+Warwagon MVC Posted November 17, 2009 MVC Share Posted November 17, 2009 (edited) I recently watched a youtube video of hitman pro 3.5. http://www.hitmanpro.com Then I downloaded and tried it myself. I must say i'm VERY impressed. It's a cloud based scanner, meaning all of the definition files are located on the internet and not your computer. Even better is that it uses 5 different engines. G Data Nod32 Antivir Prevx asquard The scan times are very fast 5 mins or less. I'm not sure how the scanning process works. I think it gets a list of the files on the machine then compares them to the cloud data base. All I know is its very effective. I tested it out on a malware infested machine. Within that 5 mins it found all the malware located on the machine including 1 rootit. For files that it can't delete it in windows, it does via a boot time remover much like the boot time scanner with avast. After the scan completed I did a scan with malwarebytes and MSE and they both found nothing. This can be run off a cd and a thumbstick and no installation is required. Their is a free version in both 32 and 64bit vwhich can be used to scan and clean machines. The paid version has on demand scanning. So the next time you have to clean off a malware infection give this program a try, or just scan you own computer. Below is the youtube video I referenced that first turned me onto this product, I had heard of it for years but never tried it. Edited December 10, 2009 by warwagon Link to comment Share on other sites More sharing options...
MistaT40 Posted November 17, 2009 Share Posted November 17, 2009 Has anyone read or tried out how this program is? Link to comment Share on other sites More sharing options...
Sethos Posted November 17, 2009 Share Posted November 17, 2009 "*Free infection removal limited to 30 days* Was just about to give it a try, guess not. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 "*Free infection removal limited to 30 days* Was just about to give it a try, guess not. True, but you could just download and activate in on a per machine, so you would get at lease 1 good clean per machine,. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 17, 2009 Veteran Share Posted November 17, 2009 will have to try it on a computer that was given to me to clean. it is loaded with spyware/malware. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 will have to try it on a computer that was given to me to clean. it is loaded with spyware/malware. AWESOME, go run it and report back. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 17, 2009 MVC Share Posted November 17, 2009 "meaning all of the definition files are located on the internet and not your computer" Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc. Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 "meaning all of the definition files are located on the internet and not your computer"Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc. Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc. All good points. As far as registry scanning the guy in the youtube video said he didn't think it scanned the registry. He says he prefers to just get the files. I disagree, but once the files are off and the malware isn't running you could use a program like malware bytes to scan the registry. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 17, 2009 MVC Share Posted November 17, 2009 I will be sure to give it a try next time I have a machine to clean up -- which is pretty often actually -- there should really be a test you have to take before you can use a computer - like a drivers license sort of thing ;) Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted November 17, 2009 MVC Share Posted November 17, 2009 "meaning all of the definition files are located on the internet and not your computer"Problem I see with that is if the malware has control of your machine - its quite easy to filter where you can and can not go on the internet - would be very semple to block access to the definitions, etc. Just like malware/viruses do now with blocking access to the sites that offer tools to clean with, antivirus sites, etc. etc. Can it work with an offline copy of the hdd, ie can you point it to any disk to scan? How does it scan the registry of a offline disk of windows? etc. Exactly like what Conficker did. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 (edited) Exactly like what Conficker did. True, but conficker just made entries in the host file. Once you cleared that out the app would work just fine. Edited November 17, 2009 by warwagon Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 17, 2009 MVC Share Posted November 17, 2009 ^ yeah but look how effective such a simple thing worked.. Now take it to the next level since you have exploited the box and are running your code -- you could do all kinds of things like redirecting traffic to anti crapware/virus sites to fake sites showing clean or installing even more of your wares, etc. or for that matter you just redirect and have it download bogus definitions, for that matter you could prob have it download wildcard type definitions that marked everything as bad! And now the tool you were using to clean up the machine would actually be deleting good files ;) And the patch for conflicker was out months and months before it got big, etc. Sad really, just sad! Users that get infected and are open to such exploits have nobody to blame but themselves really. Its not like it was a zero day exploit that hit without warning, etc. I will for sure take a look at it -- but I think the logic is flawed with only have the definitions in the cloud -- can you download them for an offline scan? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 I will for sure take a look at it -- but I think the logic is flawed with only have the definitions in the cloud -- can you download them for an offline scan? I don't see any option for that. Seeing how it doesn't even need to be installed to run and it doesn't even scan the registry, So in that case you you could always run the it from a bartpe cd or thumbstick with network support :D Link to comment Share on other sites More sharing options...
LightEco Posted November 17, 2009 Share Posted November 17, 2009 So I just enter the person's name or what? Do I need a swiss bank account for payment? Does that guy beat the subject with his ladder? Get it? Hitman? hahaha Anyway, I like the idea of cloud based definitions, but what happens when you don't have an internet connection for a period of time? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 17, 2009 Author MVC Share Posted November 17, 2009 Well I tired running it off a barte disc with network support. Unfortunately it detected that the main drive on the bartpe was drive X so it scanned that and not drive c. Inside hitman there was an option to add a hitman to the right click context menu. But it doesn't scan sub directories using that method. So if you right click program files and there are no files in there just folders then it scans 0. The context menu doesn't even work if you right click drive C: So that sucks. Though further reading about hitman on their website, they do have some nifty features which may help alittle. Repair of Unsafe DNS SettingsIn version 3.5 we have added a universal check for DNS settings. An unsafe DNS server can make security related website unreachable. During online banking, unsafe DNS server can also relay users to exact looking fake banking websites. To dynamically detect unsafe DNS server addresses Hitman Pro consults public black lists. When one of the network connections is using a blacklisted DNS server address, Hitman Pro will offer to restore it to safe addresses: DHCP in case the adapter is using a dynamic IP address or OpenDNS when the adapter is using a static IP address. Repair of Unsafe Proxy Settings Numerous Trojan horses function as a local proxy server. This causes all internet traffic to flow through the malware. When anti-virus software removes this malware the proxy server settings often remain unfixed. Because of this Internet Explorer - and other programs relying on system wide proxy server settings - can no longer communicate with the internet. Hitman Pro 3.5 automatically detects if the computer is using a non-existing local proxy server and shall restore the connection with the internet. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 18, 2009 Veteran Share Posted November 18, 2009 AWESOME, go run it and report back. Official opinion, big fat piece of hot garbage. It detected that malwarbytes was a trojan, it detected that parts of adobe was a trojan, it detected that part of the brother fax/printer/scanner was a trojan, so many false positives. Not 1 actual positive. Combofix is much better. Here is the top of what combofix found, you can obviously tell what is spyware (this was ran after hitman pro, hot garbage is what hitman is): ComboFix 09-11-16.05 - ** 11/17/2009 20:38..2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.667 [GMT -5:00] Running from: c:\spyware removal\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ctfmon .exe c:\windows\system32\winupdate86 .exe . ((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 ))))))))))))))))))))))))))))))) . 2009-11-16 21:39 . 2009-11-16 21:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-16 21:33 . 2009-11-16 21:33 -------- d-----w- c:\documents and settings\gsheets\Application Data\Malwarebytes 2009-11-16 21:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-16 21:32 . 2009-11-18 01:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 21:32 . 2009-11-16 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-16 21:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-16 21:32 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\gsheets\Local Settings\Application Data\gorqtb 2009-11-16 21:29 . 2009-11-16 21:29 -------- d-----w- c:\program files\CleanUp! 2009-11-16 21:05 . 2009-11-16 21:05 -------- d-----w- C:\spyware removal 2009-11-16 21:00 . 2009-11-16 21:00 4822 ----a-w- c:\documents and settings\**\Local Settings\Application Data\syssvc.exe 2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\ylvpou 2009-11-16 20:58 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vekbor 2009-11-16 20:52 . 2009-11-16 21:36 -------- d-----w- c:\documents and settings\***\Local Settings\Application Data\agtuue 2009-11-16 20:48 . 2009-11-18 01:37 -------- d-----w- c:\documents and settings\** 2009-11-16 20:30 . 2009-11-16 20:30 60928 --sha-w- c:\windows\system32\yuhodose.dll 2009-11-16 20:30 . 2009-11-16 20:30 -------- d-----w- c:\windows\SchCache 2009-11-15 16:09 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\vitkpr 2009-11-15 15:34 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\qbymnl 2009-11-15 15:06 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\rgpekc 2009-11-15 15:05 . 2009-11-18 01:36 247678 ----a-w- c:\documents and settings\**\stsystra.exe 2009-11-15 14:57 . 2009-11-16 21:15 -------- d-----w- c:\documents and settings\**\Application Data\AntiVirus Plus 2009-11-15 03:51 . 2009-11-15 16:02 -------- d-----w- c:\documents and settings\**\Application Data\CC 2009-11-15 03:50 . 2009-11-16 21:55 -------- d-----w- c:\documents and settings\**\Local Settings\Application Data\aiuhpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-16 21:55 . 2008-01-31 15:42 -------- d-----w- c:\program files\DellTPad 2009-11-16 21:32 . 2008-01-31 15:38 184190 ----a-w- c:\windows\system32\igfxpers.exe 2009-09-11 14:18 . 2004-08-11 23:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-11 23:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-08-11 23:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-11 23:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-11 23:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2004-08-11 23:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-15 14:57 . 2009-08-15 14:57 3 --sha-w- c:\windows\system32\duyovaha.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-16_21.21.17 ))))))))))))))))))))))))))))))))))))))))) Link to comment Share on other sites More sharing options...
buckboii Posted November 18, 2009 Share Posted November 18, 2009 test and report. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 18, 2009 Author MVC Share Posted November 18, 2009 Did you select False positive from the application for each file it wrongfully detected? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 18, 2009 Veteran Share Posted November 18, 2009 yes i did. but still, it didn't detect anything, only 6 false positives. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 18, 2009 Author MVC Share Posted November 18, 2009 Well that sucks. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 18, 2009 Veteran Share Posted November 18, 2009 malwarebytes picked up about 170 infections, running superantispyware now, so far picked up 8 tracking cookies and 1 vundo variant Link to comment Share on other sites More sharing options...
Raa Posted November 18, 2009 Share Posted November 18, 2009 30 day limited? Cloud based? Hmm. Nah. I'll stick to using my knowledge, eyes and hands :) Pretty picture though, scored a few points for that at least! Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 18, 2009 Author MVC Share Posted November 18, 2009 malwarebytes picked up about 170 infections, running superantispyware now, so far picked up 8 tracking cookies and 1 vundo variant Not sure why it failed so miserably on your machine. Maybe try running it safe mode with networking. Link to comment Share on other sites More sharing options...
still1 Posted November 18, 2009 Share Posted November 18, 2009 I upload the file and scan it.. can i trust them? Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted November 18, 2009 Author MVC Share Posted November 18, 2009 Well there is a huge 22 page thread there http://www.wilderssecurity.com/showthread....732&page=23 the developer of the application is very involved with that thread. Link to comment Share on other sites More sharing options...
Recommended Posts