New release of Hitman Pro to address sophisticated rootkits

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
SurfRight, announced today the release of Hitman Pro 3.5.9 (build 124). The main purpose of this release is the addition of the Cloud Assisted Miniport Hook Bypass feature.

In the past weeks, we noticed an increase in highly advanced rootkits such as MEBroot, Torpig, Sinowal and TDL4 who were trying to defeat detection by Hitman Pro” according to Mark Loman, CEO of SurfRight. “With this new release we are able to better detect and remove these sophisticated threats

The most important features in this new version are:
  • Cloud Assisted Miniport Hook Bypass feature.
  • MEBroot/Torpig/Sinowal detection and removal.
  • Removal of new variant of Trojan Vundo.
  • Master Boot Record (MBR) protection when restoring infected MBR to counter rootkit watchdogs.
  • Repair for BCD testsigning. Testsigning is a feature of 64-bit Windows that, when enabled, allows loading of non-signed drivers on 64-bit Windows. Testsigning is typically abused by 64-bit bootkits.

The full release notes and changelog of Hitman Pro 3.5.9 build 124 can be found on www.surfright.com/hitmanpro/whatsnew



About Cloud Assisted Miniport Hook Bypass
Cloud Assisted Miniport Hook Bypass collects hard disk miniport driver information from clean computers and stores a representation of this information (a fingerprint of a few bytes) in the Cloud. When Hitman Pro detects a hook on the hard disk driver, it consults the Cloud on how to work around it. This allows Hitman Pro to read around the rootkit’s filtering and effectively reading the actual infected sectors. This works for ANY hard disk driver and not just the common ones.

If you run Hitman Pro with Early Warning Scoring (a mode for experts) on a Mebroot infected system you can see Cloud Assisted Miniport Hook Bypass in action. If the yellow sticky mentions bypassed then Hitman Pro should be able to detect presence of the rootkit:

camhb.png


The yellow sticky only appears in Early Warning Scoring scan. In the Default Scan or Quick Scan the sticky is not displayed because non-expert users have no idea what a kernel-mode hook is. Of course, when an infected MBR is detected it is listed, regardless of the chosen scan.

Cloud Assisted Miniport Hook Bypass collectively helps Hitman Pro users to combat the toughest malware threat: Rootkits.

Read more
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
That's great, rootkits today are very nasty and hitman pro managed to detect them so with there new feature it will be very useful.
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
The 3.5.9 build 124 isn't available for download yet however it should be online in a few days.
If you use Hitman Pro ,the product will automatically be updated to the latest version in the next few days.

[attachment=431]
 

Attachments

  • 1.png
    1.png
    623.3 KB · Views: 624

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
I wondered why it didn't update when I ran HMP yesterday. Thanks for the update.
 

TKFlight

New Member
May 19, 2011
82
I love having Hitman Pro around for a second opinion scanner. It always finds those pesky rootkits.
 

moonshine

Level 7
Verified
Apr 19, 2011
1,264
Hitman Pro 3.5.9 Build 125

Hitman Pro 3 is a fast All-in-One tool to locate, identify and remove viruses, spyware, trojans, rootkits and other malware. Hitman Pro 3 will quickly show if your PC is infected with malicious software. Research shows that many computers are infected, even if they have an up-to-date security suite installed, and that a combination of different anti malware programs would be required to prevent infection. Hitman Pro 3 uses innovative cloud computing techniques to detect and remove potential malware threats with minimal impact on system performance. A further benefit of this technology is that you need never again download definitions on a hourly / daily basis as this is all managed in the cloud further reducing the impact on your PC. Scanning your PC is free for the life of the product. Users can take a paid for subscription to cover malware removal after the first 30 days free use.



Release History
Build 125 (2011-06-19)

-Fixed a crash while scanning miniport drivers on FAT32 filesystems.
-Updated SQLite library.



Get it at http://files.surfright.nl/HitmanPro35.exe
http://files.surfright.nl/HitmanPro35_x64.exe



hmp-welcome.jpg
 

marsellus

New Member
May 24, 2011
68
Do it with you right away is activated license trial a new build?
I think the end of the free scan:(
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top