Hitman Pro- Intruder Detected Alert [License expired] - Help

[Harpreet]

Hello everyone,
I had Hitman Pro installed on my PC [trial version]
I only had one alert this whole time [28-3-15]
But today as i started Goodle chrome it came up with the alert -
                                                                                                     Intruder detected! Do not enter personal data or bank online.

I scanned with the hitmanpro and gave me some results with options to delete or ignore, but i could not delete because my license has expired .

So what should i do now ?

 

[kevinf80]

Hello and welcome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Did Hitman pro produce a log, can you post that?

 

Thanks,

 

Kevin...

[Harpreet]

HitmanPro_20150531_2014.log        I think this it is the log 

[kevinf80]

Thanks for that log, continue as follows please:

 

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

 

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

 

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

 

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

Next,

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Please open Malwarebytes Anti-Malware.

 

• 
  

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may or may not see this message box.
 
        'Could not load DDA driver'
 
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

 

To get the log from Malwarebytes do the following:

 

• 
  

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:
 
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

If Malwarebytes is not installed follow these instructions first:

 

Download Malwarebytes Anti-Malware to your desktop.

• 
  

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

 

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your reply....

 

Thank you,

 

Kevin...

[Harpreet]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 01/06/2015

Scan Time: 11:39:38 AM

Logfile: 

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.31.03

Rootkit Database: v2015.05.31.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7

CPU: x64

File System: NTFS

User: a

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 361265

Time Elapsed: 43 min, 41 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



AND here are the FRST results
Addition.txt  FRST.txt 



AND now for some reason Hitmanpro dose not give any alert when i open Google Chrome 

[kevinf80]

Do not actually see a great deal wrong, no obvious malware/infection. Continue please:

 

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

 

•  

   

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK

   

• DeFogger will now ask to reboot the machine - click OK

   

   

 

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 

• 
  

Accept the Terms of Use and click Start.
Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• 
  

Download esetsmartinstaller_enu.exe that you'll be given link to.
Double click esetsmartinstaller_enu.exe.
Allow the Terms of Use and click Start.

To perform the scan:

• 
  

Make sure that Remove found threats is unchecked.
Scan archives is checked.
In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
Under “Enable Stealth Technology select “Change” select any extra drives in that window.
Click Start
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When the scan is done, click Finish.
A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

 

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Finally,

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those logs in your next reply..

 

Thanks,

 

Kevin...

 

 

 

 

Fixlist.txt

[Harpreet]

U ran defogger but at the end it does not ask me to restart [ after the finished message ]

[Harpreet]

Do not actually see a great deal wrong, no obvious malware/infection. Continue please:

 

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

 

•  

   

• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK

   

• DeFogger will now ask to reboot the machine - click OK

   

   

 

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Scan with ESET Online Scanner

 

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit ESET Online Scanner website.

 

Click there Run ESET Online Scanner.

 

If using Internet Explorer:

 

 

•  

   

• Accept the Terms of Use and click Start.

   

   

• Allow the running of add-on.

   

   

 

If using Mozilla Firefox or Google Chrome:

 

•  

   

• Download esetsmartinstaller_enu.exe that you'll be given link to.

   

   

• Double click esetsmartinstaller_enu.exe.

   

   

• Allow the Terms of Use and click Start.

   

   

 

To perform the scan:

 

•  

   

• Make sure that Remove found threats is unchecked.

   

   

• Scan archives is checked.

   

   

• In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.

   

   

• Under “Enable Stealth Technology select “Change” select any extra drives in that window.

   

   

• Click Start

   

   

• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.

   

   

• When completed, the program will begin to scan. This may take several hours. Please, be patient.

   

   

• Do not do anything on your machine as it may interrupt the scan.

   

   

• When the scan is done, click Finish.

   

   

• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

   

   

 

 

Please include this logfile in your next reply.

 

Don't forget to re-enable protection software!

 

Finally,

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those logs in your next reply..

 

Thanks,

 

Kevin...

 

U ran defogger but at the end it does not ask me to restart [ after the finished message ]

I*

[kevinf80]

Continue with the next steps and post the logs...

[Harpreet]

Here are the results 

defogger_disable.log

Log file {ESET] is having trouble uploading so i have posted the contents
 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=83c5d027b5a93a4f935fd38ffec5a948

# end=init

# utc_time=2015-06-03 03:20:08

# local_time=2015-06-03 08:50:08 (+0530, India Standard Time)

# country="United States"

# osver=6.1.7600 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 24143

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=83c5d027b5a93a4f935fd38ffec5a948

# end=updated

# utc_time=2015-06-03 03:32:35

# local_time=2015-06-03 09:02:35 (+0530, India Standard Time)

# country="United States"

# osver=6.1.7600 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=83c5d027b5a93a4f935fd38ffec5a948

# engine=24143

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-06-03 04:27:32

# local_time=2015-06-03 09:57:32 (+0530, India Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode_1='Bitdefender Antivirus Free Edition'

# compatibility_mode=2059 16777213 100 100 0 92170795 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 53458607 185757584 0 0

# scanned=106825

# found=7

# cleaned=0

# scan_time=3294

sh=7E62CD24C68C6873E2367358E9B67F26B832DD4A ft=1 fh=c71c001152d7a4ca vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmApp.dll.vir"

sh=AD188F10AB5A30A6EE8149A6AAF68247FC9E63E5 ft=1 fh=c71c00110d6f5af3 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmEng.dll.vir"

sh=DA7464E58409B29B1ED2C7A65F3FD61402DAC1A5 ft=1 fh=dce5cbde4ee07593 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarmsrv.exe.vir"

sh=9F1F8446680FD61541FCC3E2B75E44E0EDCDFCAE ft=1 fh=e93b79f29aa9228b vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll.vir"

sh=9B5AA9D21F25F281DCD07094AAEE9BD4CF03F12D ft=1 fh=1c058e4f2945e215 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\a\appData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe.vir"

sh=8490554F15357EA162494EE1763509959F3EBAEB ft=1 fh=58b66b725959d138 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\a\appData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe.vir"

sh=E4772585CEB9AA369A292D03667C7AA76E9EA04A ft=1 fh=274da3f94e245cf7 vn="Win32/Toolbar.Montiera.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\a\appData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe.vir"

And the result from Security check

 Results of screen317's Security Check version 1.002  

 Windows 7  x64 (UAC is enabled)  

 Out of date service pack!! 

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Bitdefender Antivirus Free Edition   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

  Adobe Flash Player 11.8.800.168 Flash Player out of Date!  

 Google Chrome (43.0.2357.65) 

 Google Chrome (43.0.2357.81) 

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Bitdefender Antivirus Free Edition gzserv.exe  

 Bitdefender Antivirus Free Edition gziface.exe  

 Malwarebytes Anti-Exploit mbae-svc.exe   

 Malwarebytes Anti-Exploit mbae64.exe   

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Malwarebytes Anti-Exploit mbae.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

 

 

[kevinf80]

No issues with ESET log, all entries old files already quarantined...

 

Next,

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of bundled extras etc, untick those options if offered...

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 

• 
  

    Remove disinfection tools
    Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

It is essential to update your system with Service Pack One (SP1) without that pack your system maybe prone to infection....

 

If it will not install via normal update process, it can be manually downloaded here: http://windows.microsoft.com/en-GB/windows/service-packs-download#sptabs=win7

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thank you,

 

Kevin..

[Harpreet]

System is working fine now but my free hard disk space [drive C] has been decreased to 3.08GB from 5.9GB something. 

[kevinf80]

Where has the space gone, what has used that amount of data...

[Harpreet]

Maybe windows SP1 i guess 
But anyway the system is working completely fine

Thank you so much   

[kevinf80]

Yes sp1 would explain what happened, good to hear all is well with your OS...

 

Take care and surf safe,

 

Kevin...

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.