Versjonshistorie Hitman Pro
<<Tilbake til programvarebeskrivelsen
Endringer for v3.8.15.306 - v3.8.16.310
- ADDED: Black certificate serial support to remnants
- ADDED: Sophos AV icon to SurfRight vendor
- ADDED: HitmanPro icon to HitmanPro vendor
- FIXED: Freezing problem on Windows 10 while HitmanPro was scanning
- FIXED: Rare BSOD in HitmanPro driver
- FIXED: Blacklisted DNS lookups
- IMPROVED: Hardening of HitmanPro driver
Endringer for v3.8.0.292 - v3.8.0.294
- FIXED: Uninstall of older HitmanPro version after upgrading to 3.8
- FIXED: Scheduled Scan if user has no administrative rights
- FIXED: False Positive on certain Microsoft files
- FIXED: Force Breach not working on Windows 10
- FIXED: Detecting PUPs as malware on certain files
- FIXED: Potential DLL hijacking vulnerability
- IMPROVED: Detection of Potentially Unwanted Programs (PUPs/PUAs)
- INFO: Several minor fixes and improvements
Endringer for v3.7.20.286 - v3.8.0.292
- ADDED: Danish language
- IMPROVED: Kovter (fileless malware) detection
- IMPROVED: Cookie detection in Microsoft Edge and IE (for Windows 10 Fall Creators Update)
- UPDATED: User interface, matching Sophos colors
- UPDATED: HitmanPro icon, matching Sophos colors
- FIXED: Vulnerability in zlib
- FIXED: Vulnerability in libpng
- INFO: Several minor fixes and improvements
Endringer for v3.7.15.281 - v3.7.20.286
- FIXED: Right click scan (Scan with HitmanPro)
- FIXED: Vulnerability in HitmanPro driver (Kernel Pool Overflow, BSOD)
- FIXED: Vulnerability in HitmanPro driver (Kernel Pool Overflow, Local Privilege Escalation)
- FIXED: Vulnerability in HitmanPro driver (Out of bounds read)
- IMPROVED: Activation mechanism.
- IMPROVED: Cookie detection.
- IMPROVED: Detection of Potentially Unwanted Programs (PUPs/PUAs).
- INFO: Several minor fixes and improvements.
Endringer for v3.7.14.280 - v3.7.15.281
- IMPROVED: Detection and removal for Kovter fileless malware.
- FIXED: Detection of Cookies for Internet Explorer and Edge.
- REMOVED: Kickstart functionality.
Endringer for v3.7.14.280 - v3.7.15.281 Beta
- IMPROVED: Detection and removal for Kovter fileless malware.
- FIXED: Detection of Cookies for Internet Explorer and Edge.
- REMOVED: Kickstart functionality.
Endringer for v3.7.14.276 - v3.7.14.280
- ADDED: Detection and removal for Kovter fileless malware.
- IMPROVED: Detection and removal for Poweliks fileless malware.
Endringer for v3.7.14.263 - v3.7.14.276
- •ADDED: Support for computers running Windows 10 Anniversary Update with SecureBoot enabled.
- •IMPROVED: Detection of Potentially Unwanted Programs (PUPs).
- •IMPROVED: Scan performance on some versions of Windows.
- •IMPROVED: Several minor fixes and improvements.
- • INFO: Build aligned with Sophos Clean.
Endringer for v3.7.13.257 - v3.7.14.263
- ADDED: Detection for fileless malware using WMI to hijack your Browser (Yeabests.cc).
- ADDED: Details of ScriptText used by fileless malware hiding in WMI.
- FIXED: Problem with Poweliks detection.
- UPDATED: Internal whitelists.
Endringer for v3.7.13.256 - v3.7.13.257
- FIXED: Save Log button (was broken since build 256).
- UPDATE: Polish language.
Endringer for v3.7.12.256 Beta - v3.7.13.257 Beta
- •Added credentials support to proxy pre-authentication.
- •Added /proxycred command line switch.
- •Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files.
- •Added protection against DLL preloading attacks.
- •Updated raw registry parser.
Endringer for v3.7.12.253 Beta - v3.7.12.256 Beta
- Added credentials support to proxy pre-authentication.
- Added /proxycred command line switch.
- Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files.
- Added protection against DLL preloading attacks.
- Updated raw registry parser.
Endringer for v3.7.10.251 - v3.7.12.253 Beta
- Added support for authenticated proxies.
- Fixed false positive on user32 on 32-bit Windows Vista introduced since Patch Tuesday December 8th (thanks Stupendous Man for reporting).
Endringer for v3.7.10.251 - v3.7.10.253
- Added support for authenticated proxies.
- Fixed false positive on user32 on 32-bit Windows Vista introduced since Patch Tuesday December 8th (thanks Stupendous Man for reporting).
Endringer for v3.7.9.246 - v3.7.9.248 Beta
- •ADDED: Detection and removal of 'Ads by LaSuperba' malware.
- See here for example: https://twitter.com/erikloman/status/649967142121701377
- •ADDED: Detection and repair of patched dnsapi.dll (both 32-bit and 64-bit)
- •ADDED: Command line switch /diskmode=compatible|direct.
- •ADDED: Tracking Cookie scan for Microsoft Edge.
- •FIXED: Tracking Cookie scan for Internet Explorer.
- •IMPROVED: Improved Windows 10 compatibility.
- •IMPROVED: Remnant scan.
- •IMPROVED: Cloud lookup performance.
Endringer for v3.7.9.242 - v3.7.9.245
- ADDED: Forensic based detection of MultiPlug adware.
- IMPROVED: Windows 10 support
- UPDATED: Embedded white lists.
Endringer for v3.7.9.241 - v3.7.9.242
- •IMPROVED: Remnant scan
- •FIXED: Rare Illegal Instruction exception caused by bug in MSVCR120 on 64-bit system
- See here: https://connect.microsoft.com/VisualStudio/Feedback/Details/981479
- •UPDATED: Polish language
Endringer for v3.7.9.240 - v3.7.9.241
- IMPROVED: Remnant scan, specifically handling of user registry keys
Endringer for v3.7.9.238 - v3.7.9.240
- IMPROVED: Remnant scan
- IMPROVED: Forensic clustering
- IMPROVED: Command line switch /proxy is no longer case sensitive
- FIXED: False positive on jusched.exe
Endringer for v3.7.9.236 Beta - v3.7.9.238
- IMPROVED: Malware removal on Windows 8.
- UPDATED: Embedded white lists.
Endringer for v3.7.9.236 Beta - v3.7.9.237 Beta
- •IMPROVED: Malware removal on Windows 8.
Endringer for v3.7.9.233 - v3.7.9.234
- FIXED: Problem introduced in build 233 causing HitmanPro to stop working.
Endringer for v3.7.9.232 - v3.7.9.233
- IMPROVED: Detection and removal of new variant of Reveton ransomware.
- FIXED: Issue with the Internet Explorer cookie enumerator causing the scan to never finish.
- FIXED: Issue causing HitmanPro to stop working.
Endringer for v3.7.9.225 - v3.7.9.232
- •ADDED: Detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
- •ADDED: Integration of Department Of Justice ransomware user32.dll decrypter.
- •IMPROVED: Detection of local proxy servers.
- •IMPROVED: Removal engine to handle malformed file/folder names.
- •IMPROVED: Detection of malformed registry values.
- •IMPROVED: Removal of specific ZeroAccess variants.
- •FIXED: False positive on user32.dll on Windows 10 Technical Preview.
- •FIXED: Rare crash when user clicked on Activate Free License on machines with specific NVIDIA GeForce driver.
Endringer for v3.7.9.225 - v3.7.9.231
- ADDED: Detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
- ADDED: Integration of Department Of Justice ransomware user32.dll decrypter.
- IMPROVED: Detection of local proxy servers.
- IMPROVED: Removal engine to handle malformed file/folder names.
- IMPROVED: Detection of malformed registry values.
- IMPROVED: Removal of specific ZeroAccess variants.
- FIXED: False positive on user32.dll on Windows 10 Technical Preview.
- FIXED: Rare crash when user clicked on Activate Free License on machines with specific NVIDIA GeForce driver.
Endringer for v3.7.9.225 - v3.7.9.230 Beta
- •Added detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
- •Added integration of Department Of Justice ransomware user32.dll decrypter
- •Fixed false positive on user32.dll on Windows 10 Technical Preview.
- •Improved detection of local proxy servers
- •Improved removal engine to handle malformed file/folder names
- •Improved detection of malformed registry values
- •Improved removal of specific ZeroAccess variants
Endringer for v3.7.9.224 Beta - v3.7.9.225
- IMPROVED: Detection for new variant of user32.dll ransomware infection
Endringer for v3.7.9.221 - v3.7.9.223 Beta
- •IMPROVED: Multiple improvements to scanning autorun entries on 64-bit systems
- •IMPROVED: NTFS reader
- •UPDATED: Embedded white lists
Endringer for v3.7.9.220 - v3.7.9.221
- FIXED: User32.dll false positive related to reading from specific encrypted filesystems
- FIXED: Support for Windows 2003 64-bit and XP 64-bit
- IMPROVED: Closing of Chrome when removing cookies
- CHANGED: Restore point is no longer created when removing cookies only
Endringer for v3.7.9.219 - v3.7.9.220
- IMPROVED: Removal of malware files with specific DACL.
- FIXED: Restore point creation during silent operation.
- FIXED: False positive detection of user32.dll on encrypted file systems.
Endringer for v3.7.9.216 - v3.7.9.219
- ADDED: Detection of user32.dll infected system files.
- More info: http://hitmanpro.wordpress.com/2014/06/13/ransomware-infecting-user32-dll/
- IMPROVED: Repair of infected system files
- IMPROVED: MBR rootkit detection
- IMPROVED: Remnant detection
- IMPROVED: Application termination while processing JSON files
- IMPROVED: Portuguese language
- ADDED: Croatian language
- UPDATED: Embedded white lists
Endringer for v3.7.9.214 Beta - v3.7.9.216
- FIXED: Applications started with a delay while HitmanPro was running and Alert was installed.
- FIXED: Automatic update was not working on small number of systems.
Endringer for v3.7.9.211 - v3.7.9.212
- IMPROVED: Ransomware detection through forensic clustering
- IMPROVED: Forensic clustering algorithm
- IMPROVED: Remnant scan to repair web browser shortcuts
- IMPROVED: Scanning of Start Menu items on Vista, Windows 7 and 8
- ADDED: Internet Explorer start page and search engine to remnant scan
- ADDED: Firefox Prefs.js to remnant scan
- ADDED: Repair for disabled Command Prompt
- FIXED: Tab handling in trial request dialog
- FIXED: Problem parsing AppInit_DLLs registry value
- FIXED: Crash when the scan stumbles on a specific crafted file
- UPDATED: Botan crypto library
- UPDATED: 64-bit version now uses SSE2 instruction set
Endringer for v3.7.8.208 - v3.7.9.211
- •Version 3.7.9
- •IMPROVED: Ransomware detection through forensic clustering
- •IMPROVED: Forensic clustering algorithm
- •IMPROVED: Remnant scan to repair web browser shortcuts
- •IMPROVED: Scanning of Start Menu items on Vista, Windows 7 and 8
- •ADDED: Internet Explorer start page and search engine to remnant scan
- •ADDED: Firefox Prefs.js to remnant scan
- •ADDED: Repair for disabled Command Prompt
- •FIXED: Tab handling in trial request dialog
- •FIXED: Problem parsing AppInit_DLLs registry value
- •FIXED: Crash when the scan stumbles on a specific crafted file
- •UPDATED: Botan crypto library
Endringer for v3.7.8.207 - v3.7.8.208
- IMPROVED: Keyboard handling in Kickstart boot menu. On some BIOSes a key press was not detected.
- IMPROVED: Kickstart boot loader now auto continues after 10 seconds when no option was chosen.
- IMPROVED: Small textual changes in Kickstart boot menu.
- IMPROVED: SanDisk USB flash drive handling.
- UPDATED: Kickstart 2.3.
- UPDATED: Embedded white lists.
Endringer for v3.7.7.205 - v3.7.8.207
Endringer for v3.7.7.203 - v3.7.7.205
- ADDED: Forensics-based universal detection of the Sinowal/Torpig Trojan.
- IMPROVED: Compatibility with TeaTimer from Spybot S&D.
- FIXED: Processing of ShellServiceObjectDelayLoad startup entries.
- FIXED: Processing of SharedTaskScheduler startup entries.
- UPDATED: Embedded white lists.
Endringer for v3.7.7.202 - v3.7.7.203
- FIXED: On some hardware the default Direct Disk Access scanning method caused the PC to become less responsive.
- UPDATED: Embedded white lists.
Endringer for v3.7.5.199 - v3.7.6.201
- ADDED: Repair for NTFS Symbolic Links placed by ZeroAccess on Windows Defender and Microsoft Security Essentials. Now repairs folders and corresponding files in Winsxs folders as well. In addition, ACL security is reset.
- IMPROVED: Detection of zero-day ransomware through forensic clustering.
- IMPROVED: Java exploit drive-by-download detection through forensic clustering.
- FIXED: Unexpected termination of HitmanPro during remnant scan on computers with FAT32 system volume.
Endringer for v3.7.5.197 - v3.7.5.199
- FIXED: Suspicious classified items set to Quarantine were not removed after pressing Next button.
Endringer for v3.7.3.194 - v3.7.5.197
- ADDED: Java exploit drive-by-download detection through forensic clustering.
- ADDED: Bootkit Gapz removal via Kickstart.
- IMPROVED: Forensic clustering.
- IMPROVED: Detection of zero-day ransomware through forensic clustering.
- IMPROVED: Detection and removal of malware starting via Command Processor (cmd.exe).
- IMPROVED: Remnant scanner.
- FIXED: On some computers
Endringer for v3.6.1.164 - v3.7.3.194
- FIXED: HitmanPro driver leaked some nonpaged kernel memory when scanning in Direct Disk Access mode.
- IMPROVED: Minor improvements to Compatible Disk Access mode.
- IMPROVED: Detection of zero-day Urausy ransomware through forensic file clustering.
- IMPROVED: File remnant scanner detects more remnants.
- Build 193 (2013-04-03)
- IMPROVED: Detection of zero-day Urausy ransomware through forensic file clustering.
- FIXED: HitmanPro stopped working when it encountered a particular forensic cluster.
- UPDATED: Embedded white lists.
- Build 192 (2013-03-27)
- ADDED: Removal of child pornography images dropped by Urausy ransomware.
- ADDED: Detection of zero-day Urausy ransomware through forensic file clustering.
- ADDED: Kickstart hardening to protect HitmanPro processes from Winwebsec malware family.
- Use Kickstart against Disk Antivirus Professional, AVASoft Antivirus Professional or other rogue antiviruses.
- IMPROVED: Forensic file clustering speed.
- IMPROVED: Reduced memory usage during forensic file clustering.
- IMPROVED: Processing of registry key values.
- FIXED: On some BIOSes, when booting with Kickstart, Windows loader would hang with either frozen screen or blinking cursor.
- UPDATED: Kickstart Bootstrap loader 2.1.
- UPDATED: Embedded white lists.
- Build 190 (2013-03-01)
- IMPROVED: Kickstart blocking ransomware stealing the desktop from HitmanPro.
- UPDATED: Kickstart Bootstrap loader 1.3.
- ADDED: Norgwegian language.
- Build 189 (2013-02-25)
- ADDED: Kickstart blocks ransomware stealing the desktop from HitmanPro.
- ADDED: Kickstart blocks "Image File Execution Options" hijacking.
- ADDED: Kickstart lists the file that was added 'Most Recent as Startup' as suspicious.
- ADDED: Kickstart keeps track of processes that are started during boot.
- ADDED: VirusTotal API key is now embedded so it is no longer needed to register an account.
- ADDED: /excludefile command line option to exclude files and folders from the scan.
- ADDED: Text Log File now shows number of encountered files that were excluded from the scan.
- ADDED: Detailed file view now shows parent process name as property.
- ADDED: Detailed file view now lists both local and remote network connections
- FIXED: Reveton ransomware detection caused false postives.
- FIXED: Network Port enumerator now lists listening ports correctly.
- FIXED: On some systems HitmanPro shuts down unexpectedly at end of scan.
- IMPROVED: Force Breach process filtering.
- IMPROVED: License activation retry mechanism.
- UPDATED: Kickstart Bootstrap loader 1.2.
- UPDATED: Embedded white lists.
- Build 188 (2013-02-05)
- Version 3.7.2
- ADDED: NTFS Timeline Forensics to cluster malware related files and establish malware infection timeline.
- With the established timeline you can trace back to where the actual infection came from and how it got on your system. In addition, the cluster can reveal zero-day malware due to which files have been created along with the unknown binary. A picture to illustrate can be seen here: http://dl.surfright.nl/NTFS-Timeline-Forensics.png
- ADDED: Detection of zero-day Reveton ransomware through file clustering.
- ADDED: Repair of non-existing Winlogon startup entries.
- ADDED: Complete removal of ZeroAccess 'recycler variant'.
- IMPROVED: Removal of malware hijacking Winmgmt service.
- IMPROVED: File remnant scanner detects more remnants.
- IMPROVED: Detection of malware starting through Winlogon.
- IMPROVED: Proxy is set to NoProxy when Kickstart started HitmanPro at Winlogon desktop.
- IMPROVED: Parsing of Run entries.
- IMPROVED: Services enumerator.
- IMPROVED: Raw registry parser.
- FIXED: Portuguese language.
- UPDATED: Embedded white lists.
- Build 186 (2013-01-24)
- ADDED: "Erase USB flash drive" to context menu in Kickstart dialog. This removes the Kickstart boot loader from the USB flash drive.
- ADDED: Kickstart dialog now shows size of selected USB flash drive.
- FIXED: White listed Master Boot Record (MBR) of RollbackRX and EAZ-FIX.
- FIXED: Compatibility LaCie Wuala Cloud Storage file system driver.
- UPDATED: Internal white lists.
- Build 185 (2012-12-21)
- FIXED: Some applications were incorrectly classified as Suspicious.
- UPDATED: Embedded white lists.
- Build 184 (2012-12-20)
- ADDED: Upgrade version 3.6 to version 3.7.
- Build 183 (2012-12-18)
- FIXED: On some systems, booting from Kickstart USB flash drive resulted in blinking cursor.
- UPDATED: Kickstart bootstrap loader to version 1.1.
- UPDATED: Bulgarian language.
- Build 182 (2012-12-13)
- IMPROVED: Zero-day Zbot/Citadel detection through behavioral scan.
- IMPROVED: Zero-day Reveton/Weelsof ransomware detection through behavioral scan.
- IMPROVED: Error handling while creating Kickstart USB flash drive.
- IMPROVED: Auto Force Breach while booting via Kickstart.
- FIXED: Small USB flash drives (< 1GB) threw error 112 while creating Kickstart bootable USB flash drive on XP.
- Build 181 (2012-12-11)
- FIXED: On some systems a scan froze the computer.
- FIXED: On some systems a scan never finished while classifying kept hovering around 99%.
- FIXED: Creating Kickstart USB flash drive under XP failed most of the time causing unusable Kickstart USB flash drive. This problem did not occur under Windows 7 or 8.
- FIXED: Windows showed a weird error dialog on Kickstart dialog on systems with floppy drive.
- FIXED: Shell Integration was not working.
- FIXED: Scheduler was not working.
- IMPROVED: Removal of rootkit Necurs under 64-bit Windows.
- See also: http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
- IMPROVED: Messaging to the user while creating Kickstart USB flash drive. Now showing an error dialog when creation of the Kickstart USB flash drive has failed.
- IMPROVED: Various minor improvements.
- UPDATED: Swedish and Portugues languages.
- Build 179 (2012-12-04)
- ADDED: HitmanPro.Kickstart to easily remove ransomware using USB flash drive.
- For more information and video's: www.surfright.com/kickstart
- ADDED: Flying Kick icon on the Welcome screen.
- Click this icon to turn any existing USB flash drive into a bootable HitmanPro.Kickstart USB flash drive.
- ADDED: Zero-day detection of ransomware through behavioral scan.
- ADDED: Zero-day detection of Zbot infections through behavioral scan.
- ADDED: Automatic creation of log files.
- ADDED: Logs under Settings, History where you can view the created log files.
- ADDED: /nologs command line option.
- ADDED: Scan for specific recent files (part of remnant scan).
- ADDED: NoViewContextMenu policy repair.
- IMPROVED: Removal of ZeroAccess (Sirefef) infected services.exe on 64-bit systems.
- IMPROVED: NTFS parser. On some systems HitmanPro processed too many files due to incorrectly parsing specifc NTFS records. These systems should see an improvement in scan speed.
- IMPROVED: Crusader to replace infected critical system files with clean original versions.
- IMPROVED: Remnant scanner.
- IMPROVED: Parsing of registry keys related to the Windows Shell (XP).
- FIXED: On some systems HitmanPro unnecessarily restarted explorer.exe.
- UPDATED: Support driver.
- UPDATED: German, French, Spanish, Italian, Russian and English languages.
- Version 3.7.
- Build 174 (2012-11-12)
- IMPROVED: Detection of Symmi malware.
- IMPROVED: Detection of malware that starts through Scheduled Tasks.
- IMPROVED: Operations on Boot Configuration Data (BCD) are now handled by Crusader service.
- FIXED: On some systems the Settings dialog was blank.
- UPDATED: Internal white lists
- Build 173 (2012-10-25)
- FIXED: Force Breach was broken in build 171.
- FIXED: HitmanPro process sometimes lingered during quiet command line scans.
- FIXED: /pup command line switch was not working.
- FIXED: Compatibility issue with Ashampoo firewall (32-bit only)
- IMPROVED: Detection of ransomware.
- IMPROVED: Bootkit detection.
- IMPROVED: Scheduler.
- IMPROVED: Various improvements to command line based scans.
- IMPROVED: Various minor improvements.
- Build 171 (2012-10-10)
- FIXED: /lic command line switch was broken.
- IMPROVED: PE header anomaly detection.
- UPDATED: Portugues language.
- Build 170 (2012-10-09)
- ADDED: Windows 8 RTM support.
- ADDED: Windows Server 2012 support
- ADDED: Scan and clean registry of unloaded user profiles.
- ADDED: Scan for Potentially Unwanted Programs (PUP). Default action is Ignore.
- ADDED: Settings for Potentially Unwanted Programs.
- ADDED: Action to hide Potentially Unwanted Program family.
- ADDED: Apply actions to items of same family or classification.
- ADDED: Detection for RTLO unicode filename spoofing.
- ADDED: Detection for malware hiding its source executable filename from process memory.
- ADDED: Reset Settings to revert to default settings, reset reported false positives and ignored items.
- ADDED: Application exits with code 7 when a license error has occured.
- ADDED: XML Log now contains Cookie and PUP in attribute type.
- ADDED: Command line switch /logtype=txt|xml.
- ADDED: Command line switch /nopups. Note: /noremnants implies /nopups.
- ADDED: Command line switch /deactivate.
- FIXED: Command line swich combination /quiet /lic no longer show message box when activation has failed.
- FIXED: On some systems the scan for remnants never ended due to malformed NTFS record.
- IMPROVED: Detection of ransomware starting through LNK files.
- IMPROVED: Scoring on executables requiring elevation.
- IMPROVED: Gossip cloud classifier now uses Bing Azure.
- IMPROVED: ASLR detection on Services.exe.
- IMPROVED: Removal of new ZeroAccess CLSID variant.
- IMPROVED: Handling of Volume Boot Record (VBR).
- IMPROVED: Repair of disabled Task Manager policies.
- IMPROVED: Command line switch /log=file.txt exports log in text format.
- IMPROVED: Uninstall procedure.
- UPDATED: Internal embedded white lists.
- REMOVED: Windows 8 Release Preview embedded white list
- REMOVED: Windows 8 Consumer Preview embedded white list
Endringer for v3.6.0.156 - v3.6.1.164
- IMPROVED: Made a minor change to the Behavioral Scan, regarding the detection of executable files that do not mention their disk location in memory.
- FIXED: A bug introduced in build 163 caused the reboot function not to work properly.
Endringer for v3.5.9.124 - v3.6.0.156
- ADDED: XPAJ bootkit (MBR) detection and removal.
- ADDED: Yurn bootkit (MBR) detection and removal.
- ADDED: Detection and removal of Volume Boot Record (VBR) bootkits.
- ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.
- ADDED: Master Boot Record details (under More Information).
- ADDED: Portuguese language.
- IMPROVED: Removal of Necurs rootkit.
- IMPROVED: Pre-boot malware removal engine.
- IMPROVED: Various minor improvements.
- UPDATED: Internal white lists
Endringer for v3.5.6.115 - v3.5.9.124
- Version 3.5.9
- Added Cloud Assisted Miniport Hook Bypass feature. Read our blog for more information.
- Added Mebroot/Sinowal detection and removal.
- Added removal of new variant of Trojan Vundo.
- Added Master Boot Record (MBR) protection when restoring infected MBR to counter rootkit watchdogs.
- Added repair for BCD testsigning. Testsigning is a feature of 64-bit Windows that, when enabled, allows loading of non-signed drivers on 64-bit Windows. Testsigning is typically abused by 64-bit bootkits.
- Added Registration on Setup dialog.
- Improved corrupted/damaged file handling.
- Improved removal of malware files that change their file security.
- Hitman Pro won't check for a program update when the last check was less than 2 hours ago.
- Fixed a crash that was caused by a bug introduced in build 121 (64-bit only).
- Fixed a crash when Compatible Disk Mode was selected and the cloud uploader failed to get access to the file.
- Fixed a displaying problem when a filename was too long causing visual overlap.
- Fixed a problem during activation of a new key when the license files were read-only.
- Close button is now disabled during malware removal process.
- Product Activation is now performed on a separate thread.
- Several minor user interface improvements.
- Updated Brazilian-Portuguese language (thanks Bruno).
- Updated internal embedded whitelist.
Endringer for v3.5.6.109 - v3.5.6.115
- Contains complete removal of 'Here You Have' worm.
- Added process hardening to Hitman Pro's malware removal service (Crusader).
- Improved detection and removal of malware related registry keys.
- Improved detection and removal of malware starting through Autorun.inf.
- Improved cloud communication so that it reverts to fixed IPs when DNS queries are compromised by malware.
- Fixed a problem resetting the ACL on malware files.
- Fixed 'Scan at startup' setting so that 'Scan method' is now remembered.
- Added /lic=PRODUCTKEY command line switch which is useful in corporate environments.
- Several minor improvements.
- Fixed a Windows Vista related problem (build 114).
Endringer for v3.5 build 97 - v3.5.6.109
- Added universal detection of the LNK vulnerability.
- Added automatic disabling of the Hitman Pro LNK Exploit Protection when Windows is not vulnerable for attacks abusing the LNK vulnerability. Ex. when Security Update KB2286198 (MS10-046) is installed.
- Note: Since Microsoft no longer supports Windows 2000 and Windows XP RTM, SP1 and SP2, the Hitman Pro LNK Exploit Protection remains available for these operating systems.
- Added WinHTTP prerequisite check.
- A message is displayed on computers running Windows 2000 pre-SP3 and Windows XP RTM.
- Fixed a problem on computers receiving the message:
- "The procedure entry point EncodePointer could not be located in the dynamic link library kernel32.dll"
- Added Czech language
- Added Swedish language
- Added option to protect the computer against Windows shortcut vulnerability. Read more about our solution against this high risk vulnerability here: Protection against LNK vulnerability
- Added Chinese (Traditional) language.
- Updated Polish language.
- Added detection and removal of the Stuxnet malware.
- Added MS-DOS COM file format support.
- Added /nocookies command line switch.
- Fixed a problem with the 64-bit updater.
- Fixed support for Sophos SafeGuard.
- Fixed French language.
- Added Chinese (Simplified) language.
- Added compatibility with TrueCrypt full disk encrytion (thanks BoerenkoolMetWorst).
- Fixed a problem in the driver that caused a BSOD on some systems.
- Fixed a problem with the right-click scan on non-NTFS drives (thanks Avinash).
- Fixed a problem with the right-click scan under Compatible Disk Access.
- Fixed a problem with the activation on Korean or Japanese systems (thanks Jun).
- Updated internal white lists.
- Updated several languages.
- Fixed a problem related to the removal of specific versions of the TDL3 rootkit.
- Latest TDL3 (aka Alureon) Rootkit detection and removal. Also works in Early Warning Scoring mode (ex. when the computer does not have an Internet connection to consult the Scan Cloud).
- Added a sticky TDL3 Rootkit detection message. This message appears when the hard disk stack contains a reference to a hidden driver, typical TDL3 behavior.
- Improved removal of Trojans and Rootkits that are protected by a Kernel thread.
- Added removal of adware and adult related Tracking Cookies in Internet Explorer, Firefox and Chrome. Removal of these Tracking Cookies is of course free, does NOT require a license.
- Improved Internet connection detection. I.e., when the connection is ex. hijacked by a local proxy, Hitman Pro will now attempt to bypass it.
- Authenticode certificates are now handled on a separate thread.
- Improved handling of files that contain resources with specially crafted data to make Anti-Virus software crash.
- Small improvement in the hash classifier when performing a right-click scan.
- New Anti-Virus Ballot Screen which appears when the computer is not protected by an Anti-Virus program, or when the computer is using an AV program that is not compatible with the Windows Security Center. This screen does not appear when you purchased a Hitman Pro license.
- Return of the AV Scan Cloud vendor icons on the Welcome page.
- Improved the Intelligent removal of malware related remnants.
- Updated the French language strings.
- Updated graphics. More color and detail.
- Updated internal Whitelists.
- Several other minor improvements.
Endringer for v3.5 build 92 - v3.5 build 97
- Added Quick scan which only scans load point locations and in memory objects.
- You typically use the Quick scan when you just want to check whether malware is active on the computer.
- You can choose Quick scan from the split button on the Welcome dialog or specify the /quick command line switch.
- Improved the overall scan performance on systems protected by an active on-access AV scanner.
- Fixed a memory leak reducing memory consumption by 20-40MB compared to previous versions.
- Replaced WinInet by WinHTTP network stack for internet communication. This allows more proxy options and also allows Hitman Pro to run under different accounts like SYSTEM. This is particularly useful in corporate situations.
- Improved the Scan-at-startup by postponing the scan until the computer has started up (hard disk activity is near idle).
- Postponing the startup scan improves the overall computer startup speed. Hitman Pro monitors the "Avg. Disks Queue Length" Performance Counter to determine whether the computer finished starting applications. Hitman Pro postpones the startup scan up to a maximum of 5 minutes. After that, the scan is started, despite hard disk activity.
- Changed the Scan-at-startup from default normal scan to Quick Scan.
- Fixed a problem with the Winsock repair functionality on 64-bit platforms. Thanks Rein.
- Added Advanced tab under Settings allowing proxy configurations:
- Use Internet Explorer settings (default)
- Web Proxy Auto-Discovery Protocol (WPAD)
- Proxy Automatic Configuration URL (PAC)
- Manual proxy configuration
- Proxy authentication
- Added Compatible Disk Access mode.
- This mode uses the Windows API for accessing the disk. This makes Hitman Pro compatible with hard disk snapshoting tools like Rollback RX and AyRecovery. Note that this mode reduces the chance of finding complex rootkits. You can change the Disk Access mode on the Advanced tab under Settings.
- Added License tab under Settings.
- Added Apply to all to the drop down action menu of a detected item.
- Added hyperlink to the finish page allowing the scan log to be exported as XML.
- Added /ews command line switch.
- Added /noupload command line switch.
- Added /quick command line switch.
- Added /debug and /debug:full command line switch. Use this switch to generate a mini dump if the program crashes.
- Updated internal white lists.
- Lots of minor internal changes.
- Added Arabic language
- Added Polish language
- Built using Visual Studio 2010.
Endringer for v3.5 build 89 - v3.5 build 92
- Fixed removal of malware related jobs configured in the Windows Task Scheduler.
- Updated Italian, French and Portuguese-Brazilian language strings.
- Detects and removes TDL3 rootkit version 3.27 (actively spreading since Feb. 23).
- TDL3.27 rootkit authors solved a bug that allowed disk access through SPTI. TDL3.27 (or newer) now monitors SPTI and serves the uninfected bytes when trying to read the hard disk driver from disk. Hitman Pro now uses different methods to detect this highly advanced rootkit.
- The rootkit's authors are actively watching the security industry, monitoring which tools can detect and remove their creation. Each update shakes off a few tools making this rootkit one of the most resilient malware to date.
- Improved removal on files with specific permissions.
- Added XML logging.
- Watch our Blog as a post on Logging will appear shortly.
- Added command line switches:
- /log=C:\Folder\ (make sure the path ends with a backslash)
- /log=C:\File.xml
- /noinstall
- Added registry value LogPath which behaves the same as the /log= command line switch.
- Added Hungarian strings.
- Updated Russian, Estonian, and Greek strings.
- Detects and removes TDL3 rootkit version 3.273
- Added detection and repair for rogues changing .exe file assignment
- Updated language strings
Endringer for v3.5 build 88 - v3.5 build 89
- Fixed removal of malware related jobs configured in the Windows Task Scheduler.
- Updated Italian, French and Portuguese-Brazilian language strings.
Endringer for v3.5 build 87 - v3.5 build 88
- Added Force Breach. When holding the left Ctrl-key while starting Hitman Pro (hold until its window appears) will terminate all non-essential processes that run in the user's context. This is particularly useful when a fake/rogue anti-malware application is killing every process you want to start. See movie.
- Added resolution changer. In Safe Mode scenario's where the computer boots in 640x480 the resolution is automatically increased by Hitman Pro to 800x600.
- Added browser history crawler to correlate possible malware to visited (black listed) sites. The crawler currently supports Firefox and Internet Explorer.
- Added ability to restore Desktop Wallpaper when repairing the Desktop Wallpaper policy.
- Improved Early Warning Scoring.
- Improved detection of remnants.
- Several minor bug fixes.
Endringer for v3.5 build 86 - v3.5 build 87
- Updated removal technology to handle TDL rootkit version 3.24 (updated variant of the Google Redirect Virus)
- Added initial support for keyboard commands
- Some minor fixes
- Updated internal whitelists
Endringer for v3.5 build 85 - v3.5 build 86
- Ability to fix the Google Redirect Virus (TDL)
- Some minor fixes.
Endringer for v3.5 build 84 - v3.5 build 85
- Added removal of TDL3 rootkit version 3.2 (aka TDL3+).
- This rootkit infects the hard disk driver (usually atapi.sys or iaStor.sys) and redirects Google search results.
- Improved detection and removal of fake/rogue anti-malwares (scareware).
- Fixed a occasional crash while scanning on Windows 7.
- Fixed a crash related to DEP/NX.
- Fixed a rare crash when user closes the window.
- Added a reminder panel when the removal license has expired.
- Remembers Do Not Repair actions.
- Added Destop Wallpaper policy repair.
- Added Portuguese-Brazilian language.
- Updated several language strings.
- Several minor bug fixes.
Endringer for v3.5 build 82 - v3.5 build 84
- Added caching to the Gossip classifier.
- Fixed a problem relating the Winlogon Shell registry value to a threat. The Shell value is reset upon removal of the threat.
- Fixed the empty result view which is related to the 'Report this file as Safe' functionality.
Endringer for v3.5 build 81 - v3.5 build 82
- Fixed a problem reading data from encrypted hard drives.
- Early Warning Scoring (EWS) is no longer on the Settings screen. Also, it is no longer remembered as a default scan. It now needs to be selected manually from the new split button "Next" on the Welcome screen. Note that EWS is not meant to run on a daily basis. It is intended for experts only as it potentially lists non-malware files. EWS can also be used when the Internet connection is disabled or unavailable.
Endringer for v3.5 build 80 - v3.5 build 81
- Added Quarantine and History functionality under Settings.
- Changed the default action to Quarantine on malware items that are recognized by just one AV partner.
- Malware items are excluded from the scan result list when the item was reported by the user as safe and the item was recognized as malware by just one AV partner. The reported as safe item will reappear when the item is classified as malware by two or more AV partners.
- Fixed a problem handling ShellServiceObjectDelayLoad items.
- Vista laptop computers running Intel(R) Turbo Memory Driver iaNvStor.sys cannot use the new disk access mode to detect and remove TDL3 rootkit. This is due to iaNvStor.sys incorrect implementation of specific I/O control codes. Users who suspect a TDL3 infection should disable this specific Intel driver (the iaNvStor.sys is non-essential) and run Hitman Pro again.
- Hitman Pro build 79 and 80 stopped working when this driver was present.
- Removed the Windows 7 Task Bar integration as it causes random program stops. The issue is still under investigation.
- Updated internal whitelists.
Endringer for v3.5 build 79 - v3.5 build 80
- Fixed a problem removing TDL3 rootkit infection from systems with specific third party drivers.
- As of build 79, Hitman Pro is digitally signed with a new Microsoft Authenticode certificate.
Endringer for v3.5 build 78 - v3.5 build 79
- Detects AND removes the TDL3 rootkit.
- Hitman Pro 3.5 is one of the first applications that can remove the TDL3 rootkit.
- Detailed information about TDL3 can be read here.
- Improved alternate disk access mode.
- Improved removal engine.
- Improved behavioral scan engine.
- Fixed a problem with 'Scan with Hitman Pro' checkbox under Settings.
- Updated internal whitelists.
- Added Turkisch language.
Endringer for v3.5 build 76 - v3.5 build 78
- Version 3.5.3
- Added the Compatible with Windows 7 logo. Hitman Pro 3.5 successfully completed Microsoft's testing regime to prove it can be readily installed and run reliably on Windows 7.
- Fixed a problem in handling the $MFT bitmaps.
- Added alternate disk access mode when the default mode (kernel driver) is blocked by a rootkit (some variants of TDSS/Alureon).
- Added detection and removal of malicious autorun files on removable drives.
- Improved scan speed on files that have an authenticode certificate.
- Improved detection and removal of fake/rogue anti-malwares (scareware).
- Improved removal of fake/rogue anti-malware collaterals.
- Used a different counter to determine the total scan time (more accurate).
- Added a timer on the scan window that indicates the scan time.
- Small improvements in screen updates.
- Fixed several translation typos.
- Added Catalan language.
Endringer for v3.5 build 75 - v3.5 build 76
- Version 3.5.2
- Added Winsock repair functionality.
- When Hitman Pro deleted a malicious Winsock LSP protocol driver it now repairs the LSP chain.
- With previous versions, this problem resulted in having Internet connection problems.
- Fixed a problem where specifc directories where not scanned due to non-resident $I30 NTFS-indexes (index fragmentation).
- Improved detection of malicious Mozilla Firefox extensions and plugins.
- Improved detection of malware that starts through a scheduled task (Windows Task Scheduler).
- Fixed a problem with the network enumerator (port scan).
- Added Windows 7 taskbar integration. The progress bar is now also displayed in the Taskbar button.
- This feature works for Windows 7 build 7600 (RTM) or newer only. Version 3.5.2
- Added Winsock repair functionality.
- When Hitman Pro deleted a malicious Winsock LSP protocol driver it now repairs the LSP chain.
- With previous versions, this problem resulted in having Internet connection problems.
- Fixed a problem where specifc directories where not scanned due to non-resident $I30 NTFS-indexes (index fragmentation).
- Improved detection of malicious Mozilla Firefox extensions and plugins.
- Improved detection of malware that starts through a scheduled task (Windows Task Scheduler).
- Fixed a problem with the network enumerator (port scan).
- Added Windows 7 taskbar integration. The progress bar is now also displayed in the Taskbar button.
- This feature works for Windows 7 build 7600 (RTM) or newer only.
Endringer for v3.5 build 73 - v3.5 build 75
- Added the "Show 'Scan with Hitman Pro' on files and folders in Windows Explorer" option under Settings.
- This feature is also known as the much requested 'right-click scan'.
- Note: Scanning a folder does not scan recursively due to volume reasons.
- Updated the internal whitelist.
Endringer for v3.5 build 72 - v3.5 build 73
- Added Macedonian language texts to the user interface.
Endringer for v3.5 build 70 - v3.5 build 72
- Fixed a problem reading a specific fragmented $MFT table which caused a scan to complete under 10 seconds.
- Fixed the inability to disable daily scanning on certain computers in Settings. Thanks to firzen771.
- Fixed determining the initial state of the 'Create restore point' checkbox in Settings.
- Fixed handling high DPI font sizes.
- Added Greek language texts to the user interface. Thanks to Ippokratis.
Endringer for v3.5 build 69 - v3.5 build 70
- Improved detection of zero-day malware.
- Improved detection of auto starting malware.
- Fixed a problem in handling authenticode certificates when malware infected a code signed PE-file.
- 64-bit: Updated the internal whitelist.
Endringer for v3.5 build 68 - v3.5 build 69
- Fixed a problem when scanning during boot.
Endringer for v3.5 build 67 - v3.5 build 68
- Changed Crusader removal tactics to handle specific new rootkits.
- Updated the internal whitelist.
Endringer for v3.5 build 66 - v3.5 build 67
- Added option to report a file as safe. This will also set the default action on that file to "Do not delete" (locally).
- Improved dynamic detection and removal of fake/rogue anti-malware traces.
- Fixed a potential issue which could cause the removal engine not to timeout when removing a particular malicious driver.
- Updated the internal whitelist.
Endringer for v3.5.1.65 - v3.5 build 66
- Fixed a problem in handling cloud responses resulting in files not being uploaded.
- Improved detection and removal of fake/rogue anti-malwares (scareware).
- Fixed a typo in the Estonian language file.
- Added Spanish language to the user interface.
Endringer for v3.5.0.50 RC3 - v3.5.0.59
- Finetuned timeouts concerning Scan Cloud (fixes "Upload failed")
- Added Estonian language texts to the user interface. Thanks to Lauri SC
Endringer for v3.0.0.2715 Beta - v3.0.0.2740 Beta
- Improved removal of malware related registry entries
- Added support for more websites to detect rogue anti-malware (security gossip engine)
- Fixed a minor issue in the multi-threaded object enumerator