Hitman Pro 3.5 - Free

[+Warwagon MVC]

I recently watched a youtube video of hitman pro 3.5.

http://www.hitmanpro.com

Then I downloaded and tried it myself. I must say i'm VERY impressed.

It's a cloud based scanner, meaning all of the definition files are located on the internet and not your computer. Even better is that it uses 5 different engines.

G Data

Nod32

Antivir

Prevx

asquard

The scan times are very fast 5 mins or less. I'm not sure how the scanning process works. I think it gets a list of the files on the machine then compares them to the cloud data base. All I know is its very effective. I tested it out on a malware infested machine. Within that 5 mins it found all the malware located on the machine including 1 rootit. For files that it can't delete it in windows, it does via a boot time remover much like the boot time scanner with avast.

After the scan completed I did a scan with malwarebytes and MSE and they both found nothing. This can be run off a cd and a thumbstick and no installation is required.

Their is a free version in both 32 and 64bit vwhich can be used to scan and clean machines. The paid version has on demand scanning.

So the next time you have to clean off a malware infection give this program a try, or just scan you own computer.

Below is the youtube video I referenced that first turned me onto this product, I had heard of it for years but never tried it.

Edited December 10, 2009 by warwagon

[MistaT40]

Has anyone read or tried out how this program is?

[Sethos]

"*Free infection removal limited to 30 days*

Was just about to give it a try, guess not.

[+Warwagon MVC]

"*Free infection removal limited to 30 days*

Was just about to give it a try, guess not.

True, but you could just download and activate in on a per machine, so you would get at lease 1 good clean per machine,.

[sc302 Veteran]

will have to try it on a computer that was given to me to clean. it is loaded with spyware/malware.

[+Warwagon MVC]

will have to try it on a computer that was given to me to clean. it is loaded with spyware/malware.

AWESOME, go run it and report back.

[+BudMan MVC]

"meaning all of the definition files are located on the internet and not your computer"

Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc.

Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc.

[+Warwagon MVC]

"meaning all of the definition files are located on the internet and not your computer"

Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc.

Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc.

All good points.

As far as registry scanning the guy in the youtube video said he didn't think it scanned the registry. He says he prefers to just get the files. I disagree, but once the files are off and the malware isn't running you could use a program like malware bytes to scan the registry.

[+BudMan MVC]

I will be sure to give it a try next time I have a machine to clean up -- which is pretty often actually -- there should really be a test you have to take before you can use a computer - like a drivers license sort of thing ;)

[+John Teacake MVC]

"meaning all of the definition files are located on the internet and not your computer"

Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc.

Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc.

Exactly like what Conficker did.

[+Warwagon MVC]

Exactly like what Conficker did.

True, but conficker just made entries in the host file. Once you cleared that out the app would work just fine.

Edited November 17, 2009 by warwagon

[+BudMan MVC]

^ yeah but look how effective such a simple thing worked.. Now take it to the next level since you have exploited the box and are running your code -- you could do all kinds of things like redirecting traffic to anti crapware/virus sites to fake sites showing clean or installing even more of your wares, etc.

or for that matter you just redirect and have it download bogus definitions, for that matter you could prob have it download wildcard type definitions that marked everything as bad! And now the tool you were using to clean up the machine would actually be deleting good files ;)

And the patch for conflicker was out months and months before it got big, etc. Sad really, just sad! Users that get infected and are open to such exploits have nobody to blame but themselves really.

Its not like it was a zero day exploit that hit without warning, etc.

I will for sure take a look at it -- but I think the logic is flawed with only have the definitions in the cloud -- can you download them for an offline scan?

[+Warwagon MVC]

I will for sure take a look at it -- but I think the logic is flawed with only have the definitions in the cloud -- can you download them for an offline scan?

I don't see any option for that.

Seeing how it doesn't even need to be installed to run and it doesn't even scan the registry, So in that case you you could always run the it from a bartpe cd or thumbstick with network support :D

[LightEco]

So I just enter the person's name or what? Do I need a swiss bank account for payment? Does that guy beat the subject with his ladder?

Get it? Hitman? hahaha

Anyway, I like the idea of cloud based definitions, but what happens when you don't have an internet connection for a period of time?

[+Warwagon MVC]

Well I tired running it off a barte disc with network support. Unfortunately it detected that the main drive on the bartpe was drive X so it scanned that and not drive c. Inside hitman there was an option to add a hitman to the right click context menu. But it doesn't scan sub directories using that method. So if you right click program files and there are no files in there just folders then it scans 0. The context menu doesn't even work if you right click drive C:

So that sucks.

Though further reading about hitman on their website, they do have some nifty features which may help alittle.

Repair of Unsafe DNS Settings

In version 3.5 we have added a universal check for DNS settings. An unsafe DNS server can make security related website unreachable. During online banking, unsafe DNS server can also relay users to exact looking fake banking websites. To dynamically detect unsafe DNS server addresses Hitman Pro consults public black lists.

When one of the network connections is using a blacklisted DNS server address, Hitman Pro will offer to restore it to safe addresses: DHCP in case the adapter is using a dynamic IP address or OpenDNS when the adapter is using a static IP address.

Repair of Unsafe Proxy Settings

Numerous Trojan horses function as a local proxy server. This causes all internet traffic to flow through the malware. When anti-virus software removes this malware the proxy server settings often remain unfixed. Because of this Internet Explorer - and other programs relying on system wide proxy server settings - can no longer communicate with the internet. Hitman Pro 3.5 automatically detects if the computer is using a non-existing local proxy server and shall restore the connection with the internet.

[sc302 Veteran]

AWESOME, go run it and report back.

Official opinion, big fat piece of hot garbage. It detected that malwarbytes was a trojan, it detected that parts of adobe was a trojan, it detected that part of the brother fax/printer/scanner was a trojan, so many false positives. Not 1 actual positive. Combofix is much better.

Here is the top of what combofix found, you can obviously tell what is spyware (this was ran after hitman pro, hot garbage is what hitman is):

ComboFix 09-11-16.05 - ** 11/17/2009 20:38..2 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.667 [GMT -5:00]

Running from: c:\spyware removal\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\ctfmon .exe

c:\windows\system32\winupdate86 .exe

.

((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))

.

2009-11-16 21:39 . 2009-11-16 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-11-16 21:33 . 2009-11-16 21:33 -------- d-----w- c:\documents and settings\gsheets\Application Data\Malwarebytes

2009-11-16 21:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-16 21:32 . 2009-11-18 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-16 21:32 . 2009-11-16 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-11-16 21:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-16 21:32 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\gsheets\Local Settings\Application Data\gorqtb

2009-11-16 21:29 . 2009-11-16 21:29 -------- d-----w- c:\program files\CleanUp!

2009-11-16 21:05 . 2009-11-16 21:05 -------- d-----w- C:\spyware removal

2009-11-16 21:00 . 2009-11-16 21:00 4822 ----a-w- c:\documents and settings\**\Local Settings\Application Data\syssvc.exe

2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\ylvpou

2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vekbor

2009-11-16 20:52 . 2009-11-16 21:36 -------- d-----w- c:\documents and settings\***\Local Settings\Application Data\agtuue

2009-11-16 20:48 . 2009-11-18 01:37 -------- d-----w- c:\documents and settings\**

2009-11-16 20:30 . 2009-11-16 20:30 60928 --sha-w- c:\windows\system32\yuhodose.dll

2009-11-16 20:30 . 2009-11-16 20:30 -------- d-----w- c:\windows\SchCache

2009-11-15 16:09 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vitkpr

2009-11-15 15:34 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\qbymnl

2009-11-15 15:06 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\rgpekc

2009-11-15 15:05 . 2009-11-18 01:36 247678 ----a-w- c:\documents and settings\**\stsystra.exe

2009-11-15 14:57 . 2009-11-16 21:15 -------- d-----w- c:\documents and settings\**\Application Data\AntiVirus Plus

2009-11-15 03:51 . 2009-11-15 16:02 -------- d-----w- c:\documents and settings\**\Application Data\CC

2009-11-15 03:50 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\aiuhpl

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-16 21:55 . 2008-01-31 15:42 -------- d-----w- c:\program files\DellTPad

2009-11-16 21:32 . 2008-01-31 15:38 184190 ----a-w- c:\windows\system32\igfxpers.exe

2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-29 07:36 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll

2009-08-29 07:36 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll

2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-15 14:57 . 2009-08-15 14:57 3 --sha-w- c:\windows\system32\duyovaha.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-16_21.21.17 )))))))))))))))))))))))))))))))))))))))))

[buckboii]

test and report.

[+Warwagon MVC]

Did you select False positive from the application for each file it wrongfully detected?

[sc302 Veteran]

yes i did. but still, it didn't detect anything, only 6 false positives.

[+Warwagon MVC]

Well that sucks.

[sc302 Veteran]

malwarebytes picked up about 170 infections, running superantispyware now, so far picked up 8 tracking cookies and 1 vundo variant

[Raa]

30 day limited? Cloud based?

Hmm. Nah. I'll stick to using my knowledge, eyes and hands :)

Pretty picture though, scored a few points for that at least!

[+Warwagon MVC]

malwarebytes picked up about 170 infections, running superantispyware now, so far picked up 8 tracking cookies and 1 vundo variant

Not sure why it failed so miserably on your machine.

Maybe try running it safe mode with networking.

[still1]

I upload the file and scan it.. can i trust them?

[+Warwagon MVC]

Well there is a huge 22 page thread

there

http://www.wilderssecurity.com/showthread....732&page=23

the developer of the application is very involved with that thread.