- Dec 22, 2015
- 148
Hey there, I tested some Antivirus-Solutions which were running together with HitmanPro.Alert. Have fun! 
Facts to the tests:
Virtualization Software: Oracle VM VirtualBox
Operating System: Windows 10 Pro x64 Anniversary (Version 1607)
Sample-Set: 140 Samples, consisting of ransomware, self-extractors, windows/java script files and some ad-/riskware.
HitmanPro.Alert: Custom Setup - I enabled the BadUSB, which was disabled by default
Testing method: I extracted the malware samples to the desktop on running real time-protection of the antivirus-solution. After detecting and deleting by the anti-virus I scanned it manually by using the context-scan. After checking the detection-ratio I executed the rest of samples for checking the realtime-protection. Finally I scanned the system with HitmanPro and Zemana AntiMalware for checking if there are any rests of malware in the system folders.
BitDefender Antivirus Plus 2016 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 139*/140 - 99,3% (136 d, 2 b, 1 b and d)
HitmanPro.Alert (not detected/blocked by BitDefender): 0
Total blocked (BD + HMP.Alert): 139/140 - 99,3%
HitmanPro + Zemana Scanning Result after Realtime-Check: Clean
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: Yes
Attempts to repair the system: Not needed
Would I recommend it?: Yes, a solid protection and small resource consumption
BitDefender Setup: Custom
Disabled the Security Widget (shown on Desktop)
Disabled the autopilot mode
Enabled Archive Scanning at On-Access
Changed the Action to "Move files to quarantine"
Enabled the Ransomware Protection (why the hell it's disabled on default?)
Dr.Web Antivirus 11 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 112*/140 - 80,0% (110 d, 2 b)
HitmanPro.Alert (not detected/blocked by Dr.Web): 1
Total blocked (Dr.Web + HMP.Alert): 113/140 - 80,7%
HitmanPro + Zemana Scanning Result after executing: Infected (ran in safe mode)
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: No - One of these executed Samples seems to be able to restart my computer without any Block by Dr.Web or HitmanPro.Alert. After restarting the System, my Logon Screen was frozen. So I was unable to login.
Attempts to repair the system:
Tried to fix the Windows MBR by using the Windows Installation disc and command prompt - failed
Tried to clean the system by using HitmanPro and Emsisoft Emergency Kit in Windows Safe Mode - cleaned but was still frozen after restart
Checked the Autorun folder on Windows Registry - no unusual entries
Would I recommend it?: No - It seems to me that Dr.Web's real time protection is not strong enough.
Well, I used Dr.Web + HitmanPro.Alert + HitmanPro + Zemana. Maybe the frozen logon screen after rebooting could also be an compatibility issue. But after installing Dr.Web it also needed a restart of the system and there was everything fine. No issues and no frozen screens. So my feeling is that the frozen login screen came from a malware attack.
Dr.Web Setup: Custom
Enabled the Scanning of installation packages on SplDer Guard
Set the action for all kinds of threats to "Delete"
Emsisoft Anti-Malware 11 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 137*/140 - 97,9% (136 d, 1 b and d)
HitmanPro.Alert (not detected/blocked by Emsisoft): 1
Total blocked (EAM + HMP.Alert): 138/140 - 98,6%
HitmanPro + Zemana Scanning Result after executing: Clean System folders. Zemana detected 1 Sample in Samples folder by Heuristics. But maybe it's a false positive (0 detections on Virustotal)
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: Yes
Attempts to repair the system: Not needed
Would I recommend it?: Yes, a solid protection and small resource consumption
Emsisoft Setup: Custom
Enabled Detection of PUP
Changed the action for Privacy risks to "Block and notify"
Changed the action for PUP detections to "Quarantine with notification"
*1 file seems to be a false positive or for an older version of ms word (.rtf-file)
d=deleted, b=blocked
Facts to the tests:
Virtualization Software: Oracle VM VirtualBox
Operating System: Windows 10 Pro x64 Anniversary (Version 1607)
Sample-Set: 140 Samples, consisting of ransomware, self-extractors, windows/java script files and some ad-/riskware.
HitmanPro.Alert: Custom Setup - I enabled the BadUSB, which was disabled by default
Testing method: I extracted the malware samples to the desktop on running real time-protection of the antivirus-solution. After detecting and deleting by the anti-virus I scanned it manually by using the context-scan. After checking the detection-ratio I executed the rest of samples for checking the realtime-protection. Finally I scanned the system with HitmanPro and Zemana AntiMalware for checking if there are any rests of malware in the system folders.
BitDefender Antivirus Plus 2016 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 139*/140 - 99,3% (136 d, 2 b, 1 b and d)
HitmanPro.Alert (not detected/blocked by BitDefender): 0
Total blocked (BD + HMP.Alert): 139/140 - 99,3%
HitmanPro + Zemana Scanning Result after Realtime-Check: Clean
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: Yes
Attempts to repair the system: Not needed
Would I recommend it?: Yes, a solid protection and small resource consumption
BitDefender Setup: Custom
Disabled the Security Widget (shown on Desktop)
Disabled the autopilot mode
Enabled Archive Scanning at On-Access
Changed the Action to "Move files to quarantine"
Enabled the Ransomware Protection (why the hell it's disabled on default?)
Dr.Web Antivirus 11 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 112*/140 - 80,0% (110 d, 2 b)
HitmanPro.Alert (not detected/blocked by Dr.Web): 1
Total blocked (Dr.Web + HMP.Alert): 113/140 - 80,7%
HitmanPro + Zemana Scanning Result after executing: Infected (ran in safe mode)
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: No - One of these executed Samples seems to be able to restart my computer without any Block by Dr.Web or HitmanPro.Alert. After restarting the System, my Logon Screen was frozen. So I was unable to login.
Attempts to repair the system:
Tried to fix the Windows MBR by using the Windows Installation disc and command prompt - failed
Tried to clean the system by using HitmanPro and Emsisoft Emergency Kit in Windows Safe Mode - cleaned but was still frozen after restart
Checked the Autorun folder on Windows Registry - no unusual entries
Would I recommend it?: No - It seems to me that Dr.Web's real time protection is not strong enough.
Well, I used Dr.Web + HitmanPro.Alert + HitmanPro + Zemana. Maybe the frozen logon screen after rebooting could also be an compatibility issue. But after installing Dr.Web it also needed a restart of the system and there was everything fine. No issues and no frozen screens. So my feeling is that the frozen login screen came from a malware attack.
Dr.Web Setup: Custom
Enabled the Scanning of installation packages on SplDer Guard
Set the action for all kinds of threats to "Delete"
Emsisoft Anti-Malware 11 + HMP.Alert
Detection Ratio (On-Demand and On-Access): 137*/140 - 97,9% (136 d, 1 b and d)
HitmanPro.Alert (not detected/blocked by Emsisoft): 1
Total blocked (EAM + HMP.Alert): 138/140 - 98,6%
HitmanPro + Zemana Scanning Result after executing: Clean System folders. Zemana detected 1 Sample in Samples folder by Heuristics. But maybe it's a false positive (0 detections on Virustotal)
Any picture, text or excel document infected/encrypted: No
Was the system usable after testing (reboot)?: Yes
Attempts to repair the system: Not needed
Would I recommend it?: Yes, a solid protection and small resource consumption
Emsisoft Setup: Custom
Enabled Detection of PUP
Changed the action for Privacy risks to "Block and notify"
Changed the action for PUP detections to "Quarantine with notification"
*1 file seems to be a false positive or for an older version of ms word (.rtf-file)
d=deleted, b=blocked
Last edited:
