HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    345
    Location:
    SE Asia
    Successfully Updated to v3b this morning.
     
  2. desert_by_night

    desert_by_night Registered Member

    Joined:
    Apr 27, 2012
    Posts:
    30
    Location:
    Portugal

    Here still on version 3a.
     
  3. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,308
    Erik, when and how would you like to do a remote session with my XP/SP3.
    No more multiple procs, but flyout only shows one time per boot or logoff.

    Although this seems to be random. Sometimes the flyout will appear each time.
    I logged off and tried again. Now it shows up after closing. I think it stops
    showing up until the next boot/logoff once you click the flyout. If you don't
    touch it, it works as designed.

    Al
     
    Last edited: Jun 19, 2012
  4. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    On your PC, if you touch it, the process stays alive when the window hides. Can we do a remote session tomorrow? Name your time in a PM.
     
  5. desert_by_night

    desert_by_night Registered Member

    Joined:
    Apr 27, 2012
    Posts:
    30
    Location:
    Portugal

    HitmanPro.Alert still on version 3a after 2 days.
     
  6. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Have you rebooted since?
     
  7. desert_by_night

    desert_by_night Registered Member

    Joined:
    Apr 27, 2012
    Posts:
    30
    Location:
    Portugal

    Yes some reboots.
     
  8. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Can you create the C:\Log\ folder and reboot? And then send me the log?
     
  9. desert_by_night

    desert_by_night Registered Member

    Joined:
    Apr 27, 2012
    Posts:
    30
    Location:
    Portugal

    Hi Erik
    I send you a email with the log.
    Have a nice day.
     
  10. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    I got it. Already replied ;)
     
  11. desert_by_night

    desert_by_night Registered Member

    Joined:
    Apr 27, 2012
    Posts:
    30
    Location:
    Portugal

    After discover your amazing software,i dont use anymore firewalls or antivirus in realtime.Just use almost everyday HitmanPro just for save.
     
  12. mrtnptrs

    mrtnptrs Registered Member

    Joined:
    May 17, 2012
    Posts:
    25
    Location:
    The Netherlands
    Don't do that! HitmanPro is a Second-opinion tool for after scanning with an anti-virus program! You can use HitmanPro better with an other anti-virus program.
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ erikloman

    Hi, HitmanPro.Alert (Beta 3) v1.0.3.0 makes FF launch a LOT slower than before ?

    When it does launch, i see the flyout & i still get the Low CPU :thumb:
     
  14. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Beta 3 is out for a few weeks. I think the sudden slow start is caused by a recent change in Firefox. Alert analyses the process once it is fully running so the start should be the same. Start Firefox in its SafeMode to see if that helps.
     
  15. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    739
    Location:
    The Netherlands
    Eric,

    I get the message that my browser is compromosed.
    I'm running the latest google chrome dev version 21.0.1180.15 on windows 8 (giving me the metro version of Google Chrome).
    As security software I have F-secure technology preview 12.62 build 106.
    Hitmanpro found nothing.
    False positive?
     

    Attached Files:

    Last edited: Jun 29, 2012
  16. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The browser is compromised (API is no longer original). But I don't think its malware that did this. Maybe by F-Secure?

    Will address this problem in the next build, slated for release end of next week.
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    I'm still on the same version, but i suppose it "could" be due to an Add/on update ? Will check ;)

    Good to know :thumb:

    Will do :thumb:
     
  18. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    739
    Location:
    The Netherlands
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @ erikloman

    Hi, tested in Firefox SafeMode = OK :thumb: FRom what i can gather, it "appears" to be related to the latest NoScript update i did !

    Sorry for blaming HPA :(
     
  20. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi,
    Possible F/P...
    clean scans with CIS, MBAM, WSA and Hitman pro...


    Firefox
    Process ID 4808
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ntdll.dll
    KiUserExceptionDispatcher 1002A6F0
    LdrLoadDll 67F2FA35


    Thanx
     
  21. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Thank you. An update will be out end of next week. We are changing a few things internally causing the next build to take a bit longer.
     
  22. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi,
    Ok thanx an thanx for the rapid response :thumb:
     
  23. Yura

    Yura Registered Member

    Joined:
    May 6, 2012
    Posts:
    20
    Hitman Pro succesfully detected Eaz fix(rollback rx) and cleaned my system from malicious bootkit.

    Back to square one.

    Thank you so much.
     
  24. Alicelost

    Alicelost Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    27
    Almost same issue but with Sysrestore,
    and HitmanPro,

    Master Boot Record (sector 0) - Bootkit

    Windows disk signature: B6C57543

    Partition Type LBA Number of sectors
    0* 07 2048 204800
    1 07 206848 976564224
    2 00 0 0
    3 00 0 0

    0000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3ÀŽÐ¼.|ûP.P.ü¾.|
    0010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BE A4 07 8A 04 ¿..PW¹å.ó¤Ë¾¤.Š.
    0020 3C 56 75 0F 90 90 83 C6 04 8B 0C 83 C6 02 8B 14 <Vu.ƒÆ.‹.ƒÆ.‹.
    0030 EB 1D 90 BE BE 07 B9 04 80 38 2C 74 0C 90 90 83 ë.¾¾.¹.€8,t.ƒ
    0040 C6 10 FE C9 75 F3 EB 77 90 8B 4C 08 8B 54 0A 33 Æ.þÉuóëw‹L.‹T.3
    0050 C0 50 50 52 51 50 68 00 7C 6A 01 6A 10 B8 00 42 ÀPPRQPh.|j.j.¸.B
    0060 BA 80 00 8B F4 CD 13 72 56 90 90 83 C4 10 BE A4 º€.‹ôÍ.rVƒÄ.¾¤
    0070 07 8A 04 3C 56 75 41 90 90 BE 03 7C 8B 0C 83 C6 .Š.<VuA¾.|‹.ƒÆ
    0080 02 8B 14 81 F9 24 56 75 25 90 90 81 FA 50 54 75 .‹.ù$Vu%úPTu
    0090 1D 90 90 BE FE 7D 8B 0C 81 F9 55 AA 75 10 90 90 .¾þ}‹.ùUªu.
    00A0 BE A8 07 8B 0C 83 C6 02 66 8B 14 EB 0B 90 32 C0 ¾¨.‹.ƒÆ.f‹.ë.2À
    00B0 BE A4 07 88 04 E9 7B FF 33 C0 50 68 00 7C CB BE ¾¤.ˆ.é{ÿ3ÀPh.|˾
    00C0 D4 06 E8 02 00 EB FE BB 07 00 B4 0E AC CD 10 0A Ô.è..ëþ»..´.¬Í..
    00D0 C0 75 F9 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 ÀuùÃInvalid part
    00E0 69 74 69 6F 6E 20 74 61 62 6C 65 00 66 81 FB 54 ition table.fûT
    00F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2ù..r,fh.».
    0100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
    0110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
    0120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
    0130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 .*·.ë.*¶.ë.*µ.2ä
    0140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ...‹ð¬<.t.»..´.Í
    0150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
    0160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
    0170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
    0180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
    0190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
    01A0 67 20 6F 70 56 72 61 74 D0 7F 74 02 00 00 A0 00 g opVratÐt...*.
    01B0 65 6D 00 00 00 63 7B 9A B6 C5 75 43 EF EE 80 20 em...c{š¶ÅuCïî€
    01C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
    01D0 14 0C 07 FE FF FF 00 28 03 00 00 30 35 3A 00 00 ...þÿÿ.(...05:..
    01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
     
  25. popcorn

    popcorn Registered Member

    Joined:
    Apr 3, 2012
    Posts:
    239
    Hi,
    started backtrack 5 R2 download from official BT site and got this alert...
    Firefox
    Process ID 3480
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    ntdll.dll
    LdrLoadDll 10027DF0
    LdrUnloadDll 1001D1A0
    NtAdjustPrivilegesToken 1002C270
    NtAlpcConnectPort 1002CC90
    NtAlpcSendWaitReceivePort 1002B520
    NtClose 1001D080
    NtConnectPort 1002F750
    NtCreateFile 1002E2A0
    NtCreateSection 1002E640
    NtCreateSymbolicLinkObject 1002BE90
    NtCreateThread 1002FF20
    NtCreateThreadEx 1002C8F0
    NtLoadDriver 1002F540
    NtMakeTemporaryObject 1002F0C0
    NtOpenFile 1002DFA0
    NtOpenSection 1002EC30
    NtSetSystemInformation 1002F300
    NtShutdownSystem 1002C520
    NtSystemDebugControl 1002EEC0
    NtTerminateProcess 1002FAC0
    NtTerminateThread 1002FCE0
    ZwAdjustPrivilegesToken 1002C270
    ZwAlpcConnectPort 1002CC90
    ZwAlpcSendWaitReceivePort 1002B520
    ZwClose 1001D080
    ZwConnectPort 1002F750
    ZwCreateFile 1002E2A0
    ZwCreateSection 1002E640
    ZwCreateSymbolicLinkObject 1002BE90
    ZwCreateThread 1002FF20
    ZwCreateThreadEx 1002C8F0
    ZwLoadDriver 1002F540
    ZwMakeTemporaryObject 1002F0C0
    ZwOpenFile 1002DFA0
    ZwOpenSection 1002EC30
    ZwSetSystemInformation 1002F300
    ZwShutdownSystem 1002C520
    ZwSystemDebugControl 1002EEC0
    ZwTerminateProcess 1002FAC0
    ZwTerminateThread 1002FCE0

    Firefox
    Process ID 7788
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    WS2_32.dll
    recv WRusr.dll+101856
    send WRusr.dll+91616

    USER32.dll
    CreateWindowExA WRusr.dll+57968
    CreateWindowExW WRusr.dll+58064
    DrawTextExW WRusr.dll+57696
    PostMessageA WRusr.dll+96800
    PostMessageW WRusr.dll+96880
    PostThreadMessageA WRusr.dll+96576
    PostThreadMessageW WRusr.dll+96688
    SendMessageA WRusr.dll+95984
    SendMessageCallbackA WRusr.dll+96416
    SendMessageCallbackW WRusr.dll+96496
    SendMessageTimeoutA WRusr.dll+96256
    SendMessageTimeoutW WRusr.dll+96336
    SendMessageW WRusr.dll+96048
    SendNotifyMessageA WRusr.dll+96112
    SendNotifyMessageW WRusr.dll+96176
    SetClipboardData WRusr.dll+95200
    SetWindowTextA WRusr.dll+57840
    SetWindowTextW WRusr.dll+57776

    ntdll.dll
    KiUserExceptionDispatcher guard32.dll+173808
    LdrLoadDll xul.dll+2882101

    F/P ?? am scanning now
    thanx
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.