HitmanPro.Alert - False Positive Detections during Online Banking- FP, or the real thing?

[soccer97]

Hey Guys,

I would greatly appreciate some help here:
Program: HitmanPro.Alert v3.0.41 build 187. It intercepted an attack in the latest version of Firefox (38.0.5) about 30 minutes ago, Flash player is up to date, no Java, etc.- I got a detection during the worst possible time. I was doing online banking with Both Checking, Savings and a Credit Card account open in the browser. (The detection pop-up occurred when I think I was clicking on a page on my banks website).

HitManPro scan came up clean this time. I am a bit concerned about ESET. I will be doing a scan w/ it and MBAM free.

Is anyone experiencing a lot of DEP attacks in FIrefox?

I am using WIndows 7 64-bit SP1 up-to-date
ESS 8
MBAM Free
HitmanPro.Alert.

The code it provided was written in hex. I took a screenshot, and copied/pasted the text it displayed.

I am looking for advice: was it a FP? How can I tell? What do I need to do Now?

Thank you!!!

 

[hjlbx]

If you are paid customer, then open SurfRight support ticket...

Very difficult to say if false positive or not.

 

[jamescv7]

An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.

 

[soccer97]

An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.

I do use AdBlockPlus( and update filters several days/week) and NoScript (usually use NoScript). The problem is that no dump file/crash can be created as long as HitmanPro.Alert is installed. I even tried running a debug build w/ WinDebug. HitmanPro.Alert injects a .cll in the browser. It prevents symbols from being downloaded and thus you can't create a dump (needed for reproduction, POC, patch, etc). I am creating a support ticket. I have at least 8 of these in the past 7 weeks. Either they are FP, or that's not good.

Thanks for the advice. I copied/ pasted all the text files I saved it in and am going to send it today.

 

[soccer97]

An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.

I submitted an email request (they use ZenDesk).

Just got another detection. I guess it will take a while, there's not much tech support info just emailed them.