HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    So you get the Error 203 with the 873 beta build?
     
  2. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,297
    Ptoblem with 871 posted here. Can someone help or explain why I'm getting the CredGuard mitigation?
     
  3. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
  4. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    216
    I didn't feel any of that. I just noticed the error when I started viewing the diagnostic data.

    2020-07-10_115113.jpg
     
  5. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    216
    ExpressVPN is protected by HitmanPro.Alert, but I don't see it listed under "Your application". HitmanPro.Alert version: 3.8.6 build: 875

    2020-07-23_053253.jpg 2020-07-23_053400.jpg 2020-07-23_053416.jpg 2020-07-23_053436.jpg 2020-07-23_053450.jpg
     
  6. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    83
  7. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Is this problem ever going to be fixed? Mentions of it many time over the last few years.
    Has to be unchecked to play Steam.
    Windows 10x 64 1909

    2020-07-23 13_53_13-Window.png

    2020-07-23 13_55_45-Window.png
     
  8. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    I'm running Windows 10 x64 1909 and have no issues with running Steam. Did you add Steam as a protected app?
    Mine isn't out of the box.
     
  9. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    yes (protected app).
     
  10. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    Then that is the problem. Adding software manually to HMPA is a recipe for errors. Just stick to the pre-defined software list.
     
  11. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    That didn't work after taking it off the protected list and restarting the computer, still the same.:eek:
     
  12. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    Ok, didn't expect that. :D
    What version of Steam are you running?
    I run:
    upload_2020-7-27_21-50-25.png

    upload_2020-7-27_21-54-36.png

    @RonnyT
    Is this indeed a known issue for some that I don't know about?
    Is there some other setting @Circuit can check?
     
    Last edited: Jul 27, 2020
  13. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Your photo show "Code Cave Mitigation" mine is "DLL Hijacking" that gives the problem.

    Happening since started using Windows 10. Never a problem on Windows 7.
    Always keep steam up to date looks like you run the beta client,
    mine is Jul 10 2020, version 1594863892
     
  14. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    114
    Location:
    Netherlands
    I'm not in the Steam beta program, just got a newer version when I started Steam today:
    upload_2020-7-29_22-4-55.png

    "Code Cave Mitigation" is just highlighted by my mouse cursor.

    upload_2020-7-29_22-6-34.png

    Here a screenshot without it:

    upload_2020-7-29_22-7-11.png

    I don't know if enabling Steam as a protected app is really necessary. Hopefully we'll get an answer to that soon.
     
  15. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Same here (steam update), no change. Tried it again without protection. The same.

    2020-07-29 14_15_31-About Steam.png

    2020-07-29 14_12_05-Steam - Fatal Error.png
     
  16. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,166
    Location:
    Under a bushel ...
    HmP.A v3.8.6 build 875. (Posting here, but not sure if it shouldn't be in the other thread).
    Win 10 Pro v1909 build 18363.959

    When running MiTeC Task Manager Deluxe x64:

    MITRE ATT&CK

    Supply Chain Compromise - ID: T1195, Tactic: Initial Access

    May be true, though I think the app is trustworthy :doubt: ... clean on VT anyway.
    Code:
    Mitigation   HeapHeapProtect
    Timestamp    2020-08-01T09:49:48
    
    Platform     10.0.18363/x64 v875 06_45
    PID          21256
    Feature      003D0A30000001A6
    Application  C:\WSCC\MiTeC Utilities\x64\TMX64.exe
    Created      2020-08-01T09:48:00
    Description  Task Manager DeLuxe 3.0
    
    Callee Type  AllocateVirtualMemory
                 C:\WINDOWS\System32\advapi32.dll
    
    Shellcode (HHA) (0x00007000 bytes)
    Owner of CALLER: (anonymous; allocated by 0000000001071F02, TMX64.exe)
    
    OwnerModule
    Name         TMX64.exe
    Thumbprint   a2a4976fe6b207bbcf4c21af966fe96f50ac2a6d98357e72763a725bb28d0bdb
    SHA-256      7fcc9a4b035970b0bce9307d371bf5d7aa2437b782cca79ee79d66428f4cb3a2
    SHA-1        58400bebc7da5b1699e20a0a3e75969b1c44683b
    MD5          cb78fd5af7ca803830bcdba865081b97
    
    000000000135F789  ff5718                   CALL         QWORD [RDI+0x18]
    000000000135F78C  eb01                     JMP          0x135f78f
    000000000135F78E  b785                     MOV          BH, 0x85
    000000000135F790  c07202e9                 SAL          BYTE [RDX+0x2], 0xe9
    000000000135F794  e107                     LOOPZ        0x135f79d
    000000000135F796  0000                     ADD          [RAX], AL
    000000000135F798  eb02                     JMP          0x135f79c
    000000000135F79A  a3d84c8d1d77170000       MOV          [0x17771d8d4cd8], EAX
    000000000135F7A3  eb02                     JMP          0x135f7a7
    000000000135F7A5  a2bf8b4f14eb017633       MOV          [0x337601eb144f8bbf], AL
    000000000135F7AE  d274030b                 SAL          BYTE [RBX+RAX+0xb], CL
    000000000135F7B2  54                       PUSH         RSP
    000000000135F7B3  b84903cbeb               MOV          EAX, 0xebcb0349
    000000000135F7B8  0228                     ADD          CH, [RAX]
    000000000135F7BA  3541b80008               XOR          EAX, 0x800b841
    000000000135F7BF  0000                     ADD          [RAX], AL
    
    ----- SNIP HERE -----
    AAAeAQDwNQEAAAAAifc1AQAAAAAA8DUBAAAAAAAwCgCLjCSAAAAASIXJdAhJi9XoRwUAAE2F9nRdQYoGSf/GhMB0UzwNdPI8CnTuSf/OSYvWigJI/8KEwHQIPA10BDwKde/GQv8ASYvOTYuUJCgBAABB/1IYg/gLdRxJi85Ii5QkkAAAAEiF0nQMTYuUJCgBAABB/1IQSf/HM9K53fVTzUUzwLJDQf+UJAACAABIi8sz0kG4AIAAAEyL0EH/VCQYSYvHSIPEUFtBX0FeQV1BXMNBvwQAAADrwFVBVEFVQVZIg+wISIvsSIPsUEiJTTBIiVU4TIlFQEyLFbKq//9IuYQBAIAAAAAAQf+SMAIAAJySNLN9xBamLV9TBU0ob+BfGs8K9gtCu901+49I4g6vpIa6g6IWc8flfpYnQgiqBr6/hJ/7HCxgeTVnwqm5Eq/uDEkXNlsPlqt+9/+OGRfRJroWCIqOq1YoYaLwnAM1Xe9pKvQ5/UL3v/hC5o7lPVL02LKPl5LB0+ba0Au6J7oh5+AhQfyDLCv5pkhVtOK1gwQY3E6NWQcAXWY9l7k7gUvIdiliqEtN+VwmfMPWrfyJEdUHvwla26bQMHtDVdXIQPJz5pD5P9uNS5GSGe6DGyUxGC4FxJ6Uw13sJwoQajhyoiOewfhbSYdo8ZByhxHWe0KxZSj7l3Sars3vsfx2fRvWPp//jfkPRUn33obcsQN4rNL9MV1shZM4ak+BJFO2rS8bIDfPxPJ3aEXU6lr4CAhaCxJfnTTMtxWYUg5JphQr2unuNHG9QFGmgXtSfoPFPzBhPaiXhlF+IvNAXv+332YUOd6VZkwu0pgge0q4B8MM8O4JF9s2O5yyf6fws+j4ssIPdBJMixUWqf//SLmEAQCAAAAAAEH/kmACAABJi8VIjWUIQV5BXUFcXcNVQVRBVUFXSIHsKAEAAEiL7EiD7FBIiY1QAQAASImVWAEAAEyJhWABAABMixXFqP//SLkwAgCAAAAAAEH/kjACAACGFEdfzbgx+z/O2yFKl1iuPGdf7QO6iYhPpSKvNVh/MGH+kzOy+LVU0ldRhmF1Vd9/n1hzvZTFP/HeYefCaxHZSbyOphsQmb7fWKBfXuqVeE7Ng/MYHvuQwR+/sNp2kxl06DlJA15hAcx21HNyaG9sXWx+CcGjiI2RxfH1M5Caxhwr8Rtn/qq1sb0tNvCgRbVDrek642kwCYPewKK6babfNDOIzX895v10DIayDQKmOFnuSwvMGne7hKArSIh4eXayD06oLrqnm+RBRulCDk2dBlo/et5PrZQqBEEB4BPKuyMfZW0arSwHw5KZI2c1MoLsYte3iavFx4ilj6onE3CzoZYFUptE7WKz0QJH0cU2LydNo4/PqEaW4mVrvF3/+//feONz5n0835nsFp5oxs3b83Kcd5VCLh3YDH0r/xLjCmjg56eVEQGTw1eP+ls98PkI4O0HPVuID82WSgf8bRENt0f4u+P4UQpFAvakgvqw0GcDFqeYdgmIMKWQ/TgRWLqyiQWtMZauMZJMky37VP5w5ok/NvuTx1W4wf01b2MUZSmWhWCYkccn7AinKTFaqYYwjRrs9kPQhFhnXMQJC1RGgRUlAfkuo1kb+rDPdAGtrh+EEScGIbcoZZfsdds9IX3F6g1moQYn+bMPx++urLHRfHP8FlpAt1Sd7+ymG+tkGjBEvcB7+A1tN7VOH4OZFGvPUnYXqq1b9b6ksE/B+n28koUtB428Thl+9a1I33FE60yLFX2m//9IuTACAIAAAAAAQf+SYAIAAEmLx0iNpSgBAABBX0FdQVxdw0yLwYoCSP/ChMB0Dzx6d/M8K3LviAFI/8Hr6MYBAEiLwUkrwMNMi8GKAkj/woTAdBc8WnfzPEFzCDw5d+s8MHLniAFI/8Hr4MYBAEiLwUkrwMNBVEiD7FBIiUwkYEiJVCRoTIsl8aX//02LlCQoAQAAQf9SGIP4C3U3SItMJGBIi1QkaE2LlCQoAQAAQf9SEE2LlCTQAQAATYXSdBRIi0wkaDPSQf/ShcB0BjPA/8DrAjPASIPEUEFcw0FUQVVXQVZIg+xYTIsljqX//0iL+UyL8TPSufwDmXVFM8CyQ0H/lCQAAgAATIvoZoM/AHQ4SP/HSP/HZosHZoXAdCpmg/hcdRxmg3/+OnQVM9JJi85miRdNi9VB/1QkGGbHB1wASP/HSP/H685Ig8RYQV5fQV1BXMMAAAAAAAAAOLUsAQAAAADpKA4AAFXrAhUBVusDLVInV+sCoRZT6wJoikFV6wJLeEFW6wL2S0FX6wKiaEiD7BDrArixSIvs6wH/SIPsUOsDLiYUSIlNUOsBZUiJVVjrA/ZLwEyJRWDrAz7KxcdFBAAAAADrAWfHRQgAAAAA6wLav0yLPYD////rA2OTQESLagTrAimrTQOvUAIAAOsC8r5Ji/jrAj6MTYvx6wK/uIsa6wFP6IkRAADrAyWHG4XAcQHT6bEEAADrA/IRZEgBVTjrA99kIzPJfgNHA7VIi1U46wJrMkG4ADAAAOsD2wWTQblAAAAA6wLIm0yLVQDrAf9B/1cY6wG3hcByAunhBwAA6wKj2EyNHXcXAADrAqK/i08U6wF2M9J0AwtUuEkDy+sCKDVBuAAIAADrAbhMi1UQ6wIZfEH/VxjrAfBIhcBwK+kyBAAA6wKBkjPScnq5tl3mGesDIpSRTTPAfweyR+sCJohB/5cAAgAA6wMle6HpBRQAAOsCNvdIg8Eo6wFL/8jrAb0PhQYSAADp/wYAAJDrAguKD4TXBQAA6ZUAAACQ6wL2JLgiAwAA6wG56TcFAADrA2kMzet862B06wPo0Gu6EgAAAOsDFawbSIvO6wE1A1UE6wG0Qf9XeOsCK6GFwHMBFA+EnwMAAOl9CwAAkOsCIqhMjUb76wEtTCvH6wFGTYvI6wF5SffZ6wPBV9xB98AAAACAcQEVTQ9EyOsCAHxJgfn///9/6wJBvulXAgAA6wIKr0iDxxzrAmnnSP/L6wEAD4UTBwAA6fYDAACQ6wFqZoP4CusDC5cpdDvrAbaQ6Z8AAACQ6wGPM9Jw27njE7Qd6wIjqk0zwHMCyHGyR+sCaA1B/5cAAgAA6wO9tU/p5RIAAOsB4UmJfQDrA0QLb0iNNUwVAADrA6JcBrmPAAAA6wLcBPOk6wNmZHYz0nBDucR+NlnrAcpNM8BxAmvnskfrAiCQQf+XAAIAAOsBsUiLz+sBEUyL0OsCJnpB/1cY6wH2SI1/aOsBhulWBQAA6wMzoyy4MAMAAOsBSOn6BQAA6wEmx0UAAAAAAOsCS49Ii01Q6wK+4kGKBusD3qa/qAhwww+F5A0AAOmgBAAAkOsBdYtBPOsCQIFIA8jrATmBOVBFAADrAwKSaw+F+wYAAOmlBAAAkOsCPfj3RwgQAAAAcQG6dC7rAdiQ6Yb9//+Q6wK6rSvQ6wF+AVUE6wND37TpWAEAAOsCCVTpPRIAAOsDC7LgTI0d2BQAAOsCyAGLTxTrAgu5M9J0AkhOSQPL6wIxZ0G4AA4AAOsBO0yLVRDrAik9Qf9XGOsDR/edSIXAcwK/kOnVAQAA6wLBHTPScOS5lASy2esBfU0zwHkB5rJH6wERQf+XAAIAAOsBLkyL0OsCAYBB/1cY6wG5SbhIjQUBAAAAw+sDAK3pSYl9AOsDCJHHTIkH6wGjTYuXmAAAAOsBD0iNTwjrAXFIi9DrAqNlQf9SIOsDuljGTYuXmAAAAOsBckiNTwjrAumnQf9SMOsDMY66SI18RwrrARLpqQ4AAOsCTOQPh5ACAADpVgEAAJDrAg+sTYuXmAAAAOsBEUmLQijrA7gicUmJRQDrAiqA6SURAADrARVNi1do6wM9JSZNhdJynQ+EhA0AAOnoEAAAkOsDAYZMZoP4AusBog+EB////+nGCAAA6wFMSYPGDOsCaxRJg8UI6wEJ/8vrA4Ewiw+FCv7//+sk4PYI6wE7RANBCOsCCYBBO9DrAtuqD4NR/P//6RIMAADrAvapSIvH6wNHTr5IK0Vg6wHSSIXAcocPhWIRAADpww0AAJDrAqBjK8LrA2laHClFBOsDhIyu64nrAsK4D4QTAgAA6VgDAACQ6wHHD4XzAwAA6eUCAACQ6wK+mEmJfQDrAanpX/z//+sDPZhgTYuXmAAAAOsDTigtSYtCMOsC05pJiUUA6wPBhhzpIRAAAOsB/g+FrQMAAOm0DAAAkOsCwf5Ii8LrAhX2SCtEJGjrAkIY6U4OAADrA6IE1cYH6esC6H5EiUcB6wGFSIPHCOsB80iD5/xzA2tSiINFAAjrAduDZQD8cwE06cMPAADrArjiQWsAIOsBcEgD0OsBf0mDwBzrAcb/yesDQopldePpfvr//+sCqTRIi00o6wFFSItVOOsCKZhBuCAAAADrASJMjY2AAAAA6wK7K0yLVQjrARNB/1cY6wO6F9a5AAEAAOsBZYsVaxEAAOsB3UkDl1ACAADrAdtEiwVTEQAA6wJBEUnB4APrAj3eTI1NYOsBjUH/l7gAAADrAt2dTItFQOsDIYfxTItNSOsCEJ9Mi1VQ6wO+EttMi11Y6wEaTDlFYOsCQXvpnwoAAOsCPahIjaWQAAAA6wIuNVvrAmiIQVzrAUhf6wJpRkFf6wLAy13rA7gbecPrA2gm7unDDgAA6wJOfEjHB/8lAADrA/e3mUiJdwbrAUVIg8cR6wMTbItIg+f8cDuDRQAR6wI2NYNlAPxzAsgn6YgOAADrAkUCSIvI6wJHKjPSd/NB/9DrASjpjAsAAOsBArgEAwAA6wHk6Wr////rAoSniEUM6wEx6Yf7///rA0X/ojPSeMO5pBqG0OsCaWZNM8B+AwC2orJH6wIKQkH/lwACAADrAYvpvQ0AAOsCTqJBi0AG6wJrVEH2AAFzATEPhWAFAADpqwMAAJDrAbSoEHMCuYwPhacEAADp6goAAJDrA0/AbmaD+AfrATwPhJX8///pTw4AAOsBNmaBeQRkhusDuuvmD4VAAgAA6UUCAACQ6wOikZ+LUVjrA0EufUiNiYgAAADrAbWLAesDKIFohcBzA4NufQ+EDwIAAOn4BAAAkOsBHemCDQAA6wJjYunSCgAA6wOiSnxMi1Ug6wGBQf9XGOsBs4P4V+sCD2YPhPoJAADpHPv//5DrA8FpCjPAf6zD6wG7D4SqAwAA6fYCAACQ6wOiSgVNi5fQAAAA6wI5U0mLFMLrAgKESYlVAOsD3LAQ6RQNAADrAqnshdJxArs3D4Sq/v//6fIBAADrAwuI0A+EiQgAAOkXAwAAkOsBhPdHCAgAAABxAQUPhHkBAADpsPj//5DrAgFzSIvI6wOhkzwz0nUR/8LrAQNB/1dw6wI+QemDDQAA6wMzlJ5Ii01Q6wHrSIvQ6wIlpugsDQAA6wEchcBzAsFOD4UPDAAA6ZAHAACQ6wOpXmj3RwgCAAAAcQITnw+E5gEeAgDrAwuI0A+EiQgeAgDpFwMeAgCQ6wGE90ceAgge
    ----- END SNIP -----
    
    Stack Trace
    #  Address          Module                   Location
    -- ---------------- ------------------------ ----------------------------------------
    1  00007FF87B052238 KernelBase.dll           VirtualAlloc +0x48
    
    2  000000000135F78C (anonymous; TMX64.exe)
                        eb01                     JMP          0x135f78f
    
    
    Loaded Modules (36)
    -----------------------------------------------------------------------------
    0000000000400000-0000000001076000 TMX64.exe (MiTeC),
                                      version: 3.6.0.0
    00007FF87DFC0000-00007FF87E1B0000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.18362.815 (WinBuild.160101.0800)
    00007FF87C2D0000-00007FF87C382000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87AB50000-00007FF87AC61000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.8.6.875
    00007FF87AFF0000-00007FF87B294000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87DB50000-00007FF87DCE4000 user32.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87BFF0000-00007FF87C011000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87D5E0000-00007FF87D606000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87BE00000-00007FF87BF96000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87BD60000-00007FF87BDFE000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.18362.815 (WinBuild.160101.0800)
    00007FF87B2A0000-00007FF87B39A000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.18362.815 (WinBuild.160101.0800)
    00007FF87D980000-00007FF87DA23000 advapi32.dll (Microsoft Corporation),
                                      version: 10.0.18362.752 (WinBuild.160101.0800)
    00007FF87DAB0000-00007FF87DB4E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.18362.1 (WinBuild.160101.0800)
    00007FF87D540000-00007FF87D5D7000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87C1B0000-00007FF87C2D0000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.18362.628 (WinBuild.160101.0800)
    00007FF87CE50000-00007FF87D536000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87C020000-00007FF87C06A000 cfgmgr32.dll (Microsoft Corporation),
                                      version: 10.0.18362.387 (WinBuild.160101.0800)
    00007FF87C3A0000-00007FF87C449000 shcore.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87D610000-00007FF87D945000 combase.dll (Microsoft Corporation),
                                      version: 10.0.18362.900 (WinBuild.160101.0800)
    00007FF87BCE0000-00007FF87BD60000 bcryptPrimitives.dll (Microsoft Corporation),
                                      version: 10.0.18362.836 (WinBuild.160101.0800)
    00007FF87B550000-00007FF87BCD2000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87AEF0000-00007FF87AF13000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.18362.693 (WinBuild.160101.0800)
    00007FF87AE80000-00007FF87AECA000 powrprof.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87AE70000-00007FF87AE80000 UMPDC.dll (),
                                      version:
    00007FF87C450000-00007FF87C4A2000 shlwapi.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87AF20000-00007FF87AF31000 kernel.appcore.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87BFA0000-00007FF87BFB7000 cryptsp.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87D950000-00007FF87D97E000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.18362.387 (WinBuild.160101.0800)
    00007FF8530D0000-00007FF85317F000 a2hooks64.dll (Emsisoft Ltd),
                                      version: 2019.02.0.1903
    00007FF879DB0000-00007FF879DE1000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF878FD0000-00007FF879069000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.18362.449 (WinBuild.160101.0800)
    00007FF87C070000-00007FF87C1A5000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.18362.900 (WinBuild.160101.0800)
    00007FF87C8E0000-00007FF87C9A5000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.18362.959 (WinBuild.160101.0800)
    00007FF87A130000-00007FF87A163000 rsaenh.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    00007FF87BFC0000-00007FF87BFE6000 bcrypt.dll (Microsoft Corporation),
                                      version: 10.0.18362.267 (WinBuild.160101.0800)
    00007FF87A790000-00007FF87A79C000 CRYPTBASE.dll (Microsoft Corporation),
                                      version: 10.0.18362.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\WSCC\MiTeC Utilities\x64\TMX64.exe [21256] 2020-08-01T09:49:48
    2  C:\Windows\System32\svchost.exe [1516] 2020-08-01T08:54:42
       C:\WINDOWS\system32\svchost.exe -k netsvcs -p -s Schedule
    3  C:\Windows\System32\services.exe [972] 2020-08-01T08:54:38
    4  C:\Windows\System32\wininit.exe [892] 2020-08-01T08:54:38
       wininit.exe
    5  C:\Windows\System32\smss.exe [752] 2020-08-01T08:54:37 823ms
       \SystemRoot\System32\smss.exe 000000c4 00000084
    6  C:\Windows\System32\smss.exe [608] 2020-08-01T08:54:36
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    
    Thumbprints
    c73f6197a94f0c79e48e73f4b05df77f95de6076cdc5650f2e555d1ba9b33b55 (code)
    a2a4976fe6b207bbcf4c21af966fe96f50ac2a6d98357e72763a725bb28d0bdb (ownermodule)
    cc4c06c5081d14b94f7a5d248aa6208a7725bf208e1a637ddeceb62aa653545b (pfn)
    
     
    Last edited: Aug 1, 2020
  17. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    186
    Location:
    Canada
    I have one that is questionable as well. I'm trying to run the latest version of the .NET Version Detector found here.

    Code:
    Malware found:
    Trojan.GenericKD.43420259
    D:\Users\XXX\Desktop\PortableApps\dotnet.exe
    Mitigation   MalwareBlocked
    Timestamp    2020-08-01T18:41:04
    
    Platform     10.0.18363/x64 v875 06_2a
    PID          1852
    Application  D:\Users\XXX\Desktop\PortableApps\dotnet.exe
    Created      2019-05-08T09:08:45
    Description  Trojan.GenericKD.43420259
    
    
    Process Trace
    1  C:\Windows\explorer.exe [1852] 2020-07-30T17:33:18
       C:\WINDOWS\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
    2  C:\Windows\System32\svchost.exe [1052] 2020-07-28T14:02:07
       C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
    3  C:\Windows\System32\services.exe [972] 2020-07-28T14:02:07
    4  C:\Windows\System32\wininit.exe [900] 2020-07-28T14:02:07
       wininit.exe
    5  C:\Windows\System32\smss.exe [728] 2020-07-28T14:02:04 3.0s
       \SystemRoot\System32\smss.exe 000000cc 00000084 
    6  C:\Windows\System32\smss.exe [552] 2020-07-28T14:02:01
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    
    Thumbprints
    31d5f4e863ad99df8cb35d43fda4f48e8eabbd5822af7e7201404cd99f6e9d76
    
     
  18. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    Another problem, this time with Uplay Launcher when Uplay is protected.

    2020-08-02 15_49_50-.png
     
  19. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    That's probably their anti-cheat engine doing tricks, if you wish to run this stuff protected you'll either have to use "Suppress Alert" or disable the "Control flow" protection for it.
    (the steam issue is different, but I need more details there as this is not an issue on most machines, only in certain scenario's it seems, on which drive is steam installed?).
     
  20. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Is that a single issue, or are there more crashes? in that case we need to catch a memory dump.
     
  21. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
  22. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    216
    Everything was fine and everything is fine. I just saw the "error". There was no crash or anything I would have noticed. I only saw the "problem" when I opened the Diagnostic Data Viewer.
     
  23. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    216
    Maybe that's why, as Libraman says too? Maybe you inherited the protection of Firefox?

    2020-08-06_092020.jpg
     
  24. Circuit

    Circuit Registered Member

    Joined:
    Oct 7, 2014
    Posts:
    939
    Location:
    Land o fruits and nuts, and more crime.
    "D:"
     
  25. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    268
    Location:
    Planet Earth
    Can the one's with the working steam confirm they are all on drive "C:" ?
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.