HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert 3.6.3 Build 580 BETA

    We have received several minidumps from members here which led to this build. Thank you!!

    Changelog (compared to 578 )
    • Fixed BSOD in CryptoGuard
    • Fixed BSOD in WipeGuard
    Notes
    All drivers are co-signed by Microsoft in this build

    Download
    http://test.hitmanpro.com/hmpalert3b580.exe

    Please let us know how this build runs!
     
  2. guest

    guest Guest

    thanks trying it now.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,546
    Location:
    Among the gum trees
    I never had an issue with 578 or 579 but I've installed 580 just in case - no problem so far. :thumb:
     
  4. guest

    guest Guest

  5. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,070
    And again no problems upgrading build 580 beta.

    Win10 1607 build 14393.693 x64/Norton Security v22.8.1.14
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,384
    Location:
    the Netherlands
    All well on my Windows 7 x64.
    If any issue might show later, I will report, of course.
     
  7. newyorkjet

    newyorkjet Registered Member

    Joined:
    Jan 17, 2013
    Posts:
    63
    Location:
    UK
    580 Beta has been running smoothly for just over an hour with no BSODs. I have F-secure and Appguard. Thank you for the fix.
     
  8. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,384
    Location:
    the Netherlands
    I don't know what could have been the cause of that. Perhaps Erik or others may have any idea.
    But anyhow, there is no need to uninstall before upgrading. You can simply run the installer to upgrade, no need to uninstall first.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,461
    Location:
    Under a bushel ...
    I was one of those affected by BSODs. Running AppGuard and EAM FWIW.
    580 seems to have fixed the issue, so far at least. No BSODs after initial or second reboot.
    Win 10 Pro x64 v1607 14393.693.
    Thanks for the prompt fix.
     
  10. 800ster

    800ster Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    207
    Initial testing confirms that b580 fixes the BSODs I was getting with Avira on W10x64.
     
  11. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Hitman Alert pro fails in detecting Cerber5 ransomware.

    http://imagizer.imageshack.com/img924/2999/bZ9oU9.jpg

    Code:
    C:\WINDOWS\system32\OLEACCRC.DLL (successful)
    \\.\PIPE\lsarpc (successful)
    \\.\MountPointManager (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\nsw1.tmp (successful)
    C:\222bb4e588b0865f36047b4eb2e725c715a289898bc630b1245c46a0289522ff (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\armenian-nola-link.png (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\jquery-click.js (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\html5shiv.js (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\ajax-loader.gif (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\jquery.selectbox.css (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\mlbo0r1FnMS.XyEdKpuOItANsYM (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\nsg2.tmp (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\nsg2.tmp\System.dll (successful)
    C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\nsg2.tmp\System.dll (failed)
    C:\WINDOWS\system32\ntdll.dll (successful)
    C:\WINDOWS\system32\rsaenh.dll (successful)
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    580
    Location:
    Hengelo
    Thanks for letting us know. How did you test the sample? Did you just extracted it from the pcap or did you test it by replaying the RIG-v exploit kit attack, which distributes this Cerber. CryptoGuard is the last line of defense. A real-world test would also involve replaying the exploit kit attack. In the meantime, I'm taking a look-see! Thanks again!

    Update: I've just checked it against the current HitmanPro.Alert (build 574) and even when running the ransomware manually (not from exploit kit), it is stopped - no data lost:
    Cerber5.jpg
     
  13. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,162
    Installed build 580, but 578/579 also worked fine in combination with EIS on my system.
     
  14. JohnDil

    JohnDil Registered Member

    Joined:
    Apr 2, 2016
    Posts:
    10
    Build 580 still hasn't fixed my BSOD when inserting a USB protected by bitlocker. I will send another minidump.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,131
    Location:
    USA
    Upgraded from 579 to 580 without incident. No issues to report :thumb:
     
  16. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    771
    Running Bld 580 along with AppGuard and EIS without any problems
     
  17. Baldrick

    Baldrick Registered Member

    Joined:
    May 11, 2002
    Posts:
    2,613
    Location:
    South Wales, UK
    Likewise...test running Build 580, with Webroot SecureAnywhere & VoodooShield, and there are no conflicts or issues to report. :D
     
  18. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,273
    Location:
    USA
    So far no problems.
     
  19. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    114
    No issues with previous build but 560 running well with VS & SBIE on Win 10x64 Pro

    Thanks
     
  20. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,407
    HMP.A 3.6.3 build 580 BETA

    Windows 10 x 64 with Emsisoft and VoodooShield. It runs well so far.
     
  21. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    302
    Location:
    Netherlands
    W7-x64 Professional:
    Upgraded from 579 to 580 without incident. No issues with both builds 579 and 580.
     
  22. __simon__

    __simon__ Registered Member

    Joined:
    Apr 28, 2013
    Posts:
    14
    Location:
    UK
    I still see the same bug I reported in post #12401. Since the Windows 10 anniversary update Cortana searches started using the Win+S or Win+Q shortcut show encrypted text when keyboard encryption is enabled.
     
  23. rei

    rei Registered Member

    Joined:
    May 25, 2006
    Posts:
    51
    Just wanted to contribute that Opera beta's auto-update mechanism as well as the Uninstall is blocked by HMPA. As well as the actual Install on a reinstall attempt:

    Mitigation Lockdown

    Platform 10.0.14986/x64 v579 06_3c
    PID 20048
    Application C:\Program Files\Opera beta\launcher.exe
    Description Opera beta Internet Browser 43

    Filename C:\WINDOWS\TEMP\opera autoupdate\installer.exe
    Created By C:\Program Files\Opera beta\launcher.exe

    Command line:
    "C:\WINDOWS\TEMP\opera autoupdate\installer.exe" --version

    Process Trace
    1 C:\Program Files\Opera beta\launcher.exe [20048]
    "C:\Program Files\Opera beta\launcher.exe" --scheduledautoupdate --autoupdaterequesttype=manual
    2 C:\Windows\System32\svchost.exe [1540]
    c:\windows\system32\svchost.exe -k netsvcs -s Schedule
    3 C:\Windows\System32\services.exe [1004]

    Thumbprint
    106897119c2878a3dd4f2f945ae423d0300a2049271031695026d501e8850e65
     
  24. rei

    rei Registered Member

    Joined:
    May 25, 2006
    Posts:
    51
    Opera 44 Developer auto-update mechanism is triggering this attack blocking too.
     
  25. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Build 580 is working well here. Good work guys.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.