Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistent warnings from HitmanPro.Alert, can't get rid of them


  • Please log in to reply
19 replies to this topic

#1 SlabBacon

SlabBacon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Tier NY
  • Local time:02:06 PM

Posted 22 March 2018 - 04:00 PM

Hi. I'm running Windows 7. Every time I open Chrome, I get a popup from HitmanPro.Alert, telling me "Intruder Alert. Critical browser functions have been compromised by a potentially malicious program. DO NOT enter any personal information on websites. Online banking is unsafe until your computer has been scanned and cleaned. Please check your computer for malware and software updates." It then prompts me to scan with HitmanPro.

 

To my knowledge, I haven't made any recent changes, except for an update to Steam. No downloaded programs, except Google's Software Removal Tool, which found nothing. No new extensions.

 

I've run through the following list of programs in this order (I know I went overboard, but I figured the more the merrier):

 

rkill - one issue, Windows Service Integrity: TBS [Missing Service]

Malwarebytes - nothing

Malwarebytes Anti-Rootkit - nothing

tdsskiller - nothing

AdwCleaner - nothing

HitmanPro - just some tracking cookies

 

After all of those, upon starting Chrome, I still get the same warning.

 

Also, and I'm not sure if this has anything to do with my problem, my computer has decided it won't restart anymore. If I try to restart, it hangs and I have to press the reset button. If I shut it down, though, it starts just fine.

 

Thanks for any help you can give me.



BC AdBot (Login to Remove)

 


#2 stadlerf

stadlerf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 March 2018 - 08:17 AM

Hi. Encountering similar problems here. Since 22 March, around noon time.

 

Windows 10, Chrome, Firefox, IE, Edge. Same error message as posted by SlabBacon.

Antivirus: F-Secure

Malwarebytes - nothing

Kaspersky Anti-Ransomware - nothing

UnHackMe - nothing (just some suspicious that I see since a long time)

HitmanPro - just some tracking cookies

HitmanPro.Alert scan (started independently of HitmanPro scan) - nothing

Spybot-S&D - nothing special, mainly tracking cookies

 

A clue could be: "Hitmanpro.Alert 3" was installed (automatically, I guess as update/upgrade) on 22 march!

 

Several reboots did not help either.

 

I can still use my computer, it does not hang.

 

When checking the information that comes together with the alert, I cannot discover any clues what the problem / root cause could be.

 

What would be your advice how to spot the intruder?

Or is it a false positive (how to prove that)?

I am thinking about disabling/stopping/de-installing Hitmanpro.Alert. Would you recommend to do so (or not)?

 

Thank you for your understanding and support!


Edited by stadlerf, 23 March 2018 - 08:21 AM.


#3 ItsMeAgain66

ItsMeAgain66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 March 2018 - 08:59 AM

I have a number of clients that reported this same issue to me starting yesterday. 

 

Upon starting a browser a message pops that says "Critical browser functions have been compromised by a potentially malicious program. DO NOT enter any personal information on websites.  Online banking is unsafe until your computer has been scanned and cleaned.  Please check your computer for malware and software updates"

 

For as many as have the problem at the same time it would seem to be a HMPA false positive but I somehow expected more discussion of it on here.  I myself recall seeing the HMPA update message but I have not rebooted my machine since or restarted a browser so maybe I will experience the issue at that point as I expect others will too. 

 

Typically when this happens we uninstall, download an updated version w/o the issue and keep going but I am not in the know about "will the new one still be free like the one we got back when?"

 

 



#4 ItsMeAgain66

ItsMeAgain66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 March 2018 - 09:10 AM

One user simply wanted it off his machine.  I told him we had put it on years ago in hopes of providing an extra layer of protection against cryptolocker viruses.  I failed to verify his version number before it was uninstalled. 

 

Another client machine had 3.7.6 build 738.  I checked the link on the Surfright (guess they are Sophos now) page and saw it showed 3.7.1.376 https://www.hitmanpro.com/en-us/downloads.aspx so why not roll it back to previous (non-problematic) version?  Only because when you uninstall and download what is purported to be 3.7.1.723 it reinstalls 3.7.6.738 and still blows up upon startup with same detection.



#5 stadlerf

stadlerf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 March 2018 - 12:07 PM

I tried to roll back to HitmanPro.Alert 3.7.1.723.

For this I downloaded HitmanPro.Alert 3.7.1.723 from their website.
When starting the installation with that .exe file the splash screen shows it would install HitmanPro.Alert 3.7.6.738 (which is the version that causes trouble on my machine).
Obviously, I canceled the install.
So I cannot roll back this way. Does anybody have an idea where to download the HitmanPro.Alert 3.7.1.723?
 
Or have other remedies been identified in the meantime?
 
The version number of HMPA is shown in its title bar.


#6 ItsMeAgain66

ItsMeAgain66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 23 March 2018 - 01:34 PM

Uninstalled 3.7.6.738 on yet another client machine.  Found an old 3.0.42 build 190 and installed it (yes it was from 6/8/2015).  As soon as a browser was opened it popped a HMPA message "An update is available.  It will be installed on reboot" but I rebooted and it still gives that message when you start the browser but it seems that if you do not interact with it, the old version lives and your browser still works as opposed to being hijacked by what seems to be a HMPA false positive.  So we can either just uninstall HMPA or put an older one in from a previous download (but it may or may not really add any protection)



#7 RolandJS

RolandJS

  • Members
  • 4,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:06 PM

Posted 23 March 2018 - 02:20 PM

stadlerf -- Oldversion and Oldapp COMs just might have HitmanPro.Alert 3.7.1.723 -- I've been using both sites for years without any trouble whatsoever.


Edited by RolandJS, 23 March 2018 - 02:21 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#8 stadlerf

stadlerf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 23 March 2018 - 07:30 PM

Hi RolandJS, Thanks for the names of the two sites. Unfortunately, they do not carry HMP nor HMPA.

I found that uptodown.com and filehorse.com carry old versions of HMP. But again, unfortunately, no HMPA....

 

to be continued 



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:06 PM

Posted 23 March 2018 - 08:19 PM

Can you all upload a screenshot of the warning? You can upload it here.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:06 PM

Posted 23 March 2018 - 09:08 PM

Thank you for the submission.
 
For me seems like a False Positive. I will give you two options. You can follow the instructions here to post the reports needed for a checkup in the Malware Removal Forum, or there is an ongoing thread here were you can register and be part of the discussion. I am sure they will look at the matter.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 stadlerf

stadlerf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 24 March 2018 - 05:43 AM

Hi JSntgRvr, I just uploaded screenshots of the IntruderAlert and a related HMPA EventLog. I hope it helps for understanding the issue.

 

We will receive guest tonight and I will have to hit the road now to get everything for dinner, and then making it.

I will look into the other links later tonight or tomorrow.

 

Thanks for your help!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:06 PM

Posted 24 March 2018 - 08:43 AM

You bet.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 SlabBacon

SlabBacon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southern Tier NY
  • Local time:02:06 PM

Posted 24 March 2018 - 05:35 PM

I've found something interesting now. Sometimes, when I start my computer, Microsoft Security Essentials has its real-time protection turned off. In this case, I don't get a warning from HitmanPro.Alert; but I can't turn MSE's real-time protection back on, as it just times out. However, if I start my computer and MSE's real-time protection is already on, then I do get a warning from HMPA upon opening Chrome.

 

Edit: Well shoot. I just tested this, by turning off real-time protection manually, and I'm still getting the warning from HMPA. So it only disappears when MSE's real-time protection is turned off when I first start my computer.


Edited by SlabBacon, 24 March 2018 - 05:40 PM.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:06 PM

Posted 24 March 2018 - 08:18 PM

You may need to add an exception in HitmanPro to allow MSE. Again, the ongoing thread here is you best solution as not only they will help you add the exception, but they will be informed about the bug and fix it.

 

Also, you can also contact HitmanPro support:

 

 

When the HitmanPro.Alert warning appears, please click Technical details and make one or more screenshots of the shown information. Please email us these screenshots with a short explanation at support@hitmanpro.com

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 stadlerf

stadlerf

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:06 PM

Posted 26 March 2018 - 03:20 PM

I received the following reply from the HMP helpdesk:

 
[...] Het installeren van 723 (vorige versie was trouwens 729) zal niet helpen omdat die ook weer automatisch zal upgraden.
Momenteel help alleen het uitschakelen van Safe Browsing voor de browser(s) waar je dit issue mee hebt, we hebben het probleem helder en ik verwacht deze week een update die het probleem verhelpt. [...]
 
Translation:
Installing 723 (last version was by the was 729) will not help as it would upgrade automatically again.
For now only disabling Safe Browsing will help for the browsers you are experiencing problems with. We see the problem clearly and I expect this week a new version fixing the problem.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users