Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 12 subscribers
  • Views 3059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hitman Pro Alert

E Jones

My Hitman Pro Alert subscription had expired but still scanned without issue.  A recent scan revealed malware.  I immediately bought a new key and reactivated the product.  However, the scan alert window was unresponsive and wouldn't remove the malware or otherwise respond after activation.   I rebooted, ran another scan and it revealed nothing.  There is nothing showing in the history or event viewer.  I did, however,  save the the file showing the malware.  Can anyone help me?

 

Fullscreen 8117.HitmanPro_20181107_0718.log Download 
[code]

HitmanPro 3.8.0.295

www.hitmanpro.com



   Computer name . . . . : HOME

   Windows . . . . . . . : 6.3.0.9600.X86/2

   User name . . . . . . : Home\Beth

   UAC . . . . . . . . . : Enabled

   License . . . . . . . : Paid (365 days left)



   Scan date . . . . . . : 2018-11-07 07:03:03

   Scan mode . . . . . . : Quick

   Scan duration . . . . : 1m 40s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No



   Threats . . . . . . . : 0

   Traces  . . . . . . . : 2



   Objects scanned . . . : 1,405

   Files scanned . . . . : 1,405

   Remnants scanned  . . : 0 files / 0 keys



Miniport ____________________________________________________________________



   Primary

      DriverObject . . . : 89B2F380

      DriverName . . . . : \Driver\atapi

      DriverPath . . . . : \SystemRoot\System32\drivers\atapi.sys

      StartIo  . . . . . : 00000000 +0

      IRP_MJ_SCSI  . . . : 8D824120 \??\C:\Windows\system32\drivers\hmpalert.sys+147744

   Solution

      DriverObject . . . : 89B2F380

      DriverName . . . . : \Driver\atapi

      DriverPath . . . . : \SystemRoot\System32\drivers\atapi.sys

      StartIo  . . . . . : 00000000 +0

      IRP_MJ_SCSI  . . . : 85F64EA0 \SystemRoot\System32\drivers\ataport.SYS+11936



Suspicious files ____________________________________________________________



   C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\nzidu6wf.default\webappsstore.sqlite-shm

      Size . . . . . . . : 32,768 bytes

      Age  . . . . . . . : -0.0 days (2018-11-07 07:02:40)

      Entropy  . . . . . : 5.9

      SHA-256  . . . . . : 1EE9AC79D441ADBF9DB52F3906535E284D9118C4B78618F6A5F196C539C0157A

      Product  . . . . . : Microsoft� Windows� Operating System

      Publisher  . . . . : Microsoft Corporation

      Description  . . . : Multi-Transport Composite Bus Enumerator

      Version  . . . . . : 6.3.9600.16384

      Copyright  . . . . : � Microsoft Corporation. All rights reserved.

      LanguageID . . . . : 1033

      Fuzzy  . . . . . . : 50.0

         The file is hidden from Windows API. This is typical for malware.

         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.

         Time indicates that the file appeared recently on this computer.

         The file name extension of this program is not common.

         The file is in use by one or more active processes.

         The file is a device driver. Device drivers run as trusted (highly privileged) code.







[/code]



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML