HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Indeed, only browsers are monitored for modification.
     
  2. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Can I delete the files/folders in HMPA's folder in windows directory?

    screenshot.1.png
     
  3. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Yes you may delete them.
     
  4. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Is this the only directory where malicious files are kept? or does hmpa delete them?
     
  5. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    Grrrrrrrr I am trying to shred them and I get this...

    Image2.jpg
     
  6. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I had to disable hmpa to finish deleting the files
     
  7. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Shredding encrypts the shredded files first before deleting. If you want to shred, temporary disable cryptoguard.
     
  8. Overkill

    Overkill Registered Member

    Joined:
    Mar 16, 2012
    Posts:
    2,343
    Location:
    USA
    I did that, thanks
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    Yes I know, but what I mean is: only the browser is scanned for malicious API hooks. HMPA does not care about API hooks in other processes. So you would think that hmpalert.dll only needs to be injected into browsers and apps with exploit protection.

    But if I understand correctly, the only way to know which process (malicious or not) has modified the API hooks in the browser, is to check all injected code system wide, and you can only do that with the hmpalert.dll file, that needs to be injected into all processes.

    The only reason why I brought this up is because I believe injecting hmpalert.dll into non-protected processes will cause problems sooner or later, but I may be wrong. :)
     
    Last edited: Sep 29, 2014
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    I forgot to ask, but is the "Hollow process" attack method only available for Win 32 bit systems? It's not possible to do this on Win 64 bit I assume?
     
  11. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    578
    Location:
    Hengelo
    Hi Rasheed, I sent you a PM regarding these and some other questions you asked via PM. Cheers, Mark
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,385
    Location:
    The Netherlands
    @ markloman

    Thanks for the feedback. :thumb:

    Quick summary for other members:

    1 Yes the "Hollow process" attack method is also available on Win 64 bit systems.

    2 The hmpalert.dll file needs to be injected into ALL processes (instead of only in protected/monitored processes) because it gives HMPA a better chance to identify which app modified the API hooks in the browser. API hooks inside browsers are used by for example: AV, ad blockers and of course banking trojans.
     
  13. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman and markloman

    Just starting getting this Expired pop-out on both IE and FF for some reason, can you shed any light on it please?

    Thank you in advance.
    Take Care
    TheQuest :cool:
     

    Attached Files:

  14. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I am seeing the same thing.
     
  15. Paul R

    Paul R Registered Member

    Joined:
    Aug 5, 2014
    Posts:
    59
    Location:
    Bury, Lancashire
    ah not just me then, i thought a new release must have have come out so they blocked this one, no announcement though.
     
  16. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    981
    Same here. Patience ;)
     
  17. WSFfan

    WSFfan Registered Member

    Joined:
    May 10, 2012
    Posts:
    374
    Location:
    The Earth
    May be HMPA v3 -CTP4 is on its way :D
     
  18. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    We hear you guys.
    The red flyout does not affect the mitigations.
    CTP4 will be out very soon.
     
  19. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi erikloman
    Many thanks for getting back :thumb:.

    Take Care
    TheQuest :cool:
     
  20. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    The Alert has a Technical Details link. This will reveal the code in your browser.

    This is a known issue with with CTP3. This should be fixed in CTP4 (will be out this week).

    Can you send me the minidump?

    Thanks for the report :thumb:
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,742
    Location:
    Canada
    when I tried to install hitmanpro alert from the installer that is in your signature it gives me an error
    it isays application fail to install error 0.
     
  22. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    There is [still] slowness in the loading of a webpage as indicated by the elements.

    ScreenShot_HMP.A_hmpalert3prectp4_install_14.gif
     
  23. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    Please delete the C:\Program files (x86)\HitmanPro.Alert folder
     
  24. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,152
    Location:
    Hengelo, The Netherlands
    How much slower? You should not see any slowdown with Alert.
     
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,960
    Quite a bit!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.