HitmanPro.ALERT Support and Discussion Thread

Successfully Updated to v3b this morning.

 

Here still on version 3a.

 

Erik, when and how would you like to do a remote session with my XP/SP3.
No more multiple procs, but flyout only shows one time per boot or logoff.

Although this seems to be random. Sometimes the flyout will appear each time.
I logged off and tried again. Now it shows up after closing. I think it stops
showing up until the next boot/logoff once you click the flyout. If you don't
touch it, it works as designed.

Al

 

On your PC, if you touch it, the process stays alive when the window hides. Can we do a remote session tomorrow? Name your time in a PM.

 

HitmanPro.Alert still on version 3a after 2 days.

 

Have you rebooted since?

 

Yes some reboots.

 

Can you create the C:\Log\ folder and reboot? And then send me the log?

 

Hi Erik
I send you a email with the log.
Have a nice day.

 

I got it. Already replied

 

After discover your amazing software,i dont use anymore firewalls or antivirus in realtime.Just use almost everyday HitmanPro just for save.

 

Don't do that! HitmanPro is a Second-opinion tool for after scanning with an anti-virus program! You can use HitmanPro better with an other anti-virus program.

 

@ erikloman

Hi, HitmanPro.Alert (Beta 3) v1.0.3.0 makes FF launch a LOT slower than before ?

When it does launch, i see the flyout & i still get the Low CPU

 

Beta 3 is out for a few weeks. I think the sudden slow start is caused by a recent change in Firefox. Alert analyses the process once it is fully running so the start should be the same. Start Firefox in its SafeMode to see if that helps.

 

Eric,

I get the message that my browser is compromosed.
I'm running the latest google chrome dev version 21.0.1180.15 on windows 8 (giving me the metro version of Google Chrome).
As security software I have F-secure technology preview 12.62 build 106.
Hitmanpro found nothing.
False positive?

 

The browser is compromised (API is no longer original). But I don't think its malware that did this. Maybe by F-Secure?

Will address this problem in the next build, slated for release end of next week.

 

I'm still on the same version, but i suppose it "could" be due to an Add/on update ? Will check

Good to know

Will do

 

Matousec.com has released the results of a study to see which security firm’s products are the best in protecting users while making online payments.
The result was that only Safe Money technology (will be part of KIS 2013 to be released in August) and Trusteer Rapport block all threats.
How would HitmanPro.Alert do?
http://news.softpedia.com/news/Kasp...tml?utm_source=twitterfeed&utm_medium=twitter
http://www.kaspersky.com/about/news..._Than_the_Rest_According_to_Independent_Tests

 

@ erikloman

Hi, tested in Firefox SafeMode = OK FRom what i can gather, it "appears" to be related to the latest NoScript update i did !

Sorry for blaming HPA

 

Hi,
Possible F/P...
clean scans with CIS, MBAM, WSA and Hitman pro...


Firefox
Process ID 4808
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

ntdll.dll
KiUserExceptionDispatcher 1002A6F0
LdrLoadDll 67F2FA35


Thanx

 

Thank you. An update will be out end of next week. We are changing a few things internally causing the next build to take a bit longer.

 

Hi,
Ok thanx an thanx for the rapid response

 

Hitman Pro succesfully detected Eaz fix(rollback rx) and cleaned my system from malicious bootkit.

Back to square one.

Thank you so much.

 

Almost same issue but with Sysrestore,
and HitmanPro,

Master Boot Record (sector 0) - Bootkit

Windows disk signature: B6C57543

Partition Type LBA Number of sectors
0* 07 2048 204800
1 07 206848 976564224
2 00 0 0
3 00 0 0

0000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3ÀŽÐ¼.|ûP.P.ü¾.|
0010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BE A4 07 8A 04 ¿..PW¹å.ó¤Ë¾¤.Š.
0020 3C 56 75 0F 90 90 83 C6 04 8B 0C 83 C6 02 8B 14 <Vu.ƒÆ.‹.ƒÆ.‹.
0030 EB 1D 90 BE BE 07 B9 04 80 38 2C 74 0C 90 90 83 ë.¾¾.¹.€8,t.ƒ
0040 C6 10 FE C9 75 F3 EB 77 90 8B 4C 08 8B 54 0A 33 Æ.þÉuóëw‹L.‹T.3
0050 C0 50 50 52 51 50 68 00 7C 6A 01 6A 10 B8 00 42 ÀPPRQPh.|j.j.¸.B
0060 BA 80 00 8B F4 CD 13 72 56 90 90 83 C4 10 BE A4 º€.‹ôÍ.rVƒÄ.¾¤
0070 07 8A 04 3C 56 75 41 90 90 BE 03 7C 8B 0C 83 C6 .Š.<VuA¾.|‹.ƒÆ
0080 02 8B 14 81 F9 24 56 75 25 90 90 81 FA 50 54 75 .‹.ù$Vu%úPTu
0090 1D 90 90 BE FE 7D 8B 0C 81 F9 55 AA 75 10 90 90 .¾þ}‹.ùUªu.
00A0 BE A8 07 8B 0C 83 C6 02 66 8B 14 EB 0B 90 32 C0 ¾¨.‹.ƒÆ.f‹.ë.2À
00B0 BE A4 07 88 04 E9 7B FF 33 C0 50 68 00 7C CB BE ¾¤.ˆ.é{ÿ3ÀPh.|˾
00C0 D4 06 E8 02 00 EB FE BB 07 00 B4 0E AC CD 10 0A Ô.è..ëþ»..´.¬Í..
00D0 C0 75 F9 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 ÀuùÃInvalid part
00E0 69 74 69 6F 6E 20 74 61 62 6C 65 00 66 81 FB 54 ition table.fûT
00F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2ù..r,fh.».
0100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf
0110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f
0120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í
0130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 .*·.ë.*¶.ë.*µ.2ä
0140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ...‹ð¬<.t.»..´.Í
0150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø
0160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti
0170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error
0180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati
0190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin
01A0 67 20 6F 70 56 72 61 74 D0 7F 74 02 00 00 A0 00 g opVratÐt...*.
01B0 65 6D 00 00 00 63 7B 9A B6 C5 75 43 EF EE 80 20 em...c{š¶ÅuCïî€
01C0 21 00 07 DF 13 0C 00 08 00 00 00 20 03 00 00 DF !..ß....... ...ß
01D0 14 0C 07 FE FF FF 00 28 03 00 00 30 35 3A 00 00 ...þÿÿ.(...05:..
01E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
01F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª

 

Hi,
started backtrack 5 R2 download from official BT site and got this alert...
Firefox
Process ID 3480
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

ntdll.dll
LdrLoadDll 10027DF0
LdrUnloadDll 1001D1A0
NtAdjustPrivilegesToken 1002C270
NtAlpcConnectPort 1002CC90
NtAlpcSendWaitReceivePort 1002B520
NtClose 1001D080
NtConnectPort 1002F750
NtCreateFile 1002E2A0
NtCreateSection 1002E640
NtCreateSymbolicLinkObject 1002BE90
NtCreateThread 1002FF20
NtCreateThreadEx 1002C8F0
NtLoadDriver 1002F540
NtMakeTemporaryObject 1002F0C0
NtOpenFile 1002DFA0
NtOpenSection 1002EC30
NtSetSystemInformation 1002F300
NtShutdownSystem 1002C520
NtSystemDebugControl 1002EEC0
NtTerminateProcess 1002FAC0
NtTerminateThread 1002FCE0
ZwAdjustPrivilegesToken 1002C270
ZwAlpcConnectPort 1002CC90
ZwAlpcSendWaitReceivePort 1002B520
ZwClose 1001D080
ZwConnectPort 1002F750
ZwCreateFile 1002E2A0
ZwCreateSection 1002E640
ZwCreateSymbolicLinkObject 1002BE90
ZwCreateThread 1002FF20
ZwCreateThreadEx 1002C8F0
ZwLoadDriver 1002F540
ZwMakeTemporaryObject 1002F0C0
ZwOpenFile 1002DFA0
ZwOpenSection 1002EC30
ZwSetSystemInformation 1002F300
ZwShutdownSystem 1002C520
ZwSystemDebugControl 1002EEC0
ZwTerminateProcess 1002FAC0
ZwTerminateThread 1002FCE0

Firefox
Process ID 7788
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

WS2_32.dll
recv WRusr.dll+101856
send WRusr.dll+91616

USER32.dll
CreateWindowExA WRusr.dll+57968
CreateWindowExW WRusr.dll+58064
DrawTextExW WRusr.dll+57696
PostMessageA WRusr.dll+96800
PostMessageW WRusr.dll+96880
PostThreadMessageA WRusr.dll+96576
PostThreadMessageW WRusr.dll+96688
SendMessageA WRusr.dll+95984
SendMessageCallbackA WRusr.dll+96416
SendMessageCallbackW WRusr.dll+96496
SendMessageTimeoutA WRusr.dll+96256
SendMessageTimeoutW WRusr.dll+96336
SendMessageW WRusr.dll+96048
SendNotifyMessageA WRusr.dll+96112
SendNotifyMessageW WRusr.dll+96176
SetClipboardData WRusr.dll+95200
SetWindowTextA WRusr.dll+57840
SetWindowTextW WRusr.dll+57776

ntdll.dll
KiUserExceptionDispatcher guard32.dll+173808
LdrLoadDll xul.dll+2882101

F/P ?? am scanning now
thanx