HitmanPro
Jump to navigation
Jump to search
Description
HitmanPro is a malware detection application developped by Surfright. HitmanPro is described as a second opinion scanner, designed to rescue your computer from malware (viruses, trojans, rootkits, etc.) that have infected your computer despite all the security measures you have taken (such as anti virus software, firewalls, etc.).
Three excellent characteristics you may appreciate:
- it does not need to be installed (can be run as a standalone executable);
- it supports the command line (CLI);
- it is fast.
Download
Both 32bit and 64bit architectures are supported. To download the 32bit version, follow this link: http://get.hitmanpro.com/
Usage
GUI
CLI
Syntax
Usage: hitmanpro.exe [options] <file or folder>
Options
- /scan
- Immediately initiates a scan of the computer and the program will be visible to the user. The EULA is automatically accepted.
- /quiet
- Implies /scan but immediately initiates a silent scan of the computer. HitmanPro will be visible only in the system tray and a notification balloon is displayed, notifying the user his computer is scanned for malware. :When infections are found, the program will pop up for interaction with the user. The EULA is automatically accepted.
- /scanonly
- Immediately initiates a silent scan of the computer. HitmanPro will be visible only in the system tray. Does not show a notification balloon. Program will not be installed on the local computer (implies /noinstall). The EULA is automatically accepted.
- /quick
- This scan is faster than the regular scan and will only scan load point locations and in memory objects. You typically use the quick scan when you just want to check whether malware is active on the computer.
- /log=<file or folder>
- This will instruct HitmanPro to scan a system silently and export the results to an xml log file to the specified log file folder (typically a network location). No dialogs are displayed to the user.
- Examples:
- HitmanPro36.exe /scanonly /log="Z:\%USERNAME%.xml"
- HitmanPro36.exe /scanonly /log="Z:\%COMPUTERNAME%.xml"
- HitmanPro36.exe /scanonly /log="\\Server\Share\Logs\"
- When specifying a folder as logfile it must end with a \
- When logging to a folder, the file name is constructed using the computer name and a date/time stamp, example: WORKSTATION14_20100428114347.xml
- /ews
- Initiate a scan of the computer with Early Warning Scoring enabled. The results xml will now also contain files that are highly suspicious but are yet unknown to Hotman's Scan Cloud.
- /noupload
- HitmanPro only uploads unknown but suspicious files to the Scan Cloud for virus scanning by Hitman's Malware Analysis systems and their AV partners. If you do not wish to upload any files to the Scan Cloud (because of privacy issues or government policies) you can specify this command-line option.
- Note: The /noupload option will cripple the detection of unique, zero-day or early-life malware.
- /noupdate
- Disable automatic update of the HitmanPro program.
- /noinstall
- Disable copying of the HitmanPro program to the local computer. Disables creation of shortcuts on the local computer.
- /nostartboot
- Disables the installation of the scan at startup component on the local computer.
- /nostartmenushortcut
- Disables the creation of the Start menu folder and shortcuts.
- /nodesktopshortcut
- Disables the creation of the shortcut to the HitmanPro program on the desktop.
- /noremnants
- Overrides and skips the scanning and detection of remnant malware objects. Remnants are files and registry objects that once belonged to a malware infection, but this malware is no longer active on the system.
- /nocookies
- Overrides and skips the scanning and detection of tracking cookies.
- /lic=<product key>
- Automatically activate HitmanPro for the user with the supplied product key.
- /clean
- Automatically quarantine verified malicious files. Implies /scan and /noupdate. If /lic= is not specified it will automatically activate a trial or an embedded license (when allowed and applicable).
- /fb
- Starts HitmanPro in Force Breach mode, which will terminate all non-essential processes – including malware that stops other programs from starting).
- /renew
- Reactivate the existing license to update e.g. the license duration after your Enterprise or Incident license has been extended.
- /sr=<file>
- For experts only! Replaces the first 2 bytes of a file on the disk with SR. This will render a PE file useless.
- Example: HitmanPro36.exe /sr=C:\Windows\driver\malw.sys
- Note: This is a raw write and should only be used on malware files.
Example
Given following architecture (botth machines are running Windows XP SP3):
_____________ _____________ / \ / \ | 192.168.56.2 | <---> | 192.168.56.3 | \_____________/ \_____________/ infected machine psexec
The following command is used from 192.168.56.3 to remotely scan the suspected machine with HitmanPro:
C:\PSTools>PsExec.exe \\192.168.56.2 -u unknown -c hitmanpro.exe /scanonly /log="c:\%COMPUTERNAME%.xml"
After a short while, the scan is finished and following file is generated on the infected machine:
- <Log computer="UNKNOWN-C39FEA7" windows="5.1.3.2600.X86/1" scan="Normal" version="3.7.6.201" date="2013-07-02T10:49:24" timeSpentInSecs="23" filesProcessed="5877"> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Application Data\Mozilla\Firefox\Profiles\xh6ie9cg.default\cookies.sqlite:atdmt.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Application Data\Mozilla\Firefox\Profiles\xh6ie9cg.default\cookies.sqlite:c1.atdmt.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Application Data\Mozilla\Firefox\Profiles\xh6ie9cg.default\cookies.sqlite:oracle.112.2o7.net" /> </Item> - <Item type="Malware" malwareName="Trojan" score="103.0" status="None"> - <Scanners> <Scanner id="Ikarus" name="Trojan-PWS.Win32.Zbot!IK" /> </Scanners> <File path="C:\Documents and Settings\unknown\Bureau\1fa8159447d1629e2e703a9136403100-opomu.exe" hash="FC40BCDC2B5CE4B84C93CF01048F0715910AD25470D8F2799E3B85FB1A2BF264" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@1052825728[2].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\[email protected][1].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@atdmt[1].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\[email protected][2].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@doubleclick[1].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@invitemedia[2].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@serving-sys[1].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Cookies\unknown@smartadserver[1].txt" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:invitemedia.com" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net" /> </Item> - <Item type="Cookie" score="0.0" status="None"> <File path="C:\Documents and Settings\unknown\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net" /> </Item> </Log>