . . : FFFF9E8D9760A7F0
          DriverName . . . . : \Driver\stornvme
          DriverPath . . . . : \SystemRoot\System32\drivers\stornvme.sys
          StartIo  . . . . . : 0000000000000000 +0
          IRP_MJ_SCSI  . . . : FFFFF80360426E20 \SystemRoot\System32\drivers\storport.sys+28192
    
    Malware _____________________________________________________________________
    
       C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe -> Quarantined
          Size . . . . . . . : 3,611,136 bytes
          Age  . . . . . . . : 0.0 days (2017-07-24 06:36:11)
          Entropy  . . . . . : 6.2
          SHA-256  . . . . . : 943A6BE03E498CA27B291DAD3493DC350C69AF603504B52CD96A55F41013E865
        > HitmanPro  . . . . : Malware
          Fuzzy  . . . . . . : 108.0
          Forensic Cluster
             -6.9s C:\Users\############\Tor Browser\Browser\
             -6.9s C:\Users\############\Tor Browser\
             -6.9s C:\Users\############\Tor Browser\Browser\Accessible.tlb
             -6.9s C:\Users\############\Tor Browser\Browser\AccessibleMarshal.dll
             -6.9s C:\Users\############\Tor Browser\Browser\IA2Marshal.dll
             -6.9s C:\Users\############\Tor Browser\Browser\application.ini
             -6.9s C:\Users\############\Tor Browser\Browser\chrome.manifest
             -6.9s C:\Users\############\Tor Browser\Browser\dependentlibs.list
             -6.9s C:\Users\############\Tor Browser\Browser\firefox.VisualElementsManifest.xml
             -6.9s C:\Users\############\Tor Browser\Browser\firefox.exe
             -6.8s C:\Users\############\Tor Browser\Browser\freebl3.dll
             -6.8s C:\Users\############\Tor Browser\Browser\lgpllibs.dll
             -6.8s C:\Users\############\Tor Browser\Browser\libEGL.dll
             -6.6s C:\Users\############\Tor Browser\Browser\libGLESv2.dll
             -6.6s C:\Users\############\Tor Browser\Browser\libssp-0.dll
             -6.6s C:\Users\############\Tor Browser\Browser\mozavcodec.dll
             -6.5s C:\Users\############\Tor Browser\Browser\mozavutil.dll
             -6.5s C:\Users\############\Tor Browser\Browser\mozglue.dll
             -6.4s C:\Users\############\Tor Browser\Browser\msvcr100.dll
             -6.4s C:\Users\############\Tor Browser\Browser\nss3.dll
             -6.3s C:\Users\############\Tor Browser\Browser\nssckbi.dll
             -6.3s C:\Users\############\Tor Browser\Browser\nssdbm3.dll
             -6.3s C:\Users\############\Tor Browser\Browser\omni.ja
             -5.7s C:\Users\############\Tor Browser\Browser\platform.ini
             -5.7s C:\Users\############\Tor Browser\Browser\plugin-container.exe
             -5.7s C:\Users\############\Tor Browser\Browser\plugin-hang-ui.exe
             -5.6s C:\Users\############\Tor Browser\Browser\precomplete
             -5.6s C:\Users\############\Tor Browser\Browser\qipcap.dll
             -5.6s C:\Users\############\Tor Browser\Browser\removed-files
             -5.6s C:\Users\############\Tor Browser\Browser\softokn3.dll
             -5.6s C:\Users\############\Tor Browser\Browser\update-settings.ini
             -5.6s C:\Users\############\Tor Browser\Browser\updater.exe
             -5.5s C:\Users\############\Tor Browser\Browser\updater.ini
             -5.5s C:\Users\############\Tor Browser\Browser\xul.dll
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarks.html
             -2.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\
             -1.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\tor-launcher@torproject.org.xpi
             -1.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\torbutton@torproject.org.xpi
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\preferences\
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\preferences\extension-overrides.js
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\user.js
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\extensions\
             -1.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\extensions\meek-http-helper@bamsoftware.com.xpi
             -1.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\
             -1.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\geoip
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\ChangeLog.txt
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Firefox.txt
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\HTTPS-Everywhere.txt
             -1.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\NoScript.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-CJK-Font.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Noto-Fonts.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Tor-Launcher.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Tor.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\Torbutton.txt
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.CC0
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.GO
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Licenses\PluggableTransports\LICENSE.PYTHON
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\LICENSE
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\fteproxy\
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\fteproxy\COPYING
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\fteproxy\README.md
             -1.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\Obfsproxy\README
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\libfte\
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\libfte\LICENSE
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\libfte\LICENSE.re2
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\libfte\README.md
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\meek\
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\meek\README
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\meek\meek-client.1.txt
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\meek\meek-server.1.txt
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\sources\
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\sources\bundle.inputs
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Docs\sources\versions
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\
             -1.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libeay32.dll
             -1.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
             -1.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libevent_core-2-0-5.dll
             -1.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libevent_extra-2-0-5.dll
             -1.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
             -0.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libgmp-10.dll
             -0.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
             -0.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\ssleay32.dll
             -0.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\tor.exe
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Cipher._AES.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Hash._SHA256.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Hash._SHA512.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Random.OSRNG.winrandom.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Util._counter.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\Crypto.Util.strxor.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_ctypes.pyd
             -0.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_hashlib.pyd
             -0.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_socket.pyd
             -0.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\_ssl.pyd
             -0.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\bz2.pyd
             -0.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fte.cDFA.pyd
             -0.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.exe
             -0.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy.zip
             -0.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client-torbrowser.exe
             -0.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\meek-client.exe
              0.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfs4proxy.exe
              0.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfsproxy.exe
              0.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\obfsproxy.zip
              0.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\pyexpat.pyd
              0.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\python27.dll
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\select.pyd
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\terminateprocess-buffer.exe
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\unicodedata.pyd
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\w9xpopen.exe
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\VERSION
              0.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\zope.interface._zope_interface_coptimizations.pyd
              0.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\defs\
              0.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\fteproxy\defs\20131224.json
              0.4s C:\Users\############\Tor Browser\Browser\browser\
              0.4s C:\Users\############\Tor Browser\Browser\browser\blocklist.xml
              0.4s C:\Users\############\Tor Browser\Browser\browser\chrome.manifest
              0.4s C:\Users\############\Tor Browser\Browser\browser\omni.ja
              1.7s C:\Users\############\Tor Browser\Browser\browser\VisualElements\
              1.7s C:\Users\############\Tor Browser\Browser\browser\VisualElements\VisualElements_150.png
              1.7s C:\Users\############\Tor Browser\Browser\browser\VisualElements\VisualElements_70.png
              1.7s C:\Users\############\Tor Browser\Browser\browser\extensions\
              1.7s C:\Users\############\Tor Browser\Browser\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
              1.7s C:\Users\############\Tor Browser\Browser\browser\features\
              1.7s C:\Users\############\Tor Browser\Browser\browser\features\e10srollout@mozilla.org.xpi
              1.8s C:\Users\############\Tor Browser\Browser\defaults\pref\
              1.8s C:\Users\############\Tor Browser\Browser\defaults\pref\channel-prefs.js
              1.8s C:\Users\############\Tor Browser\Browser\defaults\
              1.8s C:\Users\############\Tor Browser\Browser\dictionaries\
              1.8s C:\Users\############\Tor Browser\Browser\dictionaries\en-US.aff
              1.8s C:\Users\############\Tor Browser\Browser\dictionaries\en-US.dic
              1.8s C:\Users\############\Tor Browser\Browser\fonts\
              1.8s C:\Users\############\Tor Browser\Browser\fonts\EmojiOneMozilla.ttf
              1.9s C:\Users\############\Tor Browser\Browser\fonts\NotoSansBuginese-Regular.ttf
              1.9s C:\Users\############\Tor Browser\Browser\fonts\NotoSansKhmer-Regular.ttf
              1.9s C:\Users\############\Tor Browser\Browser\fonts\NotoSansLao-Regular.ttf
              1.9s C:\Users\############\Tor Browser\Browser\fonts\NotoSansMyanmar-Regular.ttf
              1.9s C:\Users\############\Tor Browser\Browser\fonts\NotoSansYi-Regular.ttf
              2.0s C:\Users\############\Tor Browser\Start Tor Browser.lnk
              2.9s C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!003\MicrosoftEdge\Cache\70GG0I02\exceptionrules[1].txt
             10.3s C:\Program Files\AVAST Software\Avast\defs\17072302_stream\pkg17072302000000da.bin
             11.6s C:\Users\############\Desktop\Start Tor Browser.lnk
             12.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\
             12.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\parent.lock
             12.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\compatibility.ini
             14.2s C:\Users\############\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000033.db
             14.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\
             14.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\entries\
             14.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\cache2\doomed\
             14.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\blocklist.xml
             14.5s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.sqlite
             15.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\gmp\
             15.1s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\HTTPSEverywhereUserRules\
             16.0s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131453445866180033.txt
             16.1s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\
             16.1s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\Apps.index
             16.2s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\0.0.filtertrie.intermediate.txt
             16.2s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\0.1.filtertrie.intermediate.txt
             16.2s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\0.2.filtertrie.intermediate.txt
             16.2s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6325a1fb-8298-458a-8ddc-381d934cf44b}\Apps.ft
             16.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\lock
             18.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\times.json
             21.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\torrc
             22.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\cached-certs
             22.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus
             25.6s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\places.sqlite
             25.8s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\content-prefs.sqlite
             26.2s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\bookmarkbackups\
             26.3s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\directoryLinks.json
             26.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\Caches\profile.default\thumbnails\
             27.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\cookies.sqlite
             28.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\search.json.mozlz4
             28.7s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\mimeTypes.rdf
             28.8s C:\Users\############\Tor Browser\Browser\TorBrowser\UpdateInfo\
             28.9s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\webappsstore.sqlite
             29.0s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\containers.json
             33.9s C:\Users\############\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Tor Browser.lnk
             36.0s C:\Users\############\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000034.db
             45.5s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131453446163418682.txt
             45.6s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\
             45.7s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\Apps.index
             45.7s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\0.0.filtertrie.intermediate.txt
             45.7s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\0.1.filtertrie.intermediate.txt
             45.7s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\0.2.filtertrie.intermediate.txt
             45.7s C:\Users\############\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{1c716494-b832-401c-aab7-2b5b95ddffc1}\Apps.ft
             68.1s C:\Windows\Temp\W10X64-MSPRO4-20170724-0637.log
             69.4s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions\uBlock0@raymondhill.net.xpi
             69.8s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-data\
             69.8s C:\Users\############\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extension-data\ublock0.sqlite
    
    
    Cookies _____________________________________________________________________
    
       C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\5ANJ0815.cookie
       C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\BEXBWBTH.cookie
       C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\HKZMD6PT.cookie
       C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\S1ZBE9ZT.cookie
       C:\Users\############\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\Y54E9WAP.cookie
    
    
    
     
  4. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    1,637
    Location:
    the Netherlands
    Thanks, CaptainLeonidasHMPA.
    It's the same detection as reported by Krusty, some days ago.
     
  5. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    39
    Location:
    The Netherlands
    Oeps,

    Did not pick that 1 up.
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    1,637
    Location:
    the Netherlands
    Don't worry, CaptainLeonidasHMPA.
    I think it's excellent that you posted as well.
    That way it demonstrates it wasn't some single glitch, but it's on different systems that HMP detects TOR components as 'malware'.
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,577
    Location:
    The etherlands
    I think the Lomans must be on a summer vacation. They haven't been on Wilders for about three weeks now.
     
  8. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    25
    Location:
    Italia
  9. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,891
    Location:
    Among the gum trees
  10. CaptainLeonidasHMPA

    CaptainLeonidasHMPA Registered Member

    Joined:
    Aug 14, 2016
    Posts:
    39
    Location:
    The Netherlands
    Concerning the false possitive on a tor browser file I have gotten this response from HitmanPro support. The file is to be whitelisted by tomorrow

    Lisa - HitmanPro Support (Support)

    Jul 31, 16:55 CEST

    Hello #########,

    Thank you for sending the log file.

    I asked our tech team to whitelist the file.
    By tomorrow the file shouldn't be detected anymore.

    Best regards,

    Lisa
    HitmanPro Support

    Want to see HitmanPro.Alert 3 in action? Watch this video: https://www.youtube.com/watch?v=XrSP-CMjuFk
     
  11. dmex

    dmex Registered Member

    Joined:
    Aug 3, 2017
    Posts:
    2
    Location:
    Australia
    I installed HitmanPro and made some observations:

    1) HitmanPro will only detect something when it's not located in the Program Files directory (whitelisting?)
    2) HitmanPro uses the Kaspersky database for it's scanning.

    For example the scan on my system produced 45 results for Process Hacker inside the temp directory:
    http://i.imgur.com/h0apqTy.png

    The Process Hacker updater downloads the setup into the Temp directory during the update process and (since the setup is also used for uninstallation) the same file is copied into the Program Files directory:
    http://i.imgur.com/cwINa1M.png

    However, HitmanPro did not detect the exact same files inside the Program Files directory?

    Entries named "not-a-virus" are also shown as malware and quarantined by HitmanPro?
    http://i.imgur.com/xARMrn5.png

    Does HitmanPro have a choice in how to handle different types of detections via the Kaspersky API and have they given anyone guidance on how to handle those types of entries?

    Thanks

    -dmex
    Lead Developer
    Process Hacker
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,577
    Location:
    The etherlands
    The devs seem to be away, hopefully back soon to respond.
     
  13. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    25
    Location:
    Italia
    FP utorrent, FP TOR not resolved .... but what the heck happens to HitmanPro?
     
  14. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,774
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 3 Files and whitelisted the 3 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  15. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,577
    Location:
    The etherlands
    Latest Unchecky 1.0.3 flagged as malware. FP.

    Edit: More precisely, unchecky_svc.exe. It is 4/65 on VT but still a FP.
     
    Last edited: Aug 12, 2017
  16. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    1,774
    Location:
    Germany
    Hi @erikloman and Hi @markloman

    Can you check the 3 Files and whitelisted the 3 Files please. I use the FP function into the Programm to submit the Files to you

    With best Regards
    Mops21
     

    Attached Files:

  17. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,118
    Location:
    Da mean streets of Brooklyn
    Still couldn't enable right-click scan out of the HMPA box, but discovered in the set-up window after first-time launch, if I click "create a desktop icon" in the "yes" section of scan options and launch HMP from that, I can enable it (Shell Integration in Settings). :) This is subscription scanner.

    Screenshot (4).png
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,109
    I can see tons of False Positives, especially all tools from Excubits are affected:
    Code:
    (available via https://excubits.com)
    Name    cmdscanner_demo.exe
    SHA-256 CD5C36770FCB596B2D1DC4402C78054A42CFF0AF5222C93F1C385EAE2996483D
    Name    pumpernickel_demo.exe
    SHA-256 9B94F3817A681D0FDC87B3AFE4B048C619AF3560B570610BD17AC168A62803C8
    Name    memprotect_demo.exe
    SHA-256 4CABE06D1E068556A06AA9079CE49942F1201A5B28AB1BD0EA8EB0A8446547B5
    Name    mzwritescanner_demo.exe
    SHA-256 9040068B326F5C5BA4647FBEAF3D15BC28AC57A682C4A14E93CD0AC3A41EE8B9
    Name    bouncer_demo.exe
    SHA-256 E266D3E95A26B5D7DB1A960E63474ED23427B5342AC4337632F1462E1535D872
    
    Only detected by Sophos:
    
    Name    Admin Tool.exe
    Location    C:\Program Files\Excubits\Pumpernickel\Tools\32-bit
    SHA-256 E7DEB4ED29DD511C0C07926FDD3EC8E9F2D808048411DE43F49442AB9C11A61B
    Name    Tray.exe
    Location    C:\Program Files\Excubits\Pumpernickel\Tools\32-bit
    SHA-256 C44534DCA63410B8856C2B735E35171B105192649291EF4C980AC6AF854F49F7
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,891
    Location:
    Among the gum trees
    Sadly, that seems to be the norm lately.
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    3,109
    And the real-time protection of HMP.A is using the same cloud, this means it has the same False Positives :ninja:

    The status of the file obfs4proxy.exe (a file from Tor Browser) which was mentioned several times #7838 #7835 #7831 #7828 ...etc.
    is (surprise, surprise) still detected as malware o_O
     
  21. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    1,637
    Location:
    the Netherlands
    I don't know what's going on at Sophos/SurfRight, but it's not good. :(
     
  22. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Huh? o_O
     
  23. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    1,637
    Location:
    the Netherlands
    @Tinstaafl,
    My previous post was in response to what mood reported, HMP/HMPA false positives detections that are said to be whitelisted by Sophos/SurfRight support, but just aren't.
     
  24. Theblackstar

    Theblackstar Registered Member

    Joined:
    Mar 27, 2016
    Posts:
    25
    Location:
    Italia
    Disturbing silence .... someone knows if Erik and Mark Loman were a Las Vegas in the company of Marcus Hutchins?? :doubt:o_O
     
  25. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    1,118
    Location:
    Da mean streets of Brooklyn
    This is the yearly reunion of the "Where are the Lomans" party. Last year was better.
     
Loading...
Similar Threads
  1. Umbra
    Replies:
    22
    Views:
    1,894