Jump to content

Malwarebytes beats Hitmanpro Alert on its own game...

Kyle124

By Kyle124
in General Chat

 Share

Recommended Posts

Kyle124

Kyle124

Posted
Posted

Wtf guys... I buy hitmanpro alert only so it will protect me from cyrptolockers and their website advertises 100% crytpolocker protection and says its so much better than mbam anti-exploit with ticks on everything etc. But recently I downloaded a normal cryptolocker and ran it and GUESS WHAT, LOL HITMANPRO ALERT DID NADA. 

 

It was more than obvious, it encrypted all my fkn files and changed wallpaper, give me message about encryption I cannot even close. 

 

Guess what?? Does all antivirus and these hitmanpro security things all suck this badly? 

 

Here is the virustotal - https://www.virustotal.com/sv/file/46cc04d52273c8ac0608d684129ea454c99173aaf28d46aa367127b17dbb70e6/analysis/

 

Here you got a new customer MBAM.... censored hitmanpro alert and their false product that clearly STATED protection with cryptoguard but did nothing, they scammed my 25 dollars for nothing!

 

How come 99% of the top antiviruses could have missed this? And how come Avira detects it when it only uses signatures? 

 

 

 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Hi Kyle124 :)

The original CryptoLocker infection doesn't exist anymore, since it has been disrupted by Operation Tovar during the Summer of 2013. Is it possible to know what exact "ransomware" you downloaded and used? Also, which version if HitmanPro.Alert did you use, v2 or v3?

SurfRight and HitmanPro.Alert are totally legitimate and efficient, so I find it a bit unfair to bash the program like this without giving us more information.

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

Hi Kyle124 :)

The original CryptoLocker infection doesn't exist anymore, since it has been disrupted by Operation Tovar during the Summer of 2013. Is it possible to know what exact "ransomware" you downloaded and used? Also, which version if HitmanPro.Alert did you use, v2 or v3?

SurfRight and HitmanPro.Alert are totally legitimate and efficient, so I find it a bit unfair to bash the program like this without giving us more information.

Its fair because they literally say on their website how it protects against cryptolockers and has every ticks in protection etc bragging. I am using latest version 3 with updated build to latest version so thats not the problem and everything is enabled. 

 

http://www.surfright.nl/en/cryptoguardhere they promise protection against cryptolockers but it failed... miserably

 

Im suprised only 4/57 on virustotal... this means 99% top av vendors would let this virus destroy peoples files forever. I clicked on a link from skype to download this virus and I didnt have mbam premieum, only free so yep it got inside and my antivirus avast did nothing either and hitmanpro alert failed so... MBAM premieum would have protected me but I only had free. 

 

I switched my antivirus to Avira Pro and MBAM premium. 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Malwarebytes Premium is not an Antivirus, it's an Antimalware. It's not meant to be used as the main line of defense on a system, but to complement your current Antivirus product to increase your protection. See the Malwarebytes' article below.

Does Malwarebytes Anti-Malware replace antivirus software?

Now, can you tell me what Cryptoware you downloaded and ran? Also, where did you get the sample from?

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello Kyle124 and :welcome:

If you would like additional assistance mitigating any remaining malware elements, I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories.

Thank you. :)

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Scratch my last question, I missed it.

this means 99% top av vendors would let this virus destroy peoples files forever. I clicked on a link from skype to download this virus and I didnt have mbam premieum, only free so yep it got inside and my antivirus avast did nothing either and hitmanpro alert failed so... MBAM premieum would have protected me but I only had free.

Why would you click on a link without checking it prior hand? Also, it's not because it's not detected by an Antivirus on VirusTotal, that it means that it won't be blocked by it. Do you know what "Behavior Protection" is? Antivirus programs like ESET and Emsisoft uses it to block executable (malicious ones) like these.

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

Scratch my last question, I missed it.

Why would you click on a link without checking it prior hand? Also, it's not because it's not detected by an Antivirus on VirusTotal, that it means that it won't be blocked by it. Do you know what "Behavior Protection" is? Antivirus programs like ESET and Emsisoft uses it to block executable (malicious ones) like these.

Its fine tho.. was my secondary laptop. Not important files but still :P I thought with Avast and Hitmanpro alert I have good protection enough to not scan every url but damn they sucked. 

Link to post
Share on other sites
Aura

Aura

Posted
Posted

Yet again, you judge products without knowing how they work. What if you just downloaded a new variant of a Cryptoware? How would you expect "every Antivirus" to be able to block it? If you are able to get that executable again (safely), I would like you to upload it on ge.tt and PM me the download link. I'll pass it along to a SurfRight Rep. on BleepingComputer so he can check it out. Maybe he'll be able to tell us what happened.

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

Yet again, you judge products without knowing how they work. What if you just downloaded a new variant of a Cryptoware? How would you expect "every Antivirus" to be able to block it? If you are able to get that executable again (safely), I would like you to upload it on ge.tt and PM me the download link. I'll pass it along to a SurfRight Rep. on BleepingComputer so he can check it out. Maybe he'll be able to tell us what happened.

ok il try find it for you sec.

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

Also, this looks like TeslaCrypt, but it could be it's new version as well, Alpha Crypt (which is brand new). If you still have your infected system, can you check the extension of the encrypted files? Is it .ecc or .ezz?

Not sure, can check but maybe Malwarebytes can give more info since they detected it but through heuristics scan. 

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

It would be more helpful if you checked the file extension of the encryption files :) Since I don't know if Malwarebytes have a different detection name for both TeslaCrypt and Alpha Crypt.

I dont remember exactly but I think it was ezz, according to my memory atleast. Pretty sure was ezz. Whats the difference? Either way its encrypted.

Link to post
Share on other sites
Aura

Aura

Posted
Posted

If your encrypted files have the .ezz extension, it's because they have been encrypted with Alpha Crypt. TeslaCrypt changes the extension to .ecc. Since Alpha Crypt is pretty new, it's possible that HitmanPro.Alert wasn't updated to block it at the moment. Maybe it uses techniques that aren't countered by HitmanPro.Alert, hence why it failed to protect you. This is only a possibility, something else might have happened as well.

I would follow 1PW's advice and get checked in the malware removal section here on Malwarebytes Forums. If you want, there's currently a Support thread dedicated to Alpha Crypt on BleepingComputer. Everything about this Cryptoware will be posted in that thread. So if any free recovery method, decrypter, etc. are found, this thread will have all the information in it. Grinler, Lawrence Abrams (the Owner and Founder of BleepingComputer) might also ask you to upload samples of your files in order to find a way to decrypt the files for free. Here's the link:

TeslaCrypt ransomware changes its name to Alpha Crypt

BleepingComputer also host a FAQ covering the TeslaCrypt and Alpha Crypt infections, so if you want to read more about them, and see what you can do next, I suggest you to consult it.

TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

If your encrypted files have the .ezz extension, it's because they have been encrypted with Alpha Crypt. TeslaCrypt changes the extension to .ecc. Since Alpha Crypt is pretty new, it's possible that HitmanPro.Alert wasn't updated to block it at the moment. Maybe it uses techniques that aren't countered by HitmanPro.Alert, hence why it failed to protect you. This is only a possibility, something else might have happened as well.

I would follow 1PW's advice and get checked in the malware removal section here on Malwarebytes Forums. If you want, there's currently a Support thread dedicated to Alpha Crypt on BleepingComputer. Everything about this Cryptoware will be posted in that thread. So if any free recovery method, decrypter, etc. are found, this thread will have all the information in it. Grinler, Lawrence Abrams (the Owner and Founder of BleepingComputer) might also ask you to upload samples of your files in order to find a way to decrypt the files for free. Here's the link:

TeslaCrypt ransomware changes its name to Alpha Crypt

BleepingComputer also host a FAQ covering the TeslaCrypt and Alpha Crypt infections, so if you want to read more about them, and see what you can do next, I suggest you to consult it.

TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

Its fine, I reset the pc, thankfully it was my secondary pc and didnt have important files. Yeah its new its 0-day malware but look at the website of surfright they say '' Since malware authors are very creative with code packers and polymorphic engines we see that new or zero-day versions of ransomware cannot be timely detected using just antivirus signatures. We've also seen ransomware use code injection and hollow process techniques to hide inside legitimate processes. Think of Explorer.exe or Winword.exe encrypting your documents and files for ransom money.''

 

''We''ve designed our CryptoGuard technology to stop prevalent and future crypto-ransomware. It does not try to detect this malware based on its static properties, but it detects crypto-ransomware based on its file system behavior. If suspicious behavior is detected, it is then blocked (the encryption of the files) and the malware is neutralized, without the need for any user intervention. The benefit of this solution is that it is much harder for a malware-author to radically change its behaviour (taking the files hostage) than it is to change its static properties, i.e. where it is located and how the physical code is structured. CryptoGuard offers a more universal and future proof solution.

CryptoGuard works silently in the background at the file system level, keeping track of remote computers and local processes that are modifying your documents and other files.''

 

So you see why im dissapointed? Their promises about this amazing futeproof protection failed hard, also I swear to you I bet there are like hundreds of different crypotlockers on malwr that is undetected by the latest Hitman pro alert.

Link to post
Share on other sites
Aura

Aura

Posted
Posted

I don't think that HitmanPro.Alert works via signature detection mainly, but behavior detection. When it sense that a process is doing something it's not supposed to, it'll block it (even thought it'll keep on running, but it won't be able to do anything, like encrypting files). Since this concern HitmanPro.Alert and I'm not a spokesperson for the company, I cannot say a lot more about it. However, I notified the Rep. on BleepingComputer and I'm expecting him to comeback to me (or directly in this thread) soon :)

Link to post
Share on other sites
Kyle124

Kyle124

Posted
  • Author
Posted

I don't think that HitmanPro.Alert works via signature detection mainly, but behavior detection. When it sense that a process is doing something it's not supposed to, it'll block it (even thought it'll keep on running, but it won't be able to do anything, like encrypting files). Since this concern HitmanPro.Alert and I'm not a spokesperson for the company, I cannot say a lot more about it. However, I notified the Rep. on BleepingComputer and I'm expecting him to comeback to me (or directly in this thread) soon :)

Yeah lets hope they give us a response.

Link to post
Share on other sites
Victek

Victek

Posted
Posted

Wtf guys... I buy hitmanpro alert only so it will protect me from cyrptolockers and their website advertises 100% crytpolocker protection and says its so much better than mbam anti-exploit with ticks on everything etc. But recently I downloaded a normal cryptolocker and ran it and GUESS WHAT, LOL HITMANPRO ALERT DID NADA. 

 

Would you please state what version and build of HitmanPro Alert you were using?  Can you confirm that the CryptoGuard feature was enabled?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.