HitmanPro.Alert - False Positive Detections during Online Banking- FP, or the real thing?

Status
Not open for further replies.
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
Hey Guys,

I would greatly appreciate some help here:
Program: HitmanPro.Alert v3.0.41 build 187. It intercepted an attack in the latest version of Firefox (38.0.5) about 30 minutes ago, Flash player is up to date, no Java, etc.- I got a detection during the worst possible time. I was doing online banking with Both Checking, Savings and a Credit Card account open in the browser. (The detection pop-up occurred when I think I was clicking on a page on my banks website).

HitManPro scan came up clean this time. I am a bit concerned about ESET. I will be doing a scan w/ it and MBAM free.

Is anyone experiencing a lot of DEP attacks in FIrefox?

I am using WIndows 7 64-bit SP1 up-to-date
ESS 8
MBAM Free
HitmanPro.Alert.

The code it provided was written in hex. I took a screenshot, and copied/pasted the text it displayed.

I am looking for advice: was it a FP? How can I tell? What do I need to do Now?

Thank you!!!
 
H

hjlbx

If you are paid customer, then open SurfRight support ticket...

Very difficult to say if false positive or not.
 
  • Like
Reactions: Ink
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.
 
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
jamescv7 said:
An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.
Click to expand...


I do use AdBlockPlus( and update filters several days/week) and NoScript (usually use NoScript). The problem is that no dump file/crash can be created as long as HitmanPro.Alert is installed. I even tried running a debug build w/ WinDebug. HitmanPro.Alert injects a .cll in the browser. It prevents symbols from being downloaded and thus you can't create a dump (needed for reproduction, POC, patch, etc). I am creating a support ticket. I have at least 8 of these in the past 7 weeks. Either they are FP, or that's not good.

Thanks for the advice. I copied/ pasted all the text files I saved it in and am going to send it today.
 
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
jamescv7 said:
An attack via exploit cannot be easily proven in a FP/erroneous, so likely the website you visit may something running suspicious on that time even though a legitimate site. So better ask from SurfRight developers which they will closely analyze the hidden Hex code.

Possible attacks, advertisement which may contain exploits that attacks invisible.

Another comparison test is try using NoScript and check if that scenario may pop up a blocked notification for verification.
Click to expand...

I submitted an email request (they use ZenDesk).

Just got another detection. I guess it will take a while, there's not much tech support info just emailed them.
 
Status
Not open for further replies.

Similar threads

Holly’s_WRLD999
Risk of Scam and online fraudulent online store
Replies
1
Views
159
Mobile Malware Removal Help & Support
Bot
Bot
partha_roy
    • Like
Serious Discussion K7 technologies may have improved with the MAT version or some other upgrades. Your thoughts?
Replies
2
Views
519
Other security for Windows, Mac, Linux
partha_roy
partha_roy
sheffieldyorky
    • Like
  • Locked
I thought that the end of the "alphabet" was "X Y Z" now I have found out otherwise please help
Replies
13
Views
615
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top