Solved

It seems I am getting FALSE positive for HITMAN PRO 3.7 as a rootkit.

  • 6 December 2013
  • 38 replies
  • 202 views

Scan Started: Fri 2013-12-06 00:43:08
[r] SystemCurrentControlSetServiceshitmanpro37
[u] c:program files (x86)stardockstart8start8_64.dll [MD5: 41A8BD7904C00AC9FE86A38C36982F80] [Flags: 00011001.7040]
[u] c:windows empcrf000audiosetup.exe [MD5: 28E857302E01FFBEDD53E67B8A6848EE] [Flags: 00001
icon

Best answer by RetiredTripleHelix 7 December 2013, 22:14

View original

38 replies

Userlevel 7
Badge +56
Well I live in Ontario Canada and it's 19 years of age and I'm more then twice that! And you?
 
Daniel 😃
Userlevel 7
I live in the United States and here it's 21!

Shran
Userlevel 7
18...here in the UK...but like Daniel...I am well, well past that...;)
Userlevel 7
Daniel I see your new avatar being pulled into the toilet and everyone is quiet now, did the ale finally kick in? lol :D

Shran
Userlevel 7
Badge +56
I was wondering why I was swinging on the clothes line I wonder which one did it, the Andorian ale or the Romulan ale [img]https://uploads-us-west-2.insided.com/webroot-en/attachment/6197iFDED702D8161645F.gif[/img]
 
Daniel 😃
Userlevel 7
Probably both! :D

Shran
Userlevel 7
Badge +56
I know what did it! It was the Tranya of the First Federation!
 
Daniel 😃
Userlevel 7
As you can read from the article Romulan ale is very strong, combine that with Andorian ale and who knows what kind of crazy things might happen! I found myself hanging upside down off the roof with a chicken hat on my head!

Shran
Userlevel 7
Hey when you did get Tranya and didn't share with the rest of us?
;)

Shran 😃
Typical...get all IT security geeks, throw in start trek and end up in drunken debuchery.   :)
 
Anywho,  yes my heuristics were set to Maximum.
Yes I do believe that if were to restart when it first asked me to then I would have been fine.  However, the fact taht I overwrote the 2.0 with 2.5 and didn't restart might have been an issue.
 
I am running it along with SandBoxie on a 64bit Windows.
 
Sorry to say I can't replicate the issue since over the weekend I was fooling around with rootkits and other nice stuff that I found on my honey pot and had to re-image the system.
 
One of the baddies decided to lock my Windows 8 drive so the only answer was re-image and drive firmware reflash (it is an SSD).  Tried everything else that I normally try with Windows 8 locked drive (rebuild the BCD etc) to no avail. 
 
I do like running on MAX heuristics, I don't mind false positive as long as it doesn't FP my System Files then I am ok with it.  (Still shudder from the Malware Bytes system file FP debackle that occured few months ago).
 
Number one lesson to have with everything...MAKE sure to keep current images of your system...HD space is cheap nowdays so no excuse not to have a nice fresh at most a month old backup.
Userlevel 7
Hi tempnexus
 
Completely agree with the sentiment in your last paragraph.  Very wise.
 
Glad to hear that the issue is sorted for you, in whatever way.  I have beein running v2.5 beta for a week now and have had no mishaps or points of contention...get the notification on protection with IE but not with Maxthon (secondary browser) despite the site saying it is supported...will have to check into that.
 
Regards
 
 
Baldrick
I am yet to test the HMP against an MIM attack and see if it's actually worth it's salt.
 
have you tried taht yet?
Userlevel 7
Nope...and unlikely to as I most likely do not have your resources...but would be very interested in the results as and when you...PM me rather than post back as otherwise this post will end up going off topic...and the very nice Mods wil not like that...;)

Reply