23 replies to this topic

[lmk43]

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6001 Service Pack 1

1:48:11 AM 8/19/2008
mbam-log-08-19-2008 (01-48-09).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken.

Attached Images

• 

[nosirrah]

http://www.malwareby...?showtopic=3228

I need you to do this and also submit that file here just to make sure :

http://www.virustotal.com/

[lmk43]

http://www.malwareby...?showtopic=3228

I need you to do this and also submit that file here just to make sure :

http://www.virustotal.com/

http://www.virustota...a0eb8866ed51928
I also did a quick scan.Developer scan didn`t find anything

[nosirrah]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .


Without the file and/or a dev mode scan I cant do anything about this one .

[lmk43]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .


Without the file and/or a dev mode scan I cant do anything about this one .

Hitman Pro 3 is a Beta Version.I don`t know where i got it but it`s a legit one.
I uploaded the requested file
Virustotal report
---------------------------------------------------------------------------------------------------------------------------------
Antivirus Version Last Update Result
AhnLab-V3 2008.8.19.0 2008.08.18 -
AntiVir 7.8.1.19 2008.08.18 -
Authentium 5.1.0.4 2008.08.18 -
Avast 4.8.1195.0 2008.08.18 -
AVG 8.0.0.161 2008.08.18 -
BitDefender 7.2 2008.08.19 -
CAT-QuickHeal 9.50 2008.08.18 -
ClamAV 0.93.1 2008.08.18 -
DrWeb 4.44.0.09170 2008.08.18 -
eSafe 7.0.17.0 2008.08.18 Suspicious File
eTrust-Vet 31.6.6035 2008.08.15 -
Ewido 4.0 2008.08.18 -
F-Prot 4.4.4.56 2008.08.18 -
Fortinet 3.14.0.0 2008.08.18 -
GData 2.0.7306.1023 2008.08.19 -
Ikarus T3.1.1.34.0 2008.08.19 -
K7AntiVirus 7.10.420 2008.08.18 -
Kaspersky 7.0.0.125 2008.08.19 -
McAfee 5363 2008.08.18 -
Microsoft 1.3807 2008.08.19 -
NOD32v2 3366 2008.08.19 archive damaged
Norman 5.80.02 2008.08.18 -
Panda 9.0.0.4 2008.08.18 -
PCTools 4.4.2.0 2008.08.18 -
Prevx1 V2 2008.08.19 -
Rising 20.58.02.00 2008.08.18 -
Sophos 4.32.0 2008.08.18 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.19 -
TheHacker 6.3.0.5.054 2008.08.19 -
TrendMicro 8.700.0.1004 2008.08.18 -
VBA32 3.12.8.3 2008.08.18 -
ViRobot 2008.8.18.1339 2008.08.18 -
VirusBuster 4.5.11.0 2008.08.18 -
Webwasher-Gateway 6.6.2 2008.08.18 -
Additional information
File size: 3639008 bytes
MD5...: b937dc9c2ead89cb2bdbd10258613426
SHA1..: e50ff3b45f2dfd53a22af6d5b34fc4bd634c60bc
SHA256: 390e9c630aade4d4a1757caefd5df2b053e27836ba303e014ebd327cc3f18679
SHA512: 8b4ad4660a02adcf16218680703ae02e52b4191571682ad332f8e6f60f76cf37
5bf81afc6ea6cdf916afec0fb0129692ed76cf3368ddda10f36d456b06a8878d
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4c2ce0
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x8a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x8b000 0x38000 0x38000 7.93 d53a53cd782e0ab2add5e2180d9dcd30
.rsrc 0xc3000 0x31000 0x30800 5.09 8c4376ec775fa6e902e918879642db6c

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )

packers (F-Prot): UPX
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX

[nosirrah]

Im trying to help here , I need one of these or there is nothing I can do for you :

dev mode scan
file
link to file

Now again , is the file still there ? If it is please run a dev mode scan again .

[lmk43]

Im trying to help here , I need one of these or there is nothing I can do for you :

dev mode scan
file
link to file

Now again , is the file still there ? If it is please run a dev mode scan again .

I uploaded the file.I don`t know what happend to the uploaded file.???.I`ll do another dev scan for you.Dev scan fished and nothing found.I`ll try and attach the file again

[nosirrah]

Is the file still there ?

Dev mode only gives me encrypted def that hit that file , scan is the same .

You might need to upload the file somewhere and link to it . I think regular users can only upload 2 megs .


Without the file and/or a dev mode scan I cant do anything about this one .

I already said why , more than 2 megs .

Can I have a link to where I can download this ?
Can I have a dev mode scan ?
Can you upload to rapidshare (or the like) and send me a link to it ?

[lmk43]

I already said why , more than 2 megs .

Can I have a link to where I can download this ?
Can I have a dev mode scan ?
Can you upload to rapidshare (or the like) and send me a link to it ?

I found the link.It was hard but i found it
http://www.hitmanpro.../hitmanpro3.exe

[nosirrah]

Perfect , this should be resolved tonight or at the latest tomorow morning .

[nosirrah]

MMMMM , this file size seems way off , are you sure this is it ?

Ill check it out but this seems like it could be a different file .

[lmk43]

Perfect , this should be resolved tonight or at the latest tomorow morning .

It`s the same file.But it`s a Beta so there could be some bugs in it.It`s a file with multiple antivirus and antispyware in one.
http://www.hitmanpro...ew/3/9/lang,en/
Thanks anyway.I myself don`t use Hitman Pro.Most of my friends call it Shit man.
I think it`s a false possitive
But he.Who knows.Better safe than sorry.

[nosirrah]

OK , no detetion so this is not the file . The file size of this file does not match the one in the VT log you posted .

This is the third time Im asking this next question , please answer . Is that file still on your system ?

Is so I need you to run a dev mode scan and post the results no matter what they are .

To do a dev mode scan do the following :

Click start
Click run
Type in "mbam.exe /developer", without the ""

Everything from this point on will look like a regular scan , please post the log after the scan .

[lmk43]

Yes.The file is still on my system.This is the result of the dev scan
Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6001 Service Pack 1

3:11:01 AM 8/19/2008
mbam-log-08-19-2008 (03-11-01).txt

Scan type: Quick Scan
Objects scanned: 36999
Time elapsed: 1 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[lmk43]

This is the result if i only scan the hitmanpro3. exe file with a quick scan
Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6001 Service Pack 1

3:14:42 AM 8/19/2008
mbam-log-08-19-2008 (03-14-40).txt

Scan type: Quick Scan
Objects scanned: 1
Time elapsed: 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Krijger\downloads\hitmanpro3.exe (Trojan.Agent) -> No action taken.

[RubbeR DuckY]

Can you please visit this link. Click on the Bruce e-mail address. Attach the file to the e-mail and send it.

[lmk43]

I hope it`s not to big for my webmail .I`ll try.I`ll zipped in HitmanPro.zip

[RubbeR DuckY]

Thanks!

[lmk43]

On it`s way!!!

[RubbeR DuckY]

He got it. It will be fixed in the next update.