Jump to content

HitmanPro Alert Intruder alert when loading SRWare Iron


Recommended Posts

Hi,

I am using HitmanPro.Alert 3.5.3 build 562 and when I load SRWare Iron Version 53.0.2800.0 (64-bit) I keep getting an
Intruder altert. I did scans with the latest versions of ESET Smart Security, MalwareBytes Ant-Malware and Malware Bytes Anti-Exploit
and nothing has been found by any of these programs.

Any idea?

PID          15376
Application  E:\Program Files\Internet\SRWare Iron (64-Bit)\chrome.exe
Description  SRWare Iron 53

Detour Report
#  Address             Owner                    Disassembly
-- ------------------  ------------------------ ------------------------
DecryptMessage
 1 0x00007FFE134D59D0  SspiCli.dll              JMP 0x7ffe0715cac0
 2 0x00007FFE0715CAC0  eOppMonitor.dll          

EncryptMessage
 1 0x00007FFE134D5880  SspiCli.dll              JMP 0x7ffe0715c8b0
 2 0x00007FFE0715C8B0  eOppMonitor.dll          

CreateProcessInternalW
 1 0x00007FFE13891020  KernelBase.dll           JMP 0x7ffe1417000e
 2 0x00007FFE1417000E  (anonymous)              

NdrpClientCall2
 1 0x00007FFE14F72220  RPCRT4.dll               JMP 0x7ffde49e0d54
 2 0x00007FFDE49E0D54  (unknown)                

GetMessageA
 1 0x00007FFE171BE8B0  USER32.dll               JMP 0x7ffde49e0d18
 2 0x00007FFDE49E0D18  (unknown)                

GetMessageW
 1 0x00007FFE171C4840  USER32.dll               JMP 0x7ffde49e0cd4
 2 0x00007FFDE49E0CD4  (unknown)                

PeekMessageA
 1 0x00007FFE171BE300  USER32.dll               JMP 0x7ffde49e0c98
 2 0x00007FFDE49E0C98  (unknown)                

PeekMessageW
 1 0x00007FFE171BE430  USER32.dll               JMP 0x7ffde49e0c58
 2 0x00007FFDE49E0C58  (unknown)                

KiUserExceptionDispatcher
 1 0x00007FFE17418A00  ntdll.dll                JMP 0x7ffde49e0d96
 2 0x00007FFDE49E0D96  (unknown)                

LdrLoadDll
 1 0x00007FFE17379E70  ntdll.dll                JMP 0x7ffde49e0e15
 2 0x00007FFDE49E0E15  (unknown)                

NtAllocateVirtualMemory
 1 0x00007FFE17415140  ntdll.dll                JMP 0x7ffe1757000e
 2 0x00007FFE1757000E  (anonymous)              

NtFreeVirtualMemory
 1 0x00007FFE17415200  ntdll.dll                JMP 0x7ffde49e0f16
 2 0x00007FFDE49E0F16  (unknown)                

NtMapViewOfSection
 1 0x00007FFE17415340  ntdll.dll                JMP 0x7ffde49e0e96
 2 0x00007FFDE49E0E96  (unknown)                

NtProtectVirtualMemory
 1 0x00007FFE17415840  ntdll.dll                JMP 0x7ffde49e0ed6
 2 0x00007FFDE49E0ED6  (unknown)                

NtUnmapViewOfSection
 1 0x00007FFE17415380  ntdll.dll                JMP 0x7ffde49e0e56
 2 0x00007FFDE49E0E56  (unknown)                

NtWaitForDebugEvent
 1 0x00007FFE174185D0  ntdll.dll                JMP 0x7ffde49e0fd6
 2 0x00007FFDE49E0FD6  (unknown)                

RtlInstallFunctionTableCallback
 1 0x00007FFE173E08E0  ntdll.dll                JMP 0x7ffde49e0f98
 2 0x00007FFDE49E0F98  (unknown)                
 

Link to post
Share on other sites

  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.