Haskell Platform 8.2.2 - virus?
lonetiger at gmail.com
lonetiger at gmail.com
Thu Dec 28 23:09:55 UTC 2017
We have fixed this though, GHC 8.4 shouldn’t have this problem specifically.
The issue is that hitman pro is injecting itself into every process by throwing a signal,
Prior to 8.4 we were pretty aggressive in how we treated first chance exceptions. We’ve now relaxed this.
That said I find the behavior of HitmanPro to be quite intrusive and I wouldn’t trust anything injecting code
Into my address space.
Fyi, this is what it caused:
ExceptionAddress: 00007ffcc2b368ce (ntdll!RtlVirtualUnwind+0x000000000000001e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000046710f6
Attempt to read from address 00000000046710f6
0:000> lmvm hmpalert
Browse full module list
start end module name
00007ffc`ba4b0000 00007ffc`ba595000 hmpalert (export symbols) hmpalert.dll
Loaded symbol image file: hmpalert.dll
Image path: C:\Windows\System32\hmpalert.dll
Image name: hmpalert.dll
Browse all global symbols functions data
Timestamp: Mon Jul 17 15:53:17 2017 (596CCF5D)
CheckSum: 000F490C
ImageSize: 000E5000
File version: 3.6.8.604
Product version: 3.6.8.604
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0400.04b0
CompanyName: SurfRight B.V.
ProductName: HitmanPro.Alert
InternalName: hmpalert.dll
OriginalFilename: hmpalert_x64.dll
ProductVersion: 3.6.8.604
FileVersion: 3.6.8.604
FileDescription: HitmanPro.Alert 64-bit Support Library
LegalCopyright: © 2013-2017 SurfRight, a Sophos company
Comments: Incorporates Threatstar Exploit Mitigation Platform (EMP)
From: Gershom B
Sent: Thursday, December 28, 2017 22:24
To: ghc-devs at haskell.org Devs
Subject: RE: Haskell Platform 8.2.2 - virus?
Note that HitmanPro has caused plenty of problems with GHC in the
past, and should be avoided by Haskell devs:
https://www.reddit.com/r/haskell/comments/77from/gettting_segmentation_fault_on_stackcabal_any/
https://github.com/commercialhaskell/intero/issues/436
_______________________________________________
ghc-devs mailing list
ghc-devs at haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20171228/2299ec1e/attachment.html>
More information about the ghc-devs
mailing list