Hitman Pro just gained a new feature called: Force Breach.

Most people in the security business have come across a couple of fake/rogue anti-malware infections that kills every application you are trying to run, including your favorite removal tool.

If you run Hitman Pro (build 88 or newer) from a USB stick and start its EXE while holding down the left Ctrl-key, then Hitman Pro will kill every non-essential process running under the user's context, including the rogue infection.

Everything becomes clear when you view the YouTube video (http://www.youtube.com/watch?v=m6eRWTv2STk).

This is a great feature! :)

What if the malware runs as a service?

Nice new feature. Thanks

Hi,

Since you missed my question in your main Hit Man Pro topic and started a whole new topic announcing it(Spam ??) then i will replicate my question here in hope that you will reply:thumb:

Hello erikloman,

This is for a scenario of extra recovery when all of the clouds databases have been bypassed and the rogue has installed(in memory) past HMP3 realtime protections right ?

Does the rogue(SecurityTool) not exit your process from memory as it does to so many others when it installs first or the infected computer is rebooted ?

Also if someone wanted to fix a computer infected with this rogue installed, how would they achieve what you show on your youtube clip if HMP is not installed ?

Please advise as some think it is great feature without even testing it first to see if it works in the realworld.

-{ Quote: "Hi,

Since you missed my question in your main Hit Man Pro topic and started a whole new topic announcing it(Spam ??) then i will replicate my question here in hope that you will reply:thumb:

Hello erikloman,

This is for a scenario of extra recovery when all of the clouds databases have been bypassed and the rogue has installed(in memory) past HMP3 realtime protections right ?

Does the rogue(SecurityTool) not exit your process from memory as it does to so many others when it installs first or the infected computer is rebooted ?

Also if someone wanted to fix a computer infected with this rogue installed, how would they achieve what you show on your youtube clip if HMP is not installed ?

Please advise as some think it is great feature without even testing it first to see if it works in the realworld." }-

Hey Dr Who,
Not sure if I understood you correctly, but Hitman is not on-access product, it operates on-demand. It also doesn't need to be installed, just run the exe you downloaded (via My Computer, "search" or "run" dialog or via SafeMode with Networking if everything else is blocked) and it will clean your system.
On a separate note, it's hilarious to see the duration of Hitman video on YouTube is 1 minute 06 seconds to clean rogue A/Vs, while other similar how-to videos there are 10+ minutes!

-{ Quote: "Hi,

Since you missed my question in your main Hit Man Pro topic and started a whole new topic announcing it(Spam ??) then i will replicate my question here in hope that you will reply:thumb:
" }-
I started a new thread so others may notice this feature outside the people monitoring the Hitman Pro specific thread.
-{ Quote: "Hello erikloman,

This is for a scenario of extra recovery when all of the clouds databases have been bypassed and the rogue has installed(in memory) past HMP3 realtime protections right ?

Does the rogue(SecurityTool) not exit your process from memory as it does to so many others when it installs first or the infected computer is rebooted ?

Also if someone wanted to fix a computer infected with this rogue installed, how would they achieve what you show on your youtube clip if HMP is not installed ?

Please advise as some think it is great feature without even testing it first to see if it works in the realworld." }-
Force Breach is for the scenario when you can't start your on-demand removal tool because the infection is preventing you to start anything at all. As the video shows, the infection is literally killing new processes at a regular interval.

You can copy the HitmanPro35.exe on a USB stick and start it from there, while holding the Ctrl-key down. The video does not actually illustrate the USB part though but you'll get the point, I hope.

Also, it is not required to click Next to let Hitman Pro clean your PC. Once Hitman Pro performed the Force Breach you can start any removal tool you want.

Installed Antivirus Soft before Hitman.

With AV Soft active I then executed HMP and even though AV Soft threw up it's usual infected warning HMP was still created on desktop.

Left Ctrl and execute killed AV Soft allowing a scan which cleaned up the infection.

Installed several rogues at once from a lovely little roguepack.exe that I picked up and left Ctrl execute HMP killed the lot.

HMP seemed to clean up the XP VM and after a reboot I reinstalled the rogue pack to test again but left Ctrl didn't seem to work this time around.

Does left Ctrl stop working after a coupla times?

215403

215404

215405

What if hitman pro isn't allowed to execute at all? Does its ctrl function still work? This seems to be the case now a days, nothing wants to load, or work for that matter. lol

-{ Quote: "What if hitman pro isn't allowed to execute at all? Does its ctrl function still work? This seems to be the case now a days, nothing wants to load, or work for that matter. lol" }-
AV live and AV Soft are about the worst I've come across so far and Hitman did ok.

Got anything more aggressive then please share. :)

I cleaned out a few comps, i shoulda extracted the samples from them...but, this was a few days ago. Ill try to get my hands on them. I have an image from an infected state, maybe i can restore it and get at it.

It wouldn't execute ANYTHING. you couldn't even open a removable drive.

Sounds like my favourite type of malware. ;D

Be good if you could grab a sample.

for me it is the rootkits;)

If you dont mind me asking, where do you get your samples from?

I get mine directly from infected computers, and the image is on my external hard drive somewhere. God have mercy on it...where ever it may be.

limewire;D and surf the web like always;D

limewire is fun, and its easy to spot which particular one is a rouge, but, i want a source with NEW infections. The limewire ones have been around for a while...

yeah and very easy to grab malware from;D

-{ Quote: "AV live and AV Soft are about the worst I've come across so far and Hitman did ok.

Got anything more aggressive then please share. :)" }-


Hey Franklin,


I think that Security Tool, Internet Security 2010 and Paladin Antivirus [the latter also drops Virut and TDSS Trojan] are as BAD as Antivirus Live and its cousin Antivirus Soft.

Personally, I haven't had any experiences with this trio but a friend of mine who cleans computers from threats just for fun has told me so.

Regards,

Carlos

-{ Quote: "Hey Franklin,


I think that Security Tool, Internet Security 2010 and Paladin Antivirus [the latter also drops Virut and TDSS Trojan] are as BAD as Antivirus Live and its cousin Antivirus Soft.

Personally, I haven't had any experiences with this trio but a friend of mine who cleans computers from threats just for fun has told me so.

Regards,

Carlos" }-


Agreed. Had to deal with a few of them. I might have a copy...hm.

Analysis of Paladin AV with the virut embedded here:

http://forums.malwarebytes.org/index.php?showtopic=39132

Later installers don't have the virut.

Internet Security 2010 and Security Tool don't seem that aggressive but may behave themselves in a vm and they usually target MBAM.

215416

215417

Some solid developments happening in hitman pro. And good testing Franklin. :thumb:

I agree, no harm in having the hitman pro thread to post developments and issues, and making another thread to announce a new feature to hear feedback, possibly from non-users.

-{ Quote: "HMP seemed to clean up the XP VM and after a reboot I reinstalled the rogue pack to test again but left Ctrl didn't seem to work this time around.

Does left Ctrl stop working after a coupla times?
" }-
We had to pull build 88 last night (CET) due to a problem causing Hitman Pro to crash on some systems which have Firefox installed. The problem was related to a particular state of the places.sqlite database where Hitman Pro choked on.

This is why you experienced that the left Ctrl-key to stop working the second time as you received build 87 which did not have the Force Breach feature.

Build 89 has just come online that addresses the mentioned crash.

Tested against some rogues. Hitman pro detected and removed all problems:thumb:(Disabled windows functions etc)

Several posts removed. Do not post links to malware here. See the TOS. (http://www.wilderssecurity.com/tos.php)

-{ Quote: "
Build 89 has just come online that addresses the mentioned crash." }-
Grabbed it thanks erikloman and it seemed to have no problems in killing/cleaning up AV Soft. :)

-{ Quote: "Grabbed it thanks erikloman and it seemed to have no problems in killing/cleaning up AV Soft. :)" }-
does the x64 not get this feature?

the x64 version is always behind, why cant they release builds simultaneously? ::)

-{ Quote: "does the x64 not get this feature?
::)" }-
Dunno, you'll have to ask erikloman.

For those battling with rogues that don't allow you to open Removable Media or My Computer, try doing Start->Search for Files and Folders and launching Hitman that way. I prefer to right-click when holding Ctrl and select Open and launch Force Breach that way.
Also, renaming Hitman.exe to svchost.exe worked few times before.

-{ Quote: "For those battling with rogues that don't allow you to open Removable Media or My Computer, try doing Start->Search for Files and Folders and launching Hitman that way. I prefer to right-click when holding Ctrl and select Open and launch Force Breach that way.
Also, renaming Hitman.exe to svchost.exe worked few times before." }-

That's a good tip.

Right-click on hitman pro through windows explorer, and before you select open, hold control, then select open. Terminated 16 processes for me, although none were malicious, it did what it's supposed to do. :thumb:

That “Force Breach” feature in Hitman Pro 3.5 is very effective. I tested it myself against some of those Fake AVs running on a Win XP VMWare Virual Machine and it really killed the processes in a heartbeat.


It's better than the tool named Rkill.exe.
I hope the malware writes don't circumvent this wonderful mechanism too soon.


Regards,

Carlos

Before anyone else tries on a clean system, you'll have to reboot to start everything up again - ;) .

But if my system were infected, this new feature would do the trick.

All I can say that is a great tool to add to an already great product!

TH

Hitman Pro is becoming an essential and killer application.
I have no idea how many times I've gone to people's houses and cleaned up malware that had been there for more than 5 years. Kudos to the developers of Hitman Pro, we need to do a media blitz for this app to get it on more people's PC(s).

this sucks, x64 still aint getting such features, people who are using it for free on x86 are.

lame!

-{ Quote: "this sucks, x64 still aint getting such features, people who are using it for free on x86 are.

lame!" }-

Why are people that use it it lame!? That's just a ridiculous statement. :wacko:

-{ Quote: "Why are people that use it it lame!? That's just a ridiculous statement. :wacko:" }-
thats not what i said at all, where the hell did you get that from? :wacko:

its lame that they are releasing new features in x86, along with bug fixes and the x64 version gets nothing.

so, its lame that someone using it for free could make use of such new features, while i, a paying customer dont get these.

-{ Quote: "thats not what i said at all, where the hell did you get that from? :wacko:

its lame that they are releasing new features in x86, along with bug fixes and the x64 version gets nothing.

so, its lame that someone using it for free could make use of such new features, while i, a paying customer dont get these." }-
Since the majority of our users have x86 we release new features first for x86. It takes additional time to test the x64 build.

Also we are currently understaffed due to vacation of co-workers.

Also the MS10-015 patch causing BSODs in TDL3 infected systems is taking some resources on our end. Hitman Pro is currently the only public AV that is able to detect AND remove TDL3. See this thread (http://www.wilderssecurity.com/showthread.php?p=1622624) for more info.

We're going to release x64 on this Monday or Tuesday.

-{ Quote: "Hitman Pro is becoming an essential and killer application.
I have no idea how many times I've gone to people's houses and cleaned up malware that had been there for more than 5 years. Kudos to the developers of Hitman Pro, we need to do a media blitz for this app to get it on more people's PC(s)." }-

Agree, perhaps a good suggestion to Wilders Security Forums to give SurfRight their own forum here. It will look better, it will be better for all parties , SurfRight deserves it, and a thread like this is not very handy..

Keep up to good work Mark,Erik and colleagues.

:thumb:

-{ Quote: "Agree, perhaps a good suggestion to Wilders Security Forums to give SurfRight their own forum here. It will look better, it will be better for all parties , SurfRight deserves it, and a thread like this is not very handy..

Keep up to good work Mark,Erik and colleagues.

:thumb:" }-

wat im surprised of is that Mark and Erik havent gotten yellow names yet ???

Good idea.

-{ Quote: "Good idea." }-

Very good idea. Hitman Pro is the best money I've spent since buying Defensewall.

I am using the HMP 3.5.4 build 90 (32-bit) on a laptop running Vista 32-bit that is infected with Security Tool. Holding the left control key and either double-clicking or right-click/open on the HMP executable brings up Vista's default UAC prompt. Once I click continue on the UAC prompt I still receive the notification from Security Tool that HitmanPro35.exe is infected or it does nothing at all. If I rename HitmanPro35.exe to svchost.exe I can open HMP but force breach is not initiated.

EK, does it work if you navigate to program files, and hitman pro folder.

Then right-click on hitman pro.exe, and before you select open, hold control, then select open?

You might have already tried this, but just checking you you were clicking on say a desktop shortcut, instead of the executable.

-{ Quote: "I am using the HMP 3.5.4 build 90 (32-bit) on a laptop running Vista 32-bit that is infected with Security Tool. Holding the left control key and either double-clicking or right-click/open on the HMP executable brings up Vista's default UAC prompt. Once I click continue on the UAC prompt I still receive the notification from Security Tool that HitmanPro35.exe is infected or it does nothing at all. If I rename HitmanPro35.exe to svchost.exe I can open HMP but force breach is not initiated." }-
You must keep the LEFT-CTRL-key pressed until the Hitman Pro window appears. If you get an UAC prompt, keep CTRL pressed while you click Allow.
Basically you keep the LEFT-CTRL-key pressed until you see the Hitman Pro window.

-{ Quote: "You must keep the LEFT-CTRL-key pressed until the Hitman Pro window appears. If you get an UAC prompt, keep CTRL pressed while you click Allow.
Basically you keep the LEFT-CTRL-key pressed until you see the Hitman Pro window." }-
That did it. Thanks for the clarification!

-{ Quote: "EK, does it work if you navigate to program files, and hitman pro folder.

Then right-click on hitman pro.exe, and before you select open, hold control, then select open?

You might have already tried this, but just checking you you were clicking on say a desktop shortcut, instead of the executable." }-

It works, just hold Left Control key as you right-click on Hitman exe and select Open. Keep Left Control key pressed until Hitman GUI loads.