Gå til innhold
🎄🎅❄️God Jul og Godt Nyttår fra alle oss i Diskusjon.no ×

Hitman Pro - jeg trenger veiledning


Anbefalte innlegg

Skaffet meg like godt Hitman Pro. Litt på måfå at valget falt på den. Tenkte å prøve det ut.

 

Anti-malware programmet Hitman Pro fant ingen farlige ting.

Derimot fant det heller litt suspekte ting på systemet.

 

1. Først forsøkte jeg å slette folder:

/user/pc-navn/AppData

 

1.b For å få tilgang til folderen AppData måtte jeg gjøre den unhidden på systemet.

 

2. Gikk så inn i folderen Google, og ut igjen. Tenkte at den kan jeg forsøke å slette totalt.

 

2.b Før jeg startet med det, så avinstallert jeg Google Chrome, som forøvrig bokmerkene var begynt smått å feile litt på oppretting av foldere. Så dette hadde jeg uansett tenkt å prøve utføre før reinstallasjon.

 

2.c Først slettet jeg den totalt med Shift-Del som Windows 7 ikke sa noe på. Jeg fikk lov. Og folderen gjenoppstod ikke fra de døde heller.

 

3. Hvorpå jeg ETTERPÅ kjører Hitman Pro igjen for ordens skyld. Nå rapporterer den nøyaktig samme filer som i begynnelsen. Som i spoileren under:

 

 

 

 

HitmanPro 3.7.3.193
www.hitmanpro.com
  Computer name . . . . : n/a
  Windows . . . . . . . : 6.1.1.7601.X64/2
  User name . . . . . . : n/a..........................\VMadmin
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Paid
  Scan date . . . . . . : 2013-04-08 17:37:58
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 21s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No
  Threats . . . . . . . : 0
  Traces  . . . . . . . : 13
  Objects scanned . . . : n/a
  Files scanned . . . . : n/a
  Remnants scanned  . . : n/a files / n/a keys
Miniport ____________________________________________________________________
  Primary
  DriverObject . . . : FFFFFA8007115980
  DriverName . . . . : \Driver\atapi
  DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
  StartIo  . . . . . : 0000000000000000 +0
  IRP_MJ_SCSI  . . . : FFFFFA80066E32C0 +0
  Solution
  DriverObject . . . : FFFFFA8007115980
  DriverName . . . . : \Driver\atapi
  DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
  StartIo  . . . . . : 0000000000000000 +0
  IRP_MJ_SCSI  . . . : FFFFF88000C074D8 \SystemRoot\system32\drivers\ataport.SYS+29912
Suspicious files ____________________________________________________________
  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\ffmpegsumo.dll
  Size . . . . . . . : 1,552,848 bytes
  Age  . . . . . . . : 31.4 days (2013-03-08 08:49:45)
  Entropy  . . . . . : 6.9
  SHA-256  . . . . . : 2194B00DD9803709EA9EE39D30067DDA361ACFF93779FB1650F99C7DE4D8D238
  Fuzzy  . . . . . . : 26.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\pdf.dll
  Size . . . . . . . : 4,050,896 bytes
  Age  . . . . . . . : 31.4 days (2013-03-08 08:49:45)
  Entropy  . . . . . : 7.1
  SHA-256  . . . . . : B1EFDB3134079EA842A23A0A5B0EF011577485EB0DB054B4B0F9643D0D8F7D06
  Product  . . . . . : Chrome PDF Viewer
  Description  . . . : Chrome PDF Viewer
  Version  . . . . . : 1.0.0.1
  Copyright  . . . . : Copyright (C) 2010
  Fuzzy  . . . . . . : 25.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
	 Authors name is missing in version info. This is not common to most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\PepperFlash\pepflashplayer.dll
  Size . . . . . . . : 12,637,136 bytes
  Age  . . . . . . . : 31.4 days (2013-03-08 08:49:45)
  Entropy  . . . . . : 7.0
  SHA-256  . . . . . : 80FB1DEF56C69933FA126476973B949E57ED85B8308C5B3D91F31CBABE999935
  Fuzzy  . . . . . . : 28.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.160\ppgooglenaclpluginchrome.dll
  Size . . . . . . . : 459,728 bytes
  Age  . . . . . . . : 31.4 days (2013-03-08 08:49:46)
  Entropy  . . . . . : 6.8
  SHA-256  . . . . . : C86EF0DECA958C67536BE4E3C22396FB30EFFEF1DD65A7CC50941E58F224B434
  Fuzzy  . . . . . . : 26.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
  Size . . . . . . . : 1,552,848 bytes
  Age  . . . . . . . : 25.7 days (2013-03-14 00:28:03)
  Entropy  . . . . . : 6.9
  SHA-256  . . . . . : 79EA7920A3AEA4853B7385D58E2325C21A9ACE548F6CD4416710AFC9C7126E70
  Fuzzy  . . . . . . : 26.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
  Size . . . . . . . : 4,050,896 bytes
  Age  . . . . . . . : 25.7 days (2013-03-14 00:28:03)
  Entropy  . . . . . : 7.1
  SHA-256  . . . . . : 68F84D32563AC9E2DF1F82E159A037E33FA311C74C4CA935A15A53796B06DBFC
  Product  . . . . . : Chrome PDF Viewer
  Description  . . . : Chrome PDF Viewer
  Version  . . . . . : 1.0.0.1
  Copyright  . . . . : Copyright (C) 2010
  Fuzzy  . . . . . . : 25.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
	 Authors name is missing in version info. This is not common to most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
  Size . . . . . . . : 12,662,224 bytes
  Age  . . . . . . . : 25.7 days (2013-03-14 00:28:03)
  Entropy  . . . . . : 7.0
  SHA-256  . . . . . : C960FB4C1C650EE3AC917EB67750C8E8942D0D681F88E54B0CA1DE1F2D1E1CBC
  Fuzzy  . . . . . . : 28.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
  Size . . . . . . . : 459,728 bytes
  Age  . . . . . . . : 25.7 days (2013-03-14 00:28:03)
  Entropy  . . . . . : 6.8
  SHA-256  . . . . . : 57DDF30598073E258719F089043740DE89586B8CD779608C8463249F25CD1C5E
  Fuzzy  . . . . . . : 26.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\Application\wow_helper.exe
  Size . . . . . . . : 72,688 bytes
  Age  . . . . . . . : 341.5 days (2012-05-02 05:55:11)
  Entropy  . . . . . : 6.2
  SHA-256  . . . . . : F89E1F68C2D037A997F516AF922C1DB48D7551BAFA7AA0FDD8765AF49BB09376
  Fuzzy  . . . . . . : 26.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
  Size . . . . . . . : 12,638,576 bytes
  Age  . . . . . . . : 47.0 days (2013-02-20 18:22:41)
  Entropy  . . . . . : 7.0
  SHA-256  . . . . . : 070516225F725DC42553574ADA44725B1FD0150BE8C0CD7877BFC30544D92362
  Fuzzy  . . . . . . : 28.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Authors name is missing in version info. This is not common to most programs.
	 Version control is missing. This file is probably created by an individual. This is not typical for most programs.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
  Size . . . . . . . : 774,424 bytes
  Age  . . . . . . . : 47.0 days (2013-02-20 18:21:56)
  Entropy  . . . . . : 7.9
  SHA-256  . . . . . : 22C42F37CFAEB43244B0ABDA81754B527388F925BFD91705BBDE8E1D53D49276
  Product  . . . . . : Google Update
  Publisher  . . . . : Google Inc.
  Description  . . . : Google Update Setup
  Version  . . . . . : 1.3.21.135
  Copyright  . . . . : Copyright 2007-2010 Google Inc.
  Fuzzy  . . . . . . : 28.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe
  Size . . . . . . . : 774,424 bytes
  Age  . . . . . . . : 47.0 days (2013-02-20 18:19:46)
  Entropy  . . . . . : 7.9
  SHA-256  . . . . . : 22C42F37CFAEB43244B0ABDA81754B527388F925BFD91705BBDE8E1D53D49276
  Product  . . . . . : Google Update
  Publisher  . . . . : Google Inc.
  Description  . . . : Google Update Setup
  Version  . . . . . : 1.3.21.135
  Copyright  . . . . : Copyright 2007-2010 Google Inc.
  Fuzzy  . . . . . . : 28.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

  C:\Users\VMadmin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.160_chrome_updater.exe
  Size . . . . . . . : 5,051,744 bytes
  Age  . . . . . . . : 25.7 days (2013-03-14 00:27:52)
  Entropy  . . . . . : 8.0
  SHA-256  . . . . . : 7D279326949F5904605344DC38BE1E9D530214AE4B2819B3BFAB1112AEB282EE
  Product  . . . . . : Google Chrome
  Publisher  . . . . : Google Inc.
  Description  . . . : Google Chrome
  Version  . . . . . : 25.0.1364.172
  Copyright  . . . . : Copyright 2012 Google Inc. All rights reserved.
  Fuzzy  . . . . . . : 23.0
	 The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
	 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

 

 

 

 

4. Jeg valgte å skaffe:

 

CCleaner (crap-cleaner) free

 

Kjørte den. Foretok en registeropprenskning. Det ga ingen forskjell på tredje skann med Hitman Pro i etterkant.

 

5. Så lot jeg CCleaner rydde alt den kunne rydde i systemet.

 

Resultat av det ble at listen av suspekte i Hitman Pro skann bare vokste seg større.

 

NÅ LURER JEG PÅ:

Hvordan arbeider Hitman Pro? Hvorfor vokser listen?

 

LURER OGSÅ PÅ:

Hva jeg kan gjøre i Hitman Pro som gjør at den ikke finner disse suspekte filene igjen. For det må vel gå an å rydde det fra systemet slik at Hitman Pro ikke finner disse restene?

 

For hvis ikke det går an å rydde det vekk, så vil jo Hitman Pro bare vokse og vokse i hva den måtte finne på systemet mitt! Det er jo heller ikke hyggelig.

 

Er Hitman Pro et seriøst og ordentlig programvare?

 

Hva kan jeg nå gjøre for å jobbe videre?

Endret av G
Lenke til kommentar
Videoannonse
Annonse

Det hører også til historien. AT JEG FORSØKTE bruke Hitman Pro sin innebyggede løsning for å fjerne disse suspekte filene.

 

MEN, det klarte den ikke selv om den ba om å få foreta en reboot!

 

Under reboot kom det # 13 først gang med "fail".

 

Neste forsøk med reboot ga # 14 med "fail".

 

for så å gå inn i Windows som normalt.

Endret av G
Lenke til kommentar

Her har vi et typisk eksempel av en bruker som ikke har peiling og går amok med et antivirus-program.

 

Kjære bruker: HitmanPro lister opp totalt legale filer fra GoogleChrome. Ingen grunn til panik, ingen grunn til å slette.

 

Suspekt betyr absolut ikke malware.

Lenke til kommentar

Men det er såkalte Remnants. Altså kunne jeg ønske å bli kvitt disse for framtidige søk.

 

Ønskelig er:

 

1. Bli kvitt dem fra systemet

2. Reinstallere Google Chrome

 

Og, ja det er sikkert bare varsler, og lite fare bak dem.

 

Men, skal jeg fortsette å måtte bla i den listen for å finne framtidig ekte malware da? Det er idiotisk å ikke få til å rydde det vekk jo før jo heller, når det ikke er i bruk på systemet mitt.

 

Og hva betyr det at du kaller meg: "en bruker som ikke har peiling og går amok med et antivirus-program" ?

 

At jeg har mindre peiling enn andre har jo ingen som helst betydning her. For jeg spør etter hjelp. Og DU feiler med å hjelpe. Så enkelt er det!

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...