HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. 59er

    59er Registered Member

    Joined:
    Mar 28, 2014
    Posts:
    46
    Location:
    Oregon
    With 562 (no license), on an XP Pro SP3 pc, boot time went from a minute or less to 2.5 to 3 minutes, with a few no starts too. Two BSOD's as well. Re-installed...no change. Uninstalled for now. Started with 546, no issues during trial and afterwards.
     
  2. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    Thanks for the help. I see it now. I use Actual Window Manager (virtual desktops, among other features) and I was always clicking on an unused desktop to open HMPA. No apps were running in that windows. Again, thanks for the help.
     
  3. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    So why call it "BAD" usb? If it is not a malware alert? What does the BAD mean in that context?
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,176
    Location:
    DC Metro Area
    Typically the undetectable "Malware"/code (imbedded as firmware) in a malicious or firmware overwritten USB stick (BaDUSB) will act by surreptitiously acting like a keyboard to install it's payload or otherwise take other malicious actions. So the BADUSB feature detects a keyboard or anything that would act like a keyboard. Or something like that.

    Thus, if you slip in a USB drive, or any USB device that is not a keyboard, and get a BADUSB warning it means that the USB drive/device is wanting to function as a keyboard input device with a high probability of malicious intent.
     
    Last edited: Oct 1, 2016
  5. TheBear

    TheBear Registered Member

    Joined:
    May 7, 2006
    Posts:
    163
    So why call it "BAD" usb? If it is not a malware alert? What does the BAD mean in that context?
    If I understand correctly, most inserted USB drives will not get a BADUSB popup. Right?
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,176
    Location:
    DC Metro Area
    Well, basically yes, I believe you are correct, but while I have never read about someone having been struck by lightning twice at the same location, there have been some people who have won The Big Game Lottery more than once.

    Forewarned is Forearmed
     
    Last edited: Oct 1, 2016
  7. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    Scan Computer goes to "Failed" after a few seconds. Rebooted with same result. No Event Viewer entry. 564beta

    UPDATE: Uninstalled, rebooted, re-installed. Same response... "Failed".

    Suggestions?
     
    Last edited: Oct 1, 2016
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,568
    Do you have HitmanPro installed?
    Edit:
    a) If you have installed HitmanPro, clicking on "Scan Computer" within HMP.A launches the installed version of HitmanPro.
    b) If HitmanPro is not installed, HMP.A is downloading it to a temporary directory and is launching it.

    if (b): maybe one of your security apps is blocking it or it can't be downloaded,etc.
    Try to install HitmanPro as a standalone and then click on "Scan Computer" again.
     
    Last edited: Oct 1, 2016
  9. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    I'm thinking this has to do with the latest update of Windows Firewall Control, though I can't yet say for sure without running some more tests.

    I tried rolling back to an earlier beta and had the same problem. So I dropped my firewall entirely and still couldn't get get past what is probably a failed download attempt.

    Next I reimaged my OS drive to an earlier point today, and the scan worked as expected with build 562. I'll try 564 once I can rule out the other programs I updated.

    Now I have to see which of the program updates I ran today might have been responsible for this. Very odd.
     
    Last edited: Oct 1, 2016
  10. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    467
    Thank you for continuing to support XP. :thumb:
     
  11. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    How can I force the download that precedes the Computer Scan? I'm trying to troubleshoot the computer scan problems I mentioned above, but apparently the scan database doesn't downloaded with each scan unless it needs updating.

    Can I simply delete it to force a download? If so, what file(s) would I delete? Or maybe there's a registry tweak that calls the scan download?

    Thanks.
     
  12. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Did you try to download and install HitmanPro 3.7.14.280? As user @mood indicated/referred too?
    http://www.surfright.nl/en/downloads/
    The license for HitmanPro.alert includes the download and install of HitmanPro.
     
  13. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Try cleaning Internet Explorer cache to force a re-download of the file.
     
  14. test

    test Registered Member

    Joined:
    Feb 15, 2010
    Posts:
    493
    Location:
    italy
    luckily i don't use removable devices but that's a major issue that have to be solved as fast as possible (and i'm sure SurfRight is working hard to fix it)...

    Anyway it would be nice a reply from developer about it


    For me, infact, stability has the same weight than security
     
  15. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We have received additional reports as well, we are working on a fix. Stay tuned.
     
  16. guest

    guest Guest

    installed build 564 on top, no issues so far.
     
  17. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    Upgraded to 564 on Friday. Two reboots later and several hours of use no problems at all.

    win 10x64 F-Secure.
     
  18. Sir Percy

    Sir Percy Registered Member

    Joined:
    Apr 22, 2010
    Posts:
    265
    Installing the 564 beta worked, hopefully it stays that way. :thumb:
     
  19. Telos

    Telos Registered Member

    Joined:
    Jul 26, 2016
    Posts:
    171
    Location:
    Baana
    That helped... There is something interfering with the download. I suspect that things have changed on the back end, and my firewall is somehow interfering. Normally I block all outbound requests from explorer.exe... could this be an issue?

    For now I have disabled explorer.exe blocking and have one good download and scan. I'll stick with this for a few more days, and if no download issues occur, I'll reblock explorer.exe external connections to see its impact, if any.

    Thanks for helping
     
  20. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    467
    HMP.A build 550 Beta intercepted the QtWeb browser:

    HMPA vs QtWeb.jpg

    Vista HP x64, SP2.

    UPDATE: I tried opening QtWeb via the settings in HMP.A, and from there it opened fine. Now I can also open it directly from its desktop icon. I did not disable any mitigations. Go figure.
     
  21. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    Using build 562 I had the BSOD a few times on two different W7-x64 laptops and one W7-x64 desktop, while safely removing a USB thumb drive.
    Using build 564 now for 3 day's and so far the BSOD's did not reoccur!
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    949
    Cryptoguard mitigation Ccleaner64.exe. Using HmpA build 564 beta. Ccleaner64.exe not added to Exploit mitigation.

    Gebruiker: n.v.t.
    Computer: ****-PC
    Beschrijving:
    Mitigation CryptoGuard

    Platform 10.0.14393/x64 v564 06_17*
    PID 1020
    Application C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner64.exe
    Description CCleaner 5.22

    Filename C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner64.exe

    C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A68WV0K2\networx-prev[1].png
    C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A68WV0K2\netscanner-prev[1].png
    C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\A68WV0K2\googlelogo_color_112x36dp[1].png


    Process Trace
    1 C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner64.exe [1020]
    "C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner.exe" /uac
    2 C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner.exe [908]
    "C:\Users\****\Desktop\Nieuwe map\ccsetup522\CCleaner.exe" /uac

    Win10 1607 build 14393.222 x64/Norton Security v22.8.0.50
     
  23. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    949
    Ccleaner-settings:

    1.JPG
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    It is expected that ccleaner's "secure deletion" is no longer excluded from CryptoGuard (since build 564) as we found ransomware performing the same method. We are working on a way to whitelist secure delete tools.

    Note: Never perform secure delete on an SSD as you will destroy the SSD.
     
  25. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    173
    They have to improve compatibility with Avira Safe Browsing since the extension activated navigating very slow.
    Greetings.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.