FP Hitmanpro3

[lmk43]

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 6.0.6001 Service Pack 1

1:48:11 AM 8/19/2008

mbam-log-08-19-2008 (01-48-09).txt

Scan type: Quick Scan

Objects scanned: 1

Time elapsed: 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken.

[nosirrah]

http://www.malwarebytes.org/forums/index.php?showtopic=3228

I need you to do this and also submit that file here just to make sure :

http://www.virustotal.com/

[lmk43]

http://www.malwarebytes.org/forums/index.php?showtopic=3228

I need you to do this and also submit that file here just to make sure :

http://www.virustotal.com/

http://www.virustotal.com/analisis/c62015a...a0eb8866ed51928

I also did a quick scan.Developer scan didn`t find anything

[nosirrah]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .

Without the file and/or a dev mode scan I cant do anything about this one .

[lmk43]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .

Without the file and/or a dev mode scan I cant do anything about this one .

Hitman Pro 3 is a Beta Version.I don`t know where i got it but it`s a legit one.

I uploaded the requested file

Virustotal report

---------------------------------------------------------------------------------------------------------------------------------

Antivirus Version Last Update Result

AhnLab-V3 2008.8.19.0 2008.08.18 -

AntiVir 7.8.1.19 2008.08.18 -

Authentium 5.1.0.4 2008.08.18 -

Avast 4.8.1195.0 2008.08.18 -

AVG 8.0.0.161 2008.08.18 -

BitDefender 7.2 2008.08.19 -

CAT-QuickHeal 9.50 2008.08.18 -

ClamAV 0.93.1 2008.08.18 -

DrWeb 4.44.0.09170 2008.08.18 -

eSafe 7.0.17.0 2008.08.18 Suspicious File

eTrust-Vet 31.6.6035 2008.08.15 -

Ewido 4.0 2008.08.18 -

F-Prot 4.4.4.56 2008.08.18 -

Fortinet 3.14.0.0 2008.08.18 -

GData 2.0.7306.1023 2008.08.19 -

Ikarus T3.1.1.34.0 2008.08.19 -

K7AntiVirus 7.10.420 2008.08.18 -

Kaspersky 7.0.0.125 2008.08.19 -

McAfee 5363 2008.08.18 -

Microsoft 1.3807 2008.08.19 -

NOD32v2 3366 2008.08.19 archive damaged

Norman 5.80.02 2008.08.18 -

Panda 9.0.0.4 2008.08.18 -

PCTools 4.4.2.0 2008.08.18 -

Prevx1 V2 2008.08.19 -

Rising 20.58.02.00 2008.08.18 -

Sophos 4.32.0 2008.08.18 -

Sunbelt 3.1.1546.1 2008.08.15 -

Symantec 10 2008.08.19 -

TheHacker 6.3.0.5.054 2008.08.19 -

TrendMicro 8.700.0.1004 2008.08.18 -

VBA32 3.12.8.3 2008.08.18 -

ViRobot 2008.8.18.1339 2008.08.18 -

VirusBuster 4.5.11.0 2008.08.18 -

Webwasher-Gateway 6.6.2 2008.08.18 -

Additional information

File size: 3639008 bytes

MD5...: b937dc9c2ead89cb2bdbd10258613426

SHA1..: e50ff3b45f2dfd53a22af6d5b34fc4bd634c60bc

SHA256: 390e9c630aade4d4a1757caefd5df2b053e27836ba303e014ebd327cc3f18679

SHA512: 8b4ad4660a02adcf16218680703ae02e52b4191571682ad332f8e6f60f76cf37

5bf81afc6ea6cdf916afec0fb0129692ed76cf3368ddda10f36d456b06a8878d

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x4c2ce0

timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x8a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x8b000 0x38000 0x38000 7.93 d53a53cd782e0ab2add5e2180d9dcd30

.rsrc 0xc3000 0x31000 0x30800 5.09 8c4376ec775fa6e902e918879642db6c

( 13 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> COMCTL32.dll: ImageList_Create

> comdlg32.dll: GetSaveFileNameW

> GDI32.dll: LineTo

> MPR.dll: WNetUseConnectionW

> ole32.dll: CoInitialize

> OLEAUT32.dll: -

> SHELL32.dll: DragFinish

> USER32.dll: GetDC

> VERSION.dll: VerQueryValueW

> WINMM.dll: timeGetTime

> WSOCK32.dll: -

( 0 exports )

packers (F-Prot): UPX

packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX

[nosirrah]

Im trying to help here , I need one of these or there is nothing I can do for you :

dev mode scan

file

link to file

Now again , is the file still there ? If it is please run a dev mode scan again .

[lmk43]

Im trying to help here , I need one of these or there is nothing I can do for you :

dev mode scan

file

link to file

Now again , is the file still there ? If it is please run a dev mode scan again .

I uploaded the file.I don`t know what happend to the uploaded file.???.I`ll do another dev scan for you.Dev scan fished and nothing found.I`ll try and attach the file again

[nosirrah]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .

Without the file and/or a dev mode scan I cant do anything about this one .

I already said why , more than 2 megs .

Can I have a link to where I can download this ?

Can I have a dev mode scan ?

Can you upload to rapidshare (or the like) and send me a link to it ?

[lmk43]

I already said why , more than 2 megs .

Can I have a link to where I can download this ?

Can I have a dev mode scan ?

Can you upload to rapidshare (or the like) and send me a link to it ?

I found the link.It was hard but i found it

http://www.hitmanpro.nl/30/hitmanpro3.exe

[nosirrah]

Perfect , this should be resolved tonight or at the latest tomorow morning .

[nosirrah]

MMMMM , this file size seems way off , are you sure this is it ?

Ill check it out but this seems like it could be a different file .

[lmk43]

Perfect , this should be resolved tonight or at the latest tomorow morning .

It`s the same file.But it`s a Beta so there could be some bugs in it.It`s a file with multiple antivirus and antispyware in one.

http://www.hitmanpro.nl/hitmanpro/content/view/3/9/lang,en/

Thanks anyway.I myself don`t use Hitman Pro.Most of my friends call it stuff man.

I think it`s a false possitive

But he.Who knows.Better safe than sorry.

[nosirrah]

OK , no detetion so this is not the file . The file size of this file does not match the one in the VT log you posted .

This is the third time Im asking this next question , please answer . Is that file still on your system ?

Is so I need you to run a dev mode scan and post the results no matter what they are .

To do a dev mode scan do the following :

Click start

Click run

Type in "mbam.exe /developer", without the ""

Everything from this point on will look like a regular scan , please post the log after the scan .

[lmk43]

Yes.The file is still on my system.This is the result of the dev scan

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 6.0.6001 Service Pack 1

3:11:01 AM 8/19/2008

mbam-log-08-19-2008 (03-11-01).txt

Scan type: Quick Scan

Objects scanned: 36999

Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[lmk43]

This is the result if i only scan the hitmanpro3. exe file with a quick scan

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 6.0.6001 Service Pack 1

3:14:42 AM 8/19/2008

mbam-log-08-19-2008 (03-14-40).txt

Scan type: Quick Scan

Objects scanned: 1

Time elapsed: 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken.

[RubbeR DuckY]

Can you please visit this link. Click on the Bruce e-mail address. Attach the file to the e-mail and send it.

[lmk43]

I hope it`s not to big for my webmail .I`ll try.I`ll zipped in HitmanPro.zip

[RubbeR DuckY]

Thanks!

[lmk43]

On it`s way!!!

[RubbeR DuckY]

He got it. It will be fixed in the next update.

[lmk43]

He got it. It will be fixed in the next update.

Great.Thanks.

[lmk43]

He got it. It will be fixed in the next update.

What was the problem.Was it a false positive???

[RubbeR DuckY]

Yes it was, a portion of the file matched a malicious file.

[lmk43]

Yes it was, a portion of the file matched a malicious file.

Ok