What’s the best way to protect the system then? Making sure that security solutions stack up to protect the system, and of course to avoid unnecessary risks on the Internet.

Hitman Pro is a program that comes into play when you want to test that defense, or suspect that your computer has been infected with malicious software but your regular antivirus solution cannot find it. Even better, Hitman Pro is compatible with any security solution already installed which cannot be said automatically for running two antivirus apps side by side.

Hitman Pro Review

Hitman Pro offers two options during installation. It is possible to install the program normally on the PC to use it on a regular basis or perform a one-time scan of the system that does not require installation at all. Very handy to quickly check an already infected system.

Hitman Pro does not run in the background all the time even if it is installed. The security software runs a scan of the system, reports the results and closes down after everything has been handled. The scan itself takes a few minutes the most, depending on the speed of the hard drive and the overall performance of the computer. A typical scan on my fast solid state drive took less than a minute to complete.

Hitman Pro combines a behavioral scan with cloud computing. Suspicious programs found during the scan are automatically submitted to the cloud where they are tested with five different antivirus engines. The engines used are
by the companies Dr.Web, Ikarus, Emsisoft, Prevx and G Data.

The cloud then reports back to the computer with the results of the scan. Hitman Pro can remove viruses and other malicious software from the system. Each item and the user’s action is recorded in the History with options to remove them completely or restore them if needed.

The program is super-easy to use, simplicity by design one could say. The first screen offers to perform a scan, close the program or open the settings. A quick scan and standard scan is available, and a click on the little down icon next to the Next button will reveal the selection.

The settings can be used to configure some aspects of the program. Here it is possible to configure a daily scan on computer startup (postponed until the hard disk activity nears the idle state), enable a Scan with Hitman Pro entry in Windows Explorer, configure connection and proxy settings and enter the license code if the program has been purchased or won.

The Hitman Pro download weights in under 7 Megabytes which is small compared to other antivirus solutions which nowadays come near or over of 100 Megabytes easily.

But how does Hitman Pro handle infections in detail? That depends on the infected file. Non-critical files that are infected are marked for deletion right away, while critical files like core Windows files are handled differently.

First, Hitman Pro tries to find an uninfected copy of the file on the system. If it finds one it exchanges the file with the infected one on reboot and cleans the infected file from the system. If no safe copy of an infected file is found Hitman Pro asks the user to insert a Windows CD or DVD to replace it. This means you will never end up with a non-booting copy of Windows because a core system file has been removed by the antivirus solution.

When the file is classified as malicious by the Scan Cloud, the Hitman Pro client is placing the infection into quarantine. Various techniques ensure that all infections are completely removed without false positives.

Close handles (e.g. unload DLL from winlogon)
Close processes (e.g. winlogon stays)
Remove object from disk
Schedule object removal using PendingFileRenameOperations
Remove references like shortcuts and registry entries
Restore standard registry keys to default values (e.g. Userinit)
Disable service drivers
Deploy native NT bootdelete to remove resilient disk objects
After reboot retry removal and rescan to ensure complete removal

White Listing

It is a huge problem when anti virus programs remove legitmate files from the computer (false positives). Especially in the case of Windows system files, it could lead to parts of the computer to malfunction. Most anti virus vendors have experience with such a horror scenario. To prevent this, Hitman Pro 3 contains a large white list with “Hashes” of these legitimate files. Hitman Pro 3 has a white list of standard installations of Windows 2000 to Windows 7, Office 2000 to 2007 and all updates and services packs.

Hitman Pro Video Review

Hitman Pro Verdict

Everyone can use Hitman Pro. That’s excellent, especially combined with the fact that the application can be run without having to be installed first. It is ideal for those cases where a family member of friend calls you to help with a virus infection on a computer.

Hitman Pro offers additional security next to standard antivirus software that runs all the time on the computer system. The software is lightweight and uses five different antivirus engines to verify suspicious files in the cloud.

The “second opinion malware scanner” is available as a 32-bit and 64-bit edition for Windows operating systems. It supports all Windows versions from Windows XP up to Windows 7.

Hitman Pro Giveaway

We have ten Hitman Pro licenses to giveaway. Please post your current security setup in the comments for a chance to win one of the licenses. Users who want to test their system right away with Hitman Pro can download a fully functional version from here.

The developers of the rootkit have improved it considerably since then, and managed to add the ability to infect 64-bit Windows systems. That’s a first, and security vendors are alarmed about that trend.

However, the authors of these attacks have not been resting. Just under a month ago, we became aware of a new variant of Alureon that infects the Master Boot Record (MBR) instead of an infected driver. While this new variant did not affect 64-bit machines, it had an inert file called ldr64 as part of its virtual file system. More recently, we discovered an updated variant that successfully infected 64-bit machines running Windows Vista or higher, while rendering 64-bit Windows XP and Server 2003 machines unbootable.

Many security companies have already added detection of the 64-bit variant to their security applications, Microsoft for instance added signatures to Microsoft Security Essentials in the beginning of August.

Still, Windows 64-bit owners may want to verify for themselves that the rootkit is not installed on their operating system. As the information above suggest, Windows XP and Windows Server 2003 owners will immediately notice that something is wrong, as their operating system will fail to boot. Windows Vista or Windows 7 64-bit users should read on.

There are at least two options to do that, all with tools already included in the operating system:

Open a command prompt, with Windows-R, entering cmd and enter.

Use the command diskpart to open Diskpart in a new command line window.

Enter lis dis in the new prompt, if it remains empty the computer is infected with the rootkit. If the disks display, it is not.

Good

windows 64 bit rootkit detection

Bad

diskpart

The second option to detect the 64-bit rootkit is the following: Launch Disk Management from the Computer Management pane.

If it does not show disks, it means the system is infected with the rootkit. If it shows disks, everything is fine.

Infected System

al64-2

Additional information are available at Technet and Symantec.

How to Remove the Rootkit if the system is infected:

Several programs are able to remove the rootkit and repair the MBR so that the system boots normally after the repair.

Hitman Pro Beta 112 and later can do it for instance.

Hitman Pro is making use of eight spyware scanning engines. It’s a mixture of free and trial versions. Among the software programs are popular spyware cleaners like Spybot Search and Destroy, Ad-aware and Webroot Spysweeper. Each application can be selected to be included in the system scan or excluded from it. Besides those eight engines can include the commercial antivirus applications TrendMicro Sysclean and McAfee Virusscan if the user has a license for those applications.

The options contain several additional interesting features that require some explanation. The user can select to use the Browser security plugins that is offered by some of the anti-spyware applications, install security updates and configure least user access levels for his web browser.

The first run takes a bit longer than the future ones because all selected applications will be downloaded from the Internet. Hitman Pro is installing the automatically on the user system with minimal to no user input required. Once the applications have been downloaded the system scan begins. Each application is run after the other and the results are visible in the application itself and in Hitman Pro at the end.

This process can slow down the computer quite a bit and it is probably a good idea to let the scans run automatically and do something different in the meantime. One aspect that is not optimal is the fact that most of these anti-spyware tools run a permanent process even if the main application is not running.

This can create quite some noise in the background and experienced users might prefer to install and uninstall the applications manually instead. The idea itself is great however and it would have been really nice if Hitman would be able to use the scanning engines and definitions without having to install the software programs itself. That’s probably wishful thinking though.