HitmanPro (SOLVED)

spud17

Have I missed something?

Just used HitmanPro on a friends infected PC and there is no longer a 30 day licence available. I can't remember seeing this mentioned anywhere.

Any techies that have used it recently care to comment?

dogmaryxx

http://www.surfright.nl/en/support/#en-hmp-freetrial

GunJack

more than likely, he's used it before on that pc and therefore it's time-expired. This happens even if you've uninstalled/deleted it and re-downloaded it again

It seems to work similar to a windows license, with some code generated from the pc so (I assume) surfright can determine if it's been on that pc for over 30 days...

spud17

I think I've found the reason, I've had time to read all the pages without someone breathing down my neck saying "why are you doing that?"

It's because the PC is part of a domain,

The computer is member of a business domain
As stated in the End User License Agreement (EULA) of Hitman Pro, the one-time free license may only be used by home users. To aid the license terms we have added technology to detect whether or not the computer is a member of a business domain. This means that when the computer is part of a domain, the one-time free license is not available.

For the interested, :cool: AVG SBS kept detecting 'Gen redir', Malwarebytes didn't detect anything.
The browser was not actually being redirected.
Don't if it was the right thing but I shredded the 3 files HitmanPro found, deleted, then re-enabled the System Restore points.

Did some restarts and spent 30 mins Googling for the .dlls I'd found, and nothing out of the ordinary occurred.


All because he looked at the John Lewis and Debenhams sites.


Edit. GunJack, I was aware of that, he's terrified of the pc, no one but me would have put anything on there.
BTW although it's technically a work machine he has full permission for personal use.

GunJack

hanx for posting the solution mate, in some ways it's good to know that these things actually work the way it was intended and it isn't actually a c*ck-up:)

spud17

Cheers GJ, any thoughts on the actual infection?

I think/hope the AVG was stopping it getting hold.

Generic redir/ bottom_player_truck [1] js, was the infection, (you try Googling for 'bottom_player'). :rotfl:

Found the above in xxx\local settings\temporary internet files\Content IE

Also a dodgy/only file called 'unipadplay.dll' in xxx\local settings\application data\desktopweb90

GunJack

Nope, new one on me, not seen anything even close to that.....

..and (much to my disappointment ) google only brought up this thread

spud17

I'm half suspecting a false positive, or otherwise it creates random names for itself.
The only vague connection to desktopweb90 was in connection with Webroot, which has never been near the machine.

GunJack

well, it was AVG, which does normally score high for false positives, so you could be on the right lines there

spud17

It's a paid for business version of AVG, Small Business System, which is now superseded.
I've told him to get on to his company after the break and tell them it needs sorting.
To me the .js implied JavaScript, hence browser, but he's only been to John Lewis and Debenhams sites, so I thought there could be a small bit of code it was objecting to.

John_Gray

Although you probably wouldn't be allowed to do this, you could remove the PC from the domain to a workgroup, try to run HitMan Pro, then join the PC back to the domain again. You need domain Administrator-type privileges and also local Administrator privileges!

although it's technically a work machine he has full permission for personal use.

This may not continue if he gets viruses on it...!