Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.
thanks Krusty - i think i need a license to do that & don't have one on this PC
Couldn't say, but... You would need to go Settings > Advanced Interface to do it anyway.
Hello--hopefully this is posted in the right forum. The two items are:
The former occurred during system refresh of W8.1 and almost certainly contained some kind of ransomware as there were a slew of errors in Event Viewer involving VSS, Media Player, etc. As there was resultant damage to the freshly installed OS, I just loaded W10. Because I have a Lenovo machine, it's extremely useful and convenient to use the Solutions Center software to get the proper drivers for this specific model. Well, this item didn't work and come to find that it had very recently been replaced with three other programs due to remote code execution vulnerabilities. OK, I install these and while installing a driver, an Anti-VM was mitigated and the process blocked.
Please explain how a stack/pivot exploit operates. With the Anti-VM, I'd like to know what kind of malware was looking to install itself and what was it using to ride in on. Was it an installation file? Could one say the new Lenovo System Update software is still vulnerable? Any replies are very important and are gratefully accepted. If you need the full Anti-VM report, it's still in Event Viewer, please instruct how to obtain it. The screenshot of the stack/pivot is all I have remaining of that incident.
What is the latest HMPA stable build. I have built 343 now. I thought i would be auto updated to the new stable build.
Build 351 will go out tomorrow morning via auto update.
HMPA 184.108.40.2063 is the latest non-prerelease build, all later builds had the status prerelease.
And there was no auto update since the update to 220.127.116.110, see my January 11 post.
Ah, thanks very much.
it runs without any problems!
Did you scan your system. How are you sure these aren't false positives?
Absolutely, yes! Insofar as these being false-positives, how could you determine that? It would be great if these were, both of them. I have the report of the incident if that would help establish whether the Anti-VM mitigation specifically is a false-positive or not. I just don't know how to get it out of Event Viewer. I am very, very doubtful the stack/pivot exploit was falsely reported. Believe me, it happened!
Has anyone observed behavior similar to the alt key sticking when alt+tabbing w/keystroke encryption enabled on build *.351?
I turned keystroke encryption on, rebooted, and noticed that sometimes task switching would stick like I was holding the alt key. After toggling keystroke encryption off in HMPA, it stopped doing it. I'm on Windows 10.
*EDIT* Looks like it's only affecting Chrome 47.x
1. Enable keystroke encryption.
2. Click on a Chrome window to ensure it's the foreground app.
3. Alt+tab. Alt key acts stuck.
Disable keystroke encryption, issue doesn't happen.
Being in the event view doesn't add any more then the pop ups you got. If you've scanned with Hitman Pro, and a couple of other good scanners and they got not hits its probable it's a false positive. Also what other symptoms did you see?
I'm interpreting this as a mitigation notice is only legit if malware is discovered in a subsequent scan. Is that the correct interpretation? I thought the primary objective of a shield is to keep the garbage OFF the machine, no? You're supposed to dismiss all notifications like this unless you have malware? I don't get it.
My machine is missing several key drivers and use of the very new software that replaces the one apparently exploited and hacked to death yields me a mitigation notice in the form of a clear screen overlay with the HitmanPro insignia stating my computer is attacked and to scan for malware now. Knowing the circumstances of this software, I take this at face value. It never, ever occurred to me to dismiss this as a false-positive.
As just one example, after the stack/pivot occurred, I had no flash player-- at all, anywhere. Not in Control Panel, Programs, nowhere. After loading numerous Windows updates, no flash. Shutdown/startup, no flash. The next day, flash player was mysteriously there.
I'd requested some descriptions of stack/pivot and Anti-VM exploits as there were notices my machine was attacked by these. I'm understandably reluctant to install anything via Lenovo right now. That was it: my request for further information so I can figure out what to do.
I also started seeing this behaviour on W10. How ever not only with 151 build, but also with the stable build.
I will check and see if toggling keystroke encryption does fixes the issue later in the evening.
Also, unlike yours, I have this problem system wide.
B/w I am on freeware mode (i. E., Mitigations are disabled)
I am curious to know if HMPA can prevent this. Looks like malwarebytes able to stop the payload at layer 3
Also, I would like to know if there will be any promotional offers or like in a month or two. Because I would like to buy an license, however the price is little uncomfortable for me.
If there are not going to be any offers in the near future, I will then go ahead and purchase.
Please do let me know.
Of course, HitmanPro.Alert 2.5 from November 2013 already catches Ransom32. Nothing new.
I cannot comment om promotional offers in the future. I see you are a Wilders member for quite some time. Please check your PM in a few minutes.
HitmanPro.Alert 3.1.1 Build 351 RELEASED
A of this minute, this build is being pushed via automatic update.
November 2013? It's not that I'm doubting you, and I do actually recognize your image from a while back, like summer of last year, when I first bought your products, but that seems odd when this just hit the news, early this month, and was supposedly just first discovered quite recently
"January 4th 2016-
That's also supported by:
What am I missing or misinterpreting here? Is it just that it's being sold as a service now? If it's just that, I feel amazingly silly and I'm sorry to have wasted your time.
What @erikloman meant was that if you were running HitmanPro.Alert version 2.5 today (which we released in November 2013), you'd be perfectly safe against Ransom32, a new cryptoware that is making the rounds today.
No problem to report so far (Autoupdate, 10 x64 build 10586.63)
Oh, I'm sorry I misunderstood. Now that makes perfect sense and that is amazing, so I must reiterate how happy I am with your product. One last last question, I bought a 1 year license for 1 PC last summer and that's going to be passing soon. I plan on buying a 3 year 3 PC license, but I only need it for 2 PCs. Is it ok if I gift the 3rd to a friend of mine overseas in England?
PDF-XChange Editor self-update generates this intercept. How do I get around this?
Edit: Tried disabling Exploit Mitigations, but still intercepted.