Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro


  • Please log in to reply
12 replies to this topic

#1 endless_nameless

endless_nameless

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 10 December 2015 - 11:00 AM

Hi, Hitman Pro has been giving me the following log:

 

Suspicious files ____________________________________________________________
 
   C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
      Size . . . . . . . : 454,912 bytes
      Age  . . . . . . . : 331.8 days (2015-01-12 15:16:24)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : AC778E133E1C079892AF003C8208A50C3A3D7910A8DB4A5001996938C37A34FE
      Product  . . . . . : Avast Antivirus 
      Publisher  . . . . : AVAST Software
      Description  . . . : Raw disk access library
      Version  . . . . . : 9.0.0.226
      LanguageID . . . . : 0
      Fuzzy  . . . . . . : 48.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file name extension of this program is not common.
         The file is in use by one or more active processes.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
 
But in product and publisher it says Avast, that's the anti virus I'm using.
Is this a false alarm?
Thanks.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 10 December 2015 - 04:54 PM

If you have specific questions or encounter problems using HitmanPro, they should be reported to the development team.Erik Loman (erikloman) and Edwin Engels (eengels) are two SurfRight Reps. who visit BC on occasion to answer questions and provide assistance.
- Edwin can be contacted by email at edwin@surfright.com
- Erik can be contacted by email at erik@surfright.nl
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 endless_nameless

endless_nameless
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 13 December 2015 - 04:55 AM

Thank you, I tried contacting them but haven't heard back from them, I guess I'll just leave it like a false alarm, I don't think Avast would try to give me any virus lol



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 13 December 2015 - 05:05 AM

It most likely is a FP. Now that you reported the detection, hopefully it will be addressed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RolandJS

RolandJS

  • Members
  • 4,477 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:01:12 PM

Posted 17 December 2015 - 10:44 AM

Avast uses caching in order to better track known-good system and other types of files, to better do intelligent-scans.  I'm at school, so my explanation is a bit sparse.


Edited by RolandJS, 17 December 2015 - 10:44 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#6 endless_nameless

endless_nameless
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 19 December 2015 - 12:06 AM

Hi, thanks guys, finally hitman pro support staff replied and fixed the problem :)



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 19 December 2015 - 07:09 AM

Glad to hear that. I guess they were busy with the transition of Sophos purchasing their software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Superblynotsuper

Superblynotsuper

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 February 2016 - 08:51 PM

I have some splendid questions that may not have been addressed before:

 

1. Can Hitman-pro be used in realtime along with Malwarebytes or Emsisoft antimalware? Different protection I believe?

2. Can Malwarebytes anti-exploit be used along with Hitman-pro or would that be too much of the same protection?

 

Thanks kindly for any views on this.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 02 February 2016 - 09:13 PM

Comments from Fabian Wosar, a Security Colleague and developer who works for Emsisoft.

EMET, HMP.Alert and MBAE can all be useful under certain circumstances. The most effective step to fending of exploits is to reduce your attack surface. Keep the software you use up-to-date and try to get rid of Java and Adobe plugins. If you can't get rid of them completely, at least turn them on only for the sites that you know won't work without them. All browsers that I have used in the past year have features which makes it very easy to limit plugins to just a few sites. If for some reason you can't do either of that, then adding exploit protection can be somewhat useful.

HMP.Alert & MBAE, Post #7

Comments from Elise, a Security Colleague and Emsisoft Employee.

Technically speaking, your computer is sufficiently protected by Emsisoft Anti-Malware/Internet Security. However, if you prefer an extra layer of security you could use this without any negative effects on your system.
The difference between the products is that they intercept potential malware attacks at different points. The result with or without HMP Alert is however the same, our behavior blocker will intercept threats resulting from exploits once they become active on the computer and eliminate them.

HitmanPro.Alert worth as a companion?, Post #3
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Superblynotsuper

Superblynotsuper

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 February 2016 - 09:34 PM

Thanks for the links GM. 

 

So, one would be fine and perhaps two would be too much, but may work fine.

I'm trying to work out the best for me without paying too much for too much protection that is not required.

 

Thanks.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 02 February 2016 - 09:58 PM

I use HMP.Alert & MBAE with EAM and have not encountered any issues.

That may change at some point.

Emsisoft does not provide full anti-exploit capabilities at this time but it is in the works. When asked about anti-exploit protection last year and earlier this year, Fabian Wosar has said....
 

The biggest issue with shipping exploit mitigation is the fact that we always tried to maintain compatibility to other AVs and as a consequence a lot of users use EAM alongside another AV. Implementing exploit mitigation will break compatibility to a lot of AVs that also include some kind of exploit mitigation. If you ever tried to run MBAE, EMET or HMPA alongside each other, you will know what I am talking about here. If we do decide to ship some form of exploit mitigation, it will only be after a head start to people have time to decide whether they want to stick to EAM or their existing AV.

Fabian Wosar, Post #6
 

...No, we do not provide anti-exploit capabilities. We do protect from the payload these exploits drop, but we do not attempt to mitigate the exploit itself.

Fabian Wosar, Post #2

 

The problem is that a significant portion of our users expect EAM to run alongside other AVs, which often already implement exploit mitigation features. Multiple exploit mitigations will ultimately clash in many cases. If you ever tried to run MBAE alongside EMET you know what I am talking about. So we will do it only if we can somehow maintain compatibility with other AVs.

Fabian Wosar, Post #4
 

The only thing of the things you listed we don't implement because of compatibility concerns is exploit mitigation. In general we have no plans of introducing another "edition" of our products. It will be extremely confusing to all our users and will have a huge detrimental impact on development speed as it means another 2 code bases that have to be kept in sync and maintained.

Fabian Wosar, Post #4
 

Does version 11 gets some kind of anti exploit protection?

 

The answer to that is a bit complicated. Technically, yes...However, you will notice that we do not advertise it and there are also no options for it. It's not listed as a feature either, mostly because it is far from being finished yet. In general I believe holding off security improvements until an arbitrary release date just to somehow "beef up" the release announcement is kind of stupid and not really in the interest of our users. That is why we will roll them out gradually during the coming months and announce them officially once they are complete, the same way we rolled out the script protection in the last version 10 updates already but didn't officially announce them until the version 11 release.

Fabian Wosar, Post #30

 

...EAM is an anti-virus as well. The last version also added additional features for exploit mitigation. Bitdefender also includes exploit mitigation. Lines are really blurry and while we usually try to maintain compatibility, chances are if you combine a lot of tools, no effort on our end will help you keep your system stable. After all we have no influence on what other companies are doing.

Fabian Wosar, Post #12


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Superblynotsuper

Superblynotsuper

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 03 February 2016 - 09:34 PM

That's interesting reading. I see the problem as vendors catchup with risks is the fewer mixing and matching options we'll have because they all have the exploit protection. I started a thread on Dr Web as I'm curious as to the compatibility of hitman pro and Dr web.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,933 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:12 PM

Posted 03 February 2016 - 09:39 PM

Keep in mind that some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can Return-oriented programming (ROP), and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes
 

While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too

Use an Anti-Exploit Program to Help Protect Your PC From Zero-Day Attacks

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. It is an effective code reuse attack since it is among the most popular exploitation techniques used by attackers and there are few practical defenses that are able to stop such attacks without access to source code. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).



 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users