HitmanPro.Alert deleted on my system by ESET. Anybody else had that happen?

[conceptualclarity]

On my last to next boot HitmanPro.Alert notified me of an update that would be installed on the next system boot. When I rebooted ESET quarantined http://post.securestudies.com/packages/VR/PackageV.exe. ESET is calling that "Win32/Adware.MarketScore.A. application".

I noticed HitmanPro.Alert wasn't running like it should be. I checked and found its Start Menu shortcut is broken, and its Program Files folder is empty.





Computer: DELL Dimension 2400
CPU: Intel Pentium 4-2667 (Northwood, D1)
2666 MHz (20.00x133.3) @ 2658 MHz (20.00x132.9)
Motherboard: DELL 0G1548
Chipset: Intel 845GEV (Brookdale-GEV) + ICH4
Memory: 2048 MBytes @ 166 MHz, 2.5-3-3-7
- 1024 MB PC3200 DDR-SDRAM - Kingston K
- 1024 MB PC3200 DDR-SDRAM - Kingston K
Graphics: Intel 82845G/GL/GV Graphics Controller [DELL]
Intel i845G(L) Integrated, 64 MB
Drive: WL120GPA872, 117.2 GB, E-IDE (ATA-7)
Drive: HGST HTS545050A7E380, 488.4 GB, Serial ATA 3Gb/s <-> USB
Drive: SAMSUNG CD-R/RW SW-252S, CD-R Writer
Sound: Creative Technology SB Live! Series Audio Processor
Network: RealTek Semiconductor RTL8139 PCI Fast Ethernet NIC [A/B/C]
Network: Broadcom 4401 10/100 Integrated Controller
OS: Microsoft Windows XP Home Edition Build 2600
Antivirus: ESET Smart Security 9.0.375.0
Firewall: ESET Smart Security 9.0.375.0
Default Browser: Maxthon

 

[_CyberGhosT_]

Very interesting,
never herd of this happening, some of the HMPA heavy users may be able to help you better than I,
but in the meantime post this on the ESET support forums so that your experience may save others a huge headache,
as well as giving the ESET Dev's a "heads up".
PeAcE

 

[conceptualclarity]

I will indeed go to the ESET forum.

This securestudies.com seems to be associated with marketing surveys but not malware. What the connection is to HPA is not clear to me.

 

[Nightwalker]

I will indeed go to the ESET forum.

This securestudies.com seems to be associated with marketing surveys but not malware. What the connection is to HPA is not clear to me.

Thats the definition of adware, for me it isnt a false positive.

Antivirus scan for 1fb9cb60b11165df3298dee55b59517e3ed15957b820b19b4ca0d8f9f2e20173 at 2016-04-29 01:20:46 UTC - VirusTotal

30/56

 

[_CyberGhosT_]

Maybe something new Sophos has altered or allowed ? weird
May have to inquire over at the HMPA forums or contact support.
If you do conceptualclarity, please let us know what their reply is.
PeAcE

 

[conceptualclarity]

Thats the definition of adware, for me it isnt a false positive.

Antivirus scan for 1fb9cb60b11165df3298dee55b59517e3ed15957b820b19b4ca0d8f9f2e20173 at 2016-04-29 01:20:46 UTC - VirusTotal

30/56

Thanks for doing that scan. From those Virus Total results it appears that Relevant Knowledge is what it's all about. I know about Relevant Knowledge: it's at worst bloatware not malware in my opinion. I'd let it run on my system if I was on a resource-rich computer rather than an old computer. RK tracks your interests for aggregate data, but they make it quite clear what they do before it installs. I completely understand why lots of people would want nothing to do with it.

I'm surprised that HitmanPro would be bundling when they have their premium program to drive revenues.

At any rate, ESET most certainly did not do the right thing by wiping HitmanPro.Alert off my computer, especially not over some bundling issue.

Maybe something new Sophos has altered or allowed ? weird
May have to inquire over at the HMPA forums or contact support.
If you do conceptualclarity, please let us know what their reply is.
PeAcE

Will do, _CyberGhosT_.

 

[Jrs30]

I sent this file to ESET analysis, the result was the same!

Spoiler: Image

 

[chrcoluk]

I run nod32 and HMPA and on one occasion HMPA got uninstalled without me doing it, but it wasnt ESET, it was because I lockdown %temp% and the upgrade installer uses %temp% for upgrades.

 

[chrcoluk]

replied without realising I already replied sorry

 

[JB007]

Thanks for doing that scan. From those Virus Total results it appears that Relevant Knowledge is what it's all about. I know about Relevant Knowledge: it's at worst bloatware not malware in my opinion. I'd let it run on my system if I was on a resource-rich computer rather than an old computer. RK tracks your interests for aggregate data, but they make it quite clear what they do before it installs. I completely understand why lots of people would want nothing to do with it.

I'm surprised that HitmanPro would be bundling when they have their premium program to drive revenues.

At any rate, ESET most certainly did not do the right thing by wiping HitmanPro.Alert off my computer, especially not over some bundling issue.



Will do, _CyberGhosT_.

Hello @conceptualclarity
Did you got an answer from HMPA support ?
Or is this conflict solved with the new upgrades of both ESET and HMPA ?

 

[conceptualclarity]

Hello @conceptualclarity
Did you got an answer from HMPA support ?
Or is this conflict solved with the new upgrades of both ESET and HMPA ?

Actually I got busy and let the issue lie and didn't contact SurfRight. Your comment prompted me to re-install it. This time as soon as I re-installed it, SpyShelter started acting very bitchy, causing all kinds of problems. I contacted SpyShelter support and they told me to put HitmanAlert.Pro in "List of processes which are not monitored by AntiNetwork Spy Module". That hasn't fixed the problem, so I'll probably have to add my browser. I figure I probably won't have any problems between HPA and ESET until an update of the former.

 

[JB007]

Thanks @conceptualclarity
I would like to try ESET Internet Security 10 Beta + HMPA on a laptop, do you think it is a good idea ?

 

[N31R]

Do you still have the detection log from ESET about the adware that was downloaded? You have to check which application initiated the download, ESET should've logged it.
I'd be more suspicious of Maxthon as the culprit rather than HMPA.

 

[conceptualclarity]

Thanks @conceptualclarity
I would like to try ESET Internet Security 10 Beta + HMPA on a laptop, do you think it is a good idea ?

I hope that one of the more knowledgeable MT members will answer you on this. I'm on an old, resource-poor desktop, and I have had ESET for a few months now. My experience has been ESET seems to get along just fine with HMPA the program; it just didn't like the update. Oh, and I have no familiarity with the Beta.

Do you still have the detection log from ESET about the adware that was downloaded? You have to check which application initiated the download, ESET should've logged it.
I'd be more suspicious of Maxthon as the culprit rather than HMPA.

I haven't yet ventured into ESET logs. Thanks for the suggestion. If you can tell me where I go for that I would appreciate it.

I'm still having a lot of trouble getting SpyShelter to play well with HMPA. I think that's worth starting a separate thread.

 

[N31R]

I haven't yet ventured into ESET logs. Thanks for the suggestion. If you can tell me where I go for that I would appreciate it.

I'm still having a lot of trouble getting SpyShelter to play well with HMPA. I think that's worth starting a separate thread.

From Where can I find log files created by my ESET product?
Select the appropriate option from the dropdown menu in the Log files window, it should be under Detected threats or something similar, I don't have Eset installed.

 

[JB007]

I hope that one of the more knowledgeable MT members will answer you on this. I'm on an old, resource-poor desktop, and I have had ESET for a few months now. My experience has been ESET seems to get along just fine with HMPA the program; it just didn't like the update. Oh, and I have no familiarity with the Beta.

Thanks @conceptualclarity
OK I'm waiting for other advices.