Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
HitmanPro 3.7.9 - Build 216 (64-bit) Your license for HitmanPro has expired
Message
<blockquote data-quote="KRMorgan" data-source="post: 206422" data-attributes="member: 23503"><p>Remove Search Protect by Client Connect LTD (Removal Guide) completed Step 4 per <a href="https://plus.google.com/+StelianPilici?prsrc=5" target="_blank">Stelian Pilici</a>, prevented from completing Step 5 of </p><p><a href="http://malwaretips.com/blogs/search-protect-client-connect-ltd-removal/" target="_blank">http://malwaretips.com/blogs/search-protect-client-connect-ltd-removal/</a></p><p></p><p>Error: "HitmanPro 3.7.9 - Build 216 (64-bit) Your license for HitmanPro has expired".</p><p>Analysis: Examine contents of HitmanPro_20140607_0857.log</p><p></p><p>Since a picture is a thousand words, I have uploaded "6-7-2014 2-22-25 AM HitmanPro 3.7.9 - Build 216 Scan results.jpg" and "6-7-2014 8-55-23 AM Your license for HitmanPro has expired.jpg" as a visual aid for you to see there are still malware remnants that must be removed by HitmanPro but can't because of this license issue. I am not qualified to manually remove these 6 files consisting of Trovigo, Claro, FLV Player as they are embedded into the preferences and registries by Search Protect by Client Connect LTD. It would be more effective, efficient and less prone to harmful OS risk in doing so using malware removal tool.</p><p></p><p>Please advise or have Stelian Pilici advise on next steps as follow-up to his above blog link as he had cordially invited people "If you are still experiencing problems while trying to remove Search Protect by Client Connect Ltd hijacker from your machine, please start a new thread in our <strong><a href="http://malwaretips.com/forums/malware-removal-assistance.10/" target="_blank">Malware Removal Assistance</a></strong>forum." </p><p></p><p>I have done so and that is pretty much about as I can trouble shoot without received further instructions from Stelian. If I have to wait to next week to hear back from him, I am sure my computer has been disinfected to the point where a rogue root trojan virus propagated by Client Connect is unlikely to happen since steps 1 -4 were done. However, it looks as if according to the attached logs there may have been some other programs also affected such as C++ and therefore it's functionality may be impaired.</p><p></p><p>Suspicious files ____________________________________________________________</p><p></p><p> C:\Users\Kevin Morgan\Google Drive\My Briefcase\Purchases\Hewlett Packard\hpdeskjet 5650\0900a5a2802e946d\5600\program files\Hewlett-Packard\hp deskjet assistant\bin\hpvcrt.dll</p><p> Size . . . . . . . : 295,000 bytes</p><p> Age . . . . . . . : 307.0 days (2013-08-04 02:32:35)</p><p> Entropy . . . . . : 6.3</p><p> SHA-256 . . . . . : 748337100E34FC13222785FCE37C4C3E39FFFEB1130A7D5491188152387E5153</p><p> Product . . . . . : Microsoft (R) Visual C++</p><p> Publisher . . . . : Microsoft Corporation</p><p> Description . . . : Microsoft (R) C Runtime Library</p><p> Version . . . . . : 6.10.8637.0</p><p> Copyright . . . . : Copyright (C) Microsoft Corp. 1981-1999</p><p> RSA Key Size . . . : 512</p><p> Authenticode . . . : Invalid</p><p> Fuzzy . . . . . . : 41.0</p><p> Program is code signed with a weak certificate. This is common to malware.</p><p> Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.</p><p></p><p> C:\Windows\system32\drivers\kl1.sys</p><p> Size . . . . . . . : 7,717,984 bytes</p><p> Age . . . . . . . : 107.6 days (2014-02-19 11:13:22)</p><p> Entropy . . . . . : 0.6</p><p> SHA-256 . . . . . : 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68</p><p> Product . . . . . : Kaspersky Anti-Virus</p><p> Publisher . . . . : Kaspersky Lab ZAO</p><p> Description . . . : Kaspersky Unified Driver</p><p> Version . . . . . : 6.8.0.26</p><p> Copyright . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved.</p><p> Fuzzy . . . . . . : 42.0</p><p> The file is hidden from Windows API. This is typical for malware.</p><p> The file is completely hidden from view and most antivirus products. It may belong to a rootkit.</p><p> The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.</p><p> The file is a device driver. Device drivers run as trusted (highly privileged) code.</p><p></p><p> C:\Windows\system32\drivers\klif.sys</p><p> Size . . . . . . . : 489,568 bytes</p><p> Age . . . . . . . : 107.6 days (2014-02-19 11:13:21)</p><p> Entropy . . . . . : 6.5</p><p> SHA-256 . . . . . : E1323898883DD83C1F209460BB9781A4AE023DB2CA4B44A0C19B1E6F4ABDCD87</p><p> Product . . . . . : Kaspersky™ Anti-Virus ®</p><p> Publisher . . . . : Kaspersky Lab ZAO</p><p> Description . . . : Klif Mini-Filter [fre_wlh_x64_sdk]</p><p> Version . . . . . : 8.11.0.703</p><p> Copyright . . . . : Copyright © Kaspersky Lab ZAO 1996-2013.</p><p> Fuzzy . . . . . . : 42.0</p><p> The file is hidden from Windows API. This is typical for malware.</p><p> The file is completely hidden from view and most antivirus products. It may belong to a rootkit.</p><p> The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.</p><p> The file is a device driver. Device drivers run as trusted (highly privileged) code.</p><p></p><p></p><p>Potential Unwanted Programs _________________________________________________</p><p></p><p> homepage</p><p> C:\Users\Kevin Morgan\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p></p><p> HKLM\SOFTWARE\Classes\c\ (Claro)</p><p> HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)</p><p> HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)</p><p> HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)</p><p> HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)</p><p></p><p></p><p>Thank you Clint Eastwood TwinHeadedEagle!</p><p></p><p>Kevin Morgan</p></blockquote><p></p>
[QUOTE="KRMorgan, post: 206422, member: 23503"] Remove Search Protect by Client Connect LTD (Removal Guide) completed Step 4 per [URL='https://plus.google.com/+StelianPilici?prsrc=5']Stelian Pilici[/URL], prevented from completing Step 5 of [url]http://malwaretips.com/blogs/search-protect-client-connect-ltd-removal/[/url] Error: "HitmanPro 3.7.9 - Build 216 (64-bit) Your license for HitmanPro has expired". Analysis: Examine contents of HitmanPro_20140607_0857.log Since a picture is a thousand words, I have uploaded "6-7-2014 2-22-25 AM HitmanPro 3.7.9 - Build 216 Scan results.jpg" and "6-7-2014 8-55-23 AM Your license for HitmanPro has expired.jpg" as a visual aid for you to see there are still malware remnants that must be removed by HitmanPro but can't because of this license issue. I am not qualified to manually remove these 6 files consisting of Trovigo, Claro, FLV Player as they are embedded into the preferences and registries by Search Protect by Client Connect LTD. It would be more effective, efficient and less prone to harmful OS risk in doing so using malware removal tool. Please advise or have Stelian Pilici advise on next steps as follow-up to his above blog link as he had cordially invited people "If you are still experiencing problems while trying to remove Search Protect by Client Connect Ltd hijacker from your machine, please start a new thread in our [B][URL='http://malwaretips.com/forums/malware-removal-assistance.10/']Malware Removal Assistance[/URL][/B]forum." I have done so and that is pretty much about as I can trouble shoot without received further instructions from Stelian. If I have to wait to next week to hear back from him, I am sure my computer has been disinfected to the point where a rogue root trojan virus propagated by Client Connect is unlikely to happen since steps 1 -4 were done. However, it looks as if according to the attached logs there may have been some other programs also affected such as C++ and therefore it's functionality may be impaired. Suspicious files ____________________________________________________________ C:\Users\Kevin Morgan\Google Drive\My Briefcase\Purchases\Hewlett Packard\hpdeskjet 5650\0900a5a2802e946d\5600\program files\Hewlett-Packard\hp deskjet assistant\bin\hpvcrt.dll Size . . . . . . . : 295,000 bytes Age . . . . . . . : 307.0 days (2013-08-04 02:32:35) Entropy . . . . . : 6.3 SHA-256 . . . . . : 748337100E34FC13222785FCE37C4C3E39FFFEB1130A7D5491188152387E5153 Product . . . . . : Microsoft (R) Visual C++ Publisher . . . . : Microsoft Corporation Description . . . : Microsoft (R) C Runtime Library Version . . . . . : 6.10.8637.0 Copyright . . . . : Copyright (C) Microsoft Corp. 1981-1999 RSA Key Size . . . : 512 Authenticode . . . : Invalid Fuzzy . . . . . . : 41.0 Program is code signed with a weak certificate. This is common to malware. Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. C:\Windows\system32\drivers\kl1.sys Size . . . . . . . : 7,717,984 bytes Age . . . . . . . : 107.6 days (2014-02-19 11:13:22) Entropy . . . . . : 0.6 SHA-256 . . . . . : 025F7E1E979DC8C4794FC7D3581D6BCF6E0F6DC327C6FCB925B6A8EDBE999A68 Product . . . . . : Kaspersky Anti-Virus Publisher . . . . : Kaspersky Lab ZAO Description . . . : Kaspersky Unified Driver Version . . . . . : 6.8.0.26 Copyright . . . . : © 2013 Kaspersky Lab ZAO. All Rights Reserved. Fuzzy . . . . . . : 42.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. C:\Windows\system32\drivers\klif.sys Size . . . . . . . : 489,568 bytes Age . . . . . . . : 107.6 days (2014-02-19 11:13:21) Entropy . . . . . : 6.5 SHA-256 . . . . . : E1323898883DD83C1F209460BB9781A4AE023DB2CA4B44A0C19B1E6F4ABDCD87 Product . . . . . : Kaspersky™ Anti-Virus ® Publisher . . . . : Kaspersky Lab ZAO Description . . . : Klif Mini-Filter [fre_wlh_x64_sdk] Version . . . . . : 8.11.0.703 Copyright . . . . : Copyright © Kaspersky Lab ZAO 1996-2013. Fuzzy . . . . . . : 42.0 The file is hidden from Windows API. This is typical for malware. The file is completely hidden from view and most antivirus products. It may belong to a rootkit. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. The file is a device driver. Device drivers run as trusted (highly privileged) code. Potential Unwanted Programs _________________________________________________ homepage C:\Users\Kevin Morgan\AppData\Local\Google\Chrome\User Data\Default\Preferences HKLM\SOFTWARE\Classes\c\ (Claro) HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) Thank you Clint Eastwood TwinHeadedEagle! Kevin Morgan [/QUOTE]
Insert quotes…
Verification
Post reply
Top