SurfRight, announced today the release of Hitman Pro 3.5.9 (build 124). The main purpose of this release is the addition of the Cloud Assisted Miniport Hook Bypass feature.
“In the past weeks, we noticed an increase in highly advanced rootkits such as MEBroot, Torpig, Sinowal and TDL4 who were trying to defeat detection by Hitman Pro” according to Mark Loman, CEO of SurfRight. “With this new release we are able to better detect and remove these sophisticated threats”
The most important features in this new version are:
- Cloud Assisted Miniport Hook Bypass feature.
- MEBroot/Torpig/Sinowal detection and removal.
- Removal of new variant of Trojan Vundo.
- Master Boot Record (MBR) protection when restoring infected MBR to counter rootkit watchdogs.
- Repair for BCD testsigning. Testsigning is a feature of 64-bit Windows that, when enabled, allows loading of non-signed drivers on 64-bit Windows. Testsigning is typically abused by 64-bit bootkits.
The full release notes and changelog of Hitman Pro 3.5.9 build 124 can be found on http://www.surfright.com/hitmanpro/whatsnew
About Cloud Assisted Miniport Hook Bypass
Cloud Assisted Miniport Hook Bypass collects hard disk miniport driver information from clean computers and stores a representation of this information (a fingerprint of a few bytes) in the Cloud. When Hitman Pro detects a hook on the hard disk driver, it consults the Cloud on how to work around it. This allows Hitman Pro to read around the rootkit’s filtering and effectively reading the actual infected sectors. This works for ANY hard disk driver and not just the common ones.
If you run Hitman Pro with Early Warning Scoring (a mode for experts) on a Mebroot infected system you can see Cloud Assisted Miniport Hook Bypass in action. If the yellow sticky mentions bypassed then Hitman Pro should be able to detect presence of the rootkit:
The yellow sticky only appears in Early Warning Scoring scan. In the Default Scan or Quick Scan the sticky is not displayed because non-expert users have no idea what a kernel-mode hook is. Of course, when an infected MBR is detected it is listed, regardless of the chosen scan.
Cloud Assisted Miniport Hook Bypass collectively helps Hitman Pro users to combat the toughest malware threat: Rootkits.