Haskell Platform 8.2.2 - virus?

lonetiger at gmail.com lonetiger at gmail.com
Thu Dec 28 23:09:55 UTC 2017

We have fixed this though, GHC 8.4 shouldn’t have this problem specifically. 

The issue is that hitman pro is injecting itself into every process by throwing a signal,
Prior to 8.4 we were pretty aggressive in how we treated first chance exceptions. We’ve now relaxed this.

That said I find the behavior of HitmanPro to be quite intrusive and I wouldn’t trust anything injecting code
Into my address space.

Fyi, this is what it caused:

ExceptionAddress: 00007ffcc2b368ce (ntdll!RtlVirtualUnwind+0x000000000000001e)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 00000000046710f6
Attempt to read from address 00000000046710f6
0:000> lmvm hmpalert
Browse full module list
start end module name
00007ffc`ba4b0000 00007ffc`ba595000 hmpalert (export symbols) hmpalert.dll
Loaded symbol image file: hmpalert.dll
Image path: C:\Windows\System32\hmpalert.dll
Image name: hmpalert.dll
Browse all global symbols functions data
Timestamp: Mon Jul 17 15:53:17 2017 (596CCF5D)
CheckSum: 000F490C
ImageSize: 000E5000
File version:
Product version:
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 2.0 Dll
File date: 00000000.00000000
Translations: 0400.04b0
CompanyName: SurfRight B.V.
ProductName: HitmanPro.Alert
InternalName: hmpalert.dll
OriginalFilename: hmpalert_x64.dll
FileDescription: HitmanPro.Alert 64-bit Support Library
LegalCopyright: © 2013-2017 SurfRight, a Sophos company
Comments: Incorporates Threatstar Exploit Mitigation Platform (EMP)

From: Gershom B
Sent: Thursday, December 28, 2017 22:24
To: ghc-devs at haskell.org Devs
Subject: RE: Haskell Platform 8.2.2 - virus?

Note that HitmanPro has caused plenty of problems with GHC in the
past, and should be avoided by Haskell devs:


ghc-devs mailing list
ghc-devs at haskell.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20171228/2299ec1e/attachment.html>

More information about the ghc-devs mailing list