HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    You should not experience ANY slowdown with Alert on the computer.

    What site are you viewing?
     
  2. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    207
    E.G. BBC site
     
  3. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    @erikloman / @markloman

    I added Drobbox manually to template "other" (which btw. is a bit hard to do cause dropbox has no real window to catch)
    If I want to start dropbox.com via TrayIcon Alert jumps in because Dropbox performs a ROP. Works if I disable CFI. But: Is it possible to add some sort of exclusion for this dropbox ROP in further versions?

    Code:
    Protokollname: Application
    Quelle:  HitmanPro.Alert
    Datum:  26.01.2015 19:20:10
    Ereignis-ID:  911
    Aufgabenkategorie:(9)
    Ebene:  Fehler
    Schlüsselwörter:Klassisch
    Benutzer:  Nicht zutreffend
    Computer:  NBx230
    Beschreibung:
    Mitigation  CallerCheck
    
    Platform  6.3.9600/x64 06_3a
    PID  3524
    Application  C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe
    Description  Dropbox 3.0.3
    
    Callee Type  CreateProcess
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    
    Stack Trace
    #  Address  Module  Location
    -- -------- ------------------------ ----------------------------------------
    1  74B3CDAC KernelBase.dll  CreateProcessInternalA +0x2bc
    2  74B3CA9C KernelBase.dll  CreateProcessA +0x2c
    
    3  1E0DC427 (anonymous; Dropbox.exe) PyToken_ThreeChars +0x1437
      53  PUSH  EBX
      8bf8  MOV  EDI, EAX
      e861000100  CALL  0x1e0ec490
      83c404  ADD  ESP, 0x4
      85f6  TEST  ESI, ESI
      7411  JZ  0x1e0dc447
      8306ff  ADD  DWORD [ESI], -0x1
      750c  JNZ  0x1e0dc447
      8b4e04  MOV  ECX, [ESI+0x4]
      8b5118  MOV  EDX, [ECX+0x18]
      56  PUSH  ESI
      ffd2  CALL  EDX
      83c404  ADD  ESP, 0x4
      85ff  TEST  EDI, EDI
      5f  POP  EDI
      5b  POP  EBX
      7514  JNZ  0x1e0dc461
      ff15a8c0211e  CALL  DWORD [0x1e21c0a8]
      50  PUSH  EAX
      e8c7df0100  CALL  0x1e0fa420
      83c404  ADD  ESP, 0x4
      5e  POP  ESI
      83c478  ADD  ESP, 0x78
      c3  RET 
    
    
    Ereignis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
      <Provider Name="HitmanPro.Alert" />
      <EventID Qualifiers="0">911</EventID>
      <Level>2</Level>
      <Task>9</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2015-01-26T18:20:10.000000000Z" />
      <EventRecordID>460921</EventRecordID>
      <Channel>Application</Channel>
      <Computer>NBx230</Computer>
      <Security />
      </System>
      <EventData>
      <Data>C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe</Data>
      <Data>CallerCheck</Data>
      <Data>Mitigation  CallerCheck
    
    Platform  6.3.9600/x64 06_3a
    PID  3524
    Application  C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe
    Description  Dropbox 3.0.3
    
    Callee Type  CreateProcess
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    
    Stack Trace
    #  Address  Module  Location
    -- -------- ------------------------ ----------------------------------------
    1  74B3CDAC KernelBase.dll  CreateProcessInternalA +0x2bc
    2  74B3CA9C KernelBase.dll  CreateProcessA +0x2c
    
    3  1E0DC427 (anonymous; Dropbox.exe) PyToken_ThreeChars +0x1437
      53  PUSH  EBX
      8bf8  MOV  EDI, EAX
      e861000100  CALL  0x1e0ec490
      83c404  ADD  ESP, 0x4
      85f6  TEST  ESI, ESI
      7411  JZ  0x1e0dc447
      8306ff  ADD  DWORD [ESI], -0x1
      750c  JNZ  0x1e0dc447
      8b4e04  MOV  ECX, [ESI+0x4]
      8b5118  MOV  EDX, [ECX+0x18]
      56  PUSH  ESI
      ffd2  CALL  EDX
      83c404  ADD  ESP, 0x4
      85ff  TEST  EDI, EDI
      5f  POP  EDI
      5b  POP  EBX
      7514  JNZ  0x1e0dc461
      ff15a8c0211e  CALL  DWORD [0x1e21c0a8]
      50  PUSH  EAX
      e8c7df0100  CALL  0x1e0fa420
      83c404  ADD  ESP, 0x4
      5e  POP  ESI
      83c478  ADD  ESP, 0x78
      c3  RET 
    
    </Data>
      </EventData>
    </Event>
    
     
  4. JohnMiller

    JohnMiller Registered Member

    Joined:
    Nov 6, 2014
    Posts:
    48
    AVG, Superantispyware NOT realtime, EMET 4.1
     
  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    989
    With Microsoft Onedrive 17.3 no problem (build 141: Applications -> OTHER/W7 64 bits). See post #3728.
     
    Last edited: Jan 27, 2015
  6. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,590
    Location:
    South Wales, UK
    Thanks, but Erik beat you to it and has contacted me on the subject. :)
     
  7. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,081
    1Password update is considered an attack by HPA:

    Code:
    Platform  6.1.7601/x64 06_17*
    PID  552
    Application  C:\Program Files (x86)\1Password 4\1Password.exe
    Description  1Password 4.1
    
    Filename  Z:\TEMP\1Password-4.1.0.538.exe
    
    Command line:
    "Z:\TEMP\1Password-4.1.0.538.exe" /StartAgent=Y
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,036
    Location:
    Baden Germany
    Z:\TEMP\1Passw..."

    Seems, like another one tampered his OS...
     
  9. 93036

    93036 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    108
    My key stopped working after I updated to this build :(
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Looks like the update file is corrupt. Can you check for update again?
     
  11. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Sent you PM.
     
  12. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you try tuning off the Ad Blocker? See if that has an effect on the loading...
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    See Email

    Pete
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Haven't got anything yet.
     
  15. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Haven't sent it. Hang on.

    SENT
     
  16. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    207
    BBC sites are all already whitelisted in my adblocker (ublock).
     
  17. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Ok will have a look in the lab if we can reproduce and come up with a fix. Thanks for reporting.

    Oh, what version of Windows and what AVs are you running?
     
  18. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    207
    Chrome 64-bit, Win 8.1 x64 and Emsisoft (though I did try with Emsisoft uninstalled and no AV with same issue)
     
  19. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    416
    I also experience this, but I already reported this to Eric, but I reported it a few build back, problem still exist thou.
    If you have Facebook, please try to scroll down past some videos to see if you also get the delay there?

    /E
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I will see if I can find the culprit.
     
  21. erik I tried activating my license with HitmanPro but it says "This product key has reached the maximum number of activations".

    Seriously what the hell kind of crap is this. I bought a 3 year license I should be able to use it when ever I bloody want.

    erik can you fix this issue for me? I'm not very happy since I paid for a 3 year license.
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590

    You are much more likely to get the result you want, if hold the insults and try being polite.
     
  23. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    207
    Sorry, don't use Facebook.
     
  24. Moose World

    Moose World Registered Member

    Joined:
    Dec 19, 2013
    Posts:
    744
    Location:
    U.S. Citizen
    @erikloman

    Could you check my post on malwaretips.com. From: Moose

    @erik Loman,

    Just downloaded and install Hitman Pro Alert. It also, install Hitman Pro and I do NOT see it how to uninstall it Hitman Pro?
    > Strange,why? All I wanted was Hitman Pro Alert?
    > Asking me to renew my Lic.,Key for Hitman Pro?
    > Scan time with Hitman Pro is 8:32.
    > Also, saying that is running with limit functionality? Please, explain what is meant by this?
    > I have NOT use Hitman Pro for over 2.5 years? Maybe,longer!
    > Could you help me with this?
    > Also, answer the post #28 2nd part and post #30 on malwaretips.com

    Also, could you provide a link for a uninstall/removal tool just of Hitman Pro Alert? Just in it conflict with something on my PC's. A couple of years back, I had to use their Hitman Pro Alert uninstall/removal tool. Because it would not uninstall and was conflicting with another security software. You could P.M. me and/or post here with the link? For the uninstall/removal tool! It you can not find, get with me when you do?

    Kind regards,

    Moose World
     
  25. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I posted a response.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.