Hitman Pro Support and Discussion Thread

It's been almost 2 days and HitmanPro scanner still flagged this as Malware, even though Bitdefender's engine has since cleared ubm.exe.. So out of curiosity, I contacted HitmanPro support. I heard back like 15 min. later from an engineer who reported the detection was fixed and that the automated process had been taking more time. Still don't know why this was an issue in the first place; guess it'll remain a mystery for now.

Spoiler

 

Not that complicated, it got flagged by BitDefender, hence we flag it, BitDefender fixed the FP 23th of nov between 21:00 - 23:45.
File was first seen on the 19th and since then we run 're-scan's' to see if FP's have been lifted, just with the whole fleet of malware there is a time cycle, the older a file the longer between rescans, so it hasn't taken more time it would have been whitelisted automatically after a few hours more, we did a manual intervention because of the ticket raised.

 

Great, thank you for the clarification, RonnyT. It's been strange, esp. since this product already has a bad reputation for its anti-AMD bias. As of now, VirusTotal and Jotti are still not clear and this made me curious about the initial "detection."

Ironically, I no longer have the interest in running this benchmark--I bought 3D Mark from Steam. Any bench with hidden biases is dirty in my book--even if they've been (partially) rectified.

 

Well based on the remaining detection's and their names this is Generic and/or trigger happy ML because of what this tool does, on top of that it doesn't have a digital signature, so it ticks all the 'suspicious' boxes on those engines. Which isn't a verdict on if there is malicious intentions there, we haven't pulled it apart but based on the purpose of the tool it doesn't surprise me that it got flagged.

 

Hi all,

I have started a new info and support section on our Zendesk platform, please have a look and let me know what your missing any feedback is appreciated!
https://hitmanpro.zendesk.com/

 

This (WildersSecurity) forum has provided excellent support in the past and I do hope that you remain here also in the future, regardless of your new Sophos-Zendesk support section. Thanks!

 

Yes this is pure an addition, but more like a documentation and FAQ kind of concentrated location for less technical users.

 

Function 'Scan with HitmanPro' does nothing (i.e. HitmanProBeta x64 does not start).



Win10 21H2 build 19044.1348

 

Scan Computer will never start a Beta version of HMP, do you have HMP installed? if not if you do a regular install does "Scan computer" work?

 

Normally HitmanPro never installed, right-click option nontheless available. HitmanPro installed: "Scan computer" works.

 

Hello. Lately, the scan has been taking about 5 minutes instead of the routine 40-50 seconds. The reason: the scanner gets hung up on this "package for rollup fix"--likely from a recent Windows update. The problem is: I don't find where one can tell the scanner to skip this or ignore it. It keeps scanning the same thing every time and the scan takes much, much longer to complete.

It would also be nice if one can access the Settings after a scan has completed. As it is now, you have no choice but to close the UI when finished.

Spoiler: 1

Spoiler: 2

Here, I stopped the scan after 2.5 minutes, it was ridiculous. Thanks for checking.

 

HitmanPro 3.8.26 Build 322 Released (December 24, 2021)
Website
What's New
Download

Code:

32-bit https://dl.surfright.nl/HitmanPro.exe
64-bit https://dl.surfright.nl/HitmanPro_x64.exe

 

This should be fixed in the new 322 release!

 

HitmanPro v3.8.26 build 322

Changelog

• ADDED: Detection of Turla malware
• IMPROVED: Scan speed in certain scenarios
• CHANGED: Cloud components

Updates on Windows XP are broken, users need to download a fresh copy of HitmanPro to update to this version.

Download
https://get.hitmanpro.com

32-bit https://dl.surfright.nl/HitmanPro.exe
64-bit https://dl.surfright.nl/HitmanPro_x64.exe

 

Got it via internal updater. Thanks, Ronny. Scan speed has slightly improved here.

Edit: I have just rescanned my machine. Scan speed was MUCH better, really fast (only 59 seconds, which is pretty good).

 

Hi @RonnyT
What is changed for the Cloud components?

 

Got build 322 via internal updater. The scan time is back to normal but not quite the speed of the test build 320 a couple of months back. Not disappointed at all, though. Thanks, mood, for the first announcement. Thanks for the new build.

 

Unfortunately BSOD happened when I tried to launch the new release.

Crash Dump Analysis
Crash dumps are enabled on your computer.

Crash dump directories:
C:\WINDOWS
C:\WINDOWS\Minidump

On Fri 2021. 12. 24. 15:42:50 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\Minidump\122421-14281-01.dmp
uptime: 09:16:50
This was probably caused by the following module: hmpalert.sys (hmpalert+0x282DF)
Bugcheck code: 0x18 (0x0, 0xFFFF930F3C891060, 0x10, 0x1)
Error: REFERENCE_BY_POINTER
file path: C:\WINDOWS\system32\drivers\hmpalert.sys
product: HitmanPro.Alert
company: SurfRight B.V.
description: HitmanPro.Alert Support Driver
Bug check description: This indicates that the reference count of an object is illegal for the current state of the object.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hmpalert.sys (HitmanPro.Alert Support Driver, SurfRight B.V.).
Google query: hmpalert.sys SurfRight B.V. REFERENCE_BY_POINTER


On Fri 2021. 12. 24. 15:42:50 your computer crashed or a problem was reported
crash dump file: C:\WINDOWS\MEMORY.DMP
uptime: 09:16:50
This was probably caused by the following module: hmpalert_6e0000.sys (0x0000000000000001)
Bugcheck code: 0x18 (0x0, 0xFFFF930F3C891060, 0x10, 0x1)
Error: REFERENCE_BY_POINTER
Bug check description: This indicates that the reference count of an object is illegal for the current state of the object.
This bug check belongs to the crash dump test that you have performed with WhoCrashed or other software. It means that a crash dump file was properly written out.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: hmpalert_6e0000.sys .
Google query: hmpalert_6e0000.sys REFERENCE_BY_POINTER


Conclusion
2 crash dumps have been found and analyzed. 2 third party drivers have been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

hmpalert.sys (HitmanPro.Alert Support Driver, SurfRight B.V.)
hmpalert_6e0000.sys

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination with the errors that have been reported for these drivers. Include the brand and model name of your computer as well in the query. This often yields interesting results from discussions on the web by users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

 

New backend stuff, nothing should be changed and/or behave different on user end.

 

What kind of times are we talking about? and what happens if you pause the other AV scan(ners)?
You might try advanced settings disk mode compatible also to see if that makes any difference.
Other option is to run a scan with Remnants off.

 

This in fact was the ticket. Went from 44 sec to 28. So I leave it on compatible disk access until further notice. Thanks again.

Spoiler: hmp320

Edit: second scan a short time later was 23 sec. Nice.

 

@mood & @RonnyT -- 10Q for the heads-up! HMP is my major favorite scanner.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

My guru informed me that I am immortal as long as my HMP license remains active. Uhh.. any Christmas/New-Years deals on extending licenses?

 

HitmanPro v3.8.28 build 324

Changelog

• FIXED: Detection and removal of Chrome cookies
• FIXED: Windows XP Updater
• CHANGED: Terms and Condition when using HitmanPro for the first time

Updates on Windows XP are broken, users need to download a fresh copy of HitmanPro to update to this version, after this version automatic updates should work again.

Download
https://get.hitmanpro.com

32-bit https://dl.surfright.nl/HitmanPro.exe
64-bit https://dl.surfright.nl/HitmanPro_x64.exe

 

Auto updated to new HMP version today! Runs well!