Haskell Platform 8.2.2 - virus?

Brandon Allbery allbery.b at gmail.com
Thu Dec 28 23:40:26 UTC 2017


"Hitman" sounds rather self-descriptive. Not sure I'd allow such a thing
onto any system under my control; it sounds pretty much like malware in its
own right.

On Thu, Dec 28, 2017 at 6:09 PM, <lonetiger at gmail.com> wrote:

>
>
> We have fixed this though, GHC 8.4 shouldn’t have this problem
> specifically.
>
>
>
> The issue is that hitman pro is injecting itself into every process by
> throwing a signal,
>
> Prior to 8.4 we were pretty aggressive in how we treated first chance
> exceptions. We’ve now relaxed this.
>
>
>
> That said I find the behavior of HitmanPro to be quite intrusive and I
> wouldn’t trust anything injecting code
>
> Into my address space.
>
>
>
> Fyi, this is what it caused:
>
>
>
> ExceptionAddress: 00007ffcc2b368ce (ntdll!RtlVirtualUnwind+
> 0x000000000000001e)
> ExceptionCode: c0000005 (Access violation)
> ExceptionFlags: 00000000
> NumberParameters: 2
> Parameter[0]: 0000000000000000
> Parameter[1]: 00000000046710f6
> Attempt to read from address 00000000046710f6
> 0:000> lmvm hmpalert
> Browse full module list
> start end module name
> 00007ffc`ba4b0000 00007ffc`ba595000 hmpalert (export symbols) hmpalert.dll
> Loaded symbol image file: hmpalert.dll
> Image path: C:\Windows\System32\hmpalert.dll
> Image name: hmpalert.dll
> Browse all global symbols functions data
> Timestamp: Mon Jul 17 15:53:17 2017 (596CCF5D)
> CheckSum: 000F490C
> ImageSize: 000E5000
> File version: 3.6.8.604
> Product version: 3.6.8.604
> File flags: 0 (Mask 3F)
> File OS: 40004 NT Win32
> File type: 2.0 Dll
> File date: 00000000.00000000
> Translations: 0400.04b0
> CompanyName: SurfRight B.V.
> ProductName: HitmanPro.Alert
> InternalName: hmpalert.dll
> OriginalFilename: hmpalert_x64.dll
> ProductVersion: 3.6.8.604
> FileVersion: 3.6.8.604
> FileDescription: HitmanPro.Alert 64-bit Support Library
> LegalCopyright: © 2013-2017 SurfRight, a Sophos company
> Comments: Incorporates Threatstar Exploit Mitigation Platform (EMP)
>
>
>
> *From: *Gershom B <gershomb at gmail.com>
> *Sent: *Thursday, December 28, 2017 22:24
> *To: *ghc-devs at haskell.org Devs <ghc-devs at haskell.org>
> *Subject: *RE: Haskell Platform 8.2.2 - virus?
>
>
>
> Note that HitmanPro has caused plenty of problems with GHC in the
>
> past, and should be avoided by Haskell devs:
>
>
>
> https://www.reddit.com/r/haskell/comments/77from/
> gettting_segmentation_fault_on_stackcabal_any/
>
>
>
> https://github.com/commercialhaskell/intero/issues/436
>
> _______________________________________________
>
> ghc-devs mailing list
>
> ghc-devs at haskell.org
>
> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
>
>
>
> _______________________________________________
> ghc-devs mailing list
> ghc-devs at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-devs
>
>


-- 
brandon s allbery kf8nh                               sine nomine associates
allbery.b at gmail.com                                  ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20171228/cc76e589/attachment.html>


More information about the ghc-devs mailing list