lmk43 #1 Posted August 18, 2008 Malwarebytes' Anti-Malware 1.25Database version: 1062Windows 6.0.6001 Service Pack 11:48:11 AM 8/19/2008mbam-log-08-19-2008 (01-48-09).txtScan type: Quick ScanObjects scanned: 1Time elapsed: 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken. Share this post Link to post Share on other sites
nosirrah #2 Posted August 19, 2008 http://www.malwarebytes.org/forums/index.php?showtopic=3228I need you to do this and also submit that file here just to make sure :http://www.virustotal.com/ Share this post Link to post Share on other sites
lmk43 #3 Posted August 19, 2008 http://www.malwarebytes.org/forums/index.php?showtopic=3228I need you to do this and also submit that file here just to make sure :http://www.virustotal.com/http://www.virustotal.com/analisis/c62015a...a0eb8866ed51928I also did a quick scan.Developer scan didn`t find anything Share this post Link to post Share on other sites
nosirrah #4 Posted August 19, 2008 Is the file still there ?Dev mode only gives me encrypted def that hit that file , scan is the same .You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .Without the file and/or a dev mode scan I cant do anything about this one . Share this post Link to post Share on other sites
lmk43 #5 Posted August 19, 2008 Is the file still there ?Dev mode only gives me encrypted def that hit that file , scan is the same .You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .Without the file and/or a dev mode scan I cant do anything about this one .Hitman Pro 3 is a Beta Version.I don`t know where i got it but it`s a legit one.I uploaded the requested fileVirustotal report---------------------------------------------------------------------------------------------------------------------------------Antivirus Version Last Update Result AhnLab-V3 2008.8.19.0 2008.08.18 - AntiVir 7.8.1.19 2008.08.18 - Authentium 5.1.0.4 2008.08.18 - Avast 4.8.1195.0 2008.08.18 - AVG 8.0.0.161 2008.08.18 - BitDefender 7.2 2008.08.19 - CAT-QuickHeal 9.50 2008.08.18 - ClamAV 0.93.1 2008.08.18 - DrWeb 4.44.0.09170 2008.08.18 - eSafe 7.0.17.0 2008.08.18 Suspicious File eTrust-Vet 31.6.6035 2008.08.15 - Ewido 4.0 2008.08.18 - F-Prot 4.4.4.56 2008.08.18 - Fortinet 3.14.0.0 2008.08.18 - GData 2.0.7306.1023 2008.08.19 - Ikarus T3.1.1.34.0 2008.08.19 - K7AntiVirus 7.10.420 2008.08.18 - Kaspersky 7.0.0.125 2008.08.19 - McAfee 5363 2008.08.18 - Microsoft 1.3807 2008.08.19 - NOD32v2 3366 2008.08.19 archive damaged Norman 5.80.02 2008.08.18 - Panda 9.0.0.4 2008.08.18 - PCTools 4.4.2.0 2008.08.18 - Prevx1 V2 2008.08.19 - Rising 20.58.02.00 2008.08.18 - Sophos 4.32.0 2008.08.18 - Sunbelt 3.1.1546.1 2008.08.15 - Symantec 10 2008.08.19 - TheHacker 6.3.0.5.054 2008.08.19 - TrendMicro 8.700.0.1004 2008.08.18 - VBA32 3.12.8.3 2008.08.18 - ViRobot 2008.8.18.1339 2008.08.18 - VirusBuster 4.5.11.0 2008.08.18 - Webwasher-Gateway 6.6.2 2008.08.18 - Additional information File size: 3639008 bytes MD5...: b937dc9c2ead89cb2bdbd10258613426 SHA1..: e50ff3b45f2dfd53a22af6d5b34fc4bd634c60bc SHA256: 390e9c630aade4d4a1757caefd5df2b053e27836ba303e014ebd327cc3f18679 SHA512: 8b4ad4660a02adcf16218680703ae02e52b4191571682ad332f8e6f60f76cf375bf81afc6ea6cdf916afec0fb0129692ed76cf3368ddda10f36d456b06a8878d PEiD..: - PEInfo: PE Structure information( base data )entrypointaddress.: 0x4c2ce0timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5UPX0 0x1000 0x8a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427eUPX1 0x8b000 0x38000 0x38000 7.93 d53a53cd782e0ab2add5e2180d9dcd30.rsrc 0xc3000 0x31000 0x30800 5.09 8c4376ec775fa6e902e918879642db6c( 13 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess> ADVAPI32.dll: RegCloseKey> COMCTL32.dll: ImageList_Create> comdlg32.dll: GetSaveFileNameW> GDI32.dll: LineTo> MPR.dll: WNetUseConnectionW> ole32.dll: CoInitialize> OLEAUT32.dll: -> SHELL32.dll: DragFinish> USER32.dll: GetDC> VERSION.dll: VerQueryValueW> WINMM.dll: timeGetTime> WSOCK32.dll: -( 0 exports ) packers (F-Prot): UPX packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX Share this post Link to post Share on other sites
nosirrah #6 Posted August 19, 2008 Im trying to help here , I need one of these or there is nothing I can do for you :dev mode scanfilelink to fileNow again , is the file still there ? If it is please run a dev mode scan again . Share this post Link to post Share on other sites
lmk43 #7 Posted August 19, 2008 Im trying to help here , I need one of these or there is nothing I can do for you :dev mode scanfilelink to fileNow again , is the file still there ? If it is please run a dev mode scan again .I uploaded the file.I don`t know what happend to the uploaded file.???.I`ll do another dev scan for you.Dev scan fished and nothing found.I`ll try and attach the file again Share this post Link to post Share on other sites
nosirrah #8 Posted August 19, 2008 Is the file still there ?Dev mode only gives me encrypted def that hit that file , scan is the same .You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .Without the file and/or a dev mode scan I cant do anything about this one .I already said why , more than 2 megs .Can I have a link to where I can download this ?Can I have a dev mode scan ?Can you upload to rapidshare (or the like) and send me a link to it ? Share this post Link to post Share on other sites
lmk43 #9 Posted August 19, 2008 I already said why , more than 2 megs .Can I have a link to where I can download this ?Can I have a dev mode scan ?Can you upload to rapidshare (or the like) and send me a link to it ?I found the link.It was hard but i found ithttp://www.hitmanpro.nl/30/hitmanpro3.exe Share this post Link to post Share on other sites
nosirrah #10 Posted August 19, 2008 Perfect , this should be resolved tonight or at the latest tomorow morning . Share this post Link to post Share on other sites
nosirrah #11 Posted August 19, 2008 MMMMM , this file size seems way off , are you sure this is it ?Ill check it out but this seems like it could be a different file . Share this post Link to post Share on other sites
lmk43 #12 Posted August 19, 2008 Perfect , this should be resolved tonight or at the latest tomorow morning .It`s the same file.But it`s a Beta so there could be some bugs in it.It`s a file with multiple antivirus and antispyware in one. http://www.hitmanpro.nl/hitmanpro/content/view/3/9/lang,en/Thanks anyway.I myself don`t use Hitman Pro.Most of my friends call it stuff man.I think it`s a false possitiveBut he.Who knows.Better safe than sorry. Share this post Link to post Share on other sites
nosirrah #13 Posted August 19, 2008 OK , no detetion so this is not the file . The file size of this file does not match the one in the VT log you posted .This is the third time Im asking this next question , please answer . Is that file still on your system ?Is so I need you to run a dev mode scan and post the results no matter what they are .To do a dev mode scan do the following :Click startClick runType in "mbam.exe /developer", without the ""Everything from this point on will look like a regular scan , please post the log after the scan . Share this post Link to post Share on other sites
lmk43 #14 Posted August 19, 2008 Yes.The file is still on my system.This is the result of the dev scanMalwarebytes' Anti-Malware 1.25Database version: 1062Windows 6.0.6001 Service Pack 13:11:01 AM 8/19/2008mbam-log-08-19-2008 (03-11-01).txtScan type: Quick ScanObjects scanned: 36999Time elapsed: 1 minute(s), 5 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Share this post Link to post Share on other sites
lmk43 #15 Posted August 19, 2008 This is the result if i only scan the hitmanpro3. exe file with a quick scanMalwarebytes' Anti-Malware 1.25Database version: 1062Windows 6.0.6001 Service Pack 13:14:42 AM 8/19/2008mbam-log-08-19-2008 (03-14-40).txtScan type: Quick ScanObjects scanned: 1Time elapsed: 1 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken. Share this post Link to post Share on other sites
RubbeR DuckY #16 Posted August 19, 2008 Can you please visit this link. Click on the Bruce e-mail address. Attach the file to the e-mail and send it. Share this post Link to post Share on other sites
lmk43 #17 Posted August 19, 2008 I hope it`s not to big for my webmail .I`ll try.I`ll zipped in HitmanPro.zip Share this post Link to post Share on other sites
RubbeR DuckY #20 Posted August 19, 2008 He got it. It will be fixed in the next update. Share this post Link to post Share on other sites
lmk43 #21 Posted August 19, 2008 He got it. It will be fixed in the next update.Great.Thanks. Share this post Link to post Share on other sites
lmk43 #22 Posted August 19, 2008 He got it. It will be fixed in the next update.What was the problem.Was it a false positive??? Share this post Link to post Share on other sites
RubbeR DuckY #23 Posted August 19, 2008 Yes it was, a portion of the file matched a malicious file. Share this post Link to post Share on other sites
lmk43 #24 Posted August 20, 2008 Yes it was, a portion of the file matched a malicious file.Ok Share this post Link to post Share on other sites