Softpedia >Windows >Antivirus >HitmanPro >  Changelog

HitmanPro Changelog

What's new in HitmanPro 3.8.34.330

Nov 2, 2023
  • FIXED: Delete failed for Firefox cookies.
  • FIXED: Close browsers cookie dialog logic.
  • ADDED: Detection of Chrome Sxs and Chrome Dev cookies.
  • ADDED: Detection of Chrome cookies from different profiles.
  • ADDED: Detection for several Firefox based browser cookies.
  • UPDATED: Edge Chromium icon.
  • KNOWN ISSUE(S): ARM64 browser processes are not closed before scan (yet).

New in HitmanPro 3.8.32.328 (Oct 18, 2023)

  • ADDED: Detection of (hidden) browser processes locking access to the cookie database(s) -> prompt for close browser(s).
  • ADDED: Settings for the Running browsers prompt and the Close browser process.
  • ADDED: ARM64 detection, only 32-bit version should run on ARM64.
  • IMPROVED: 3rd Party tracking-cookie detection (Scan's would show up empty because chromium browsers start blocking access to it while running).
  • UPDATED: Binary is now signed with Sophos LTD code-sign certificate (This might cause trust issues with other 3rd party security software as its new).
  • FIXED: Fixed vulnerabilities in the driver and cookie scan.
  • KNOWN ISSUE(S): ARM64 browser processes are not closed before scan (yet).

New in HitmanPro 3.8.30.326 (Jun 3, 2022)

  • ADDED: Detection of Tarrask malware
  • CHANGED: If a scan cannot complete in "Direct Access Mode" it switches to "Compatible Disk Mode"

New in HitmanPro 3.8.28.324 (Jan 13, 2022)

  • FIXED: Detection and removal of Chrome cookies
  • FIXED: Windows XP Updater
  • CHANGED: Terms and Condition when using HitmanPro for the first time

New in HitmanPro 3.8.26.322 (Dec 24, 2021)

  • ADDED: Detection of Turla malware
  • IMPROVED: Scan speed in certain scenarios
  • CHANGED: Cloud components

New in HitmanPro 3.8.22.316 (Apr 12, 2021)

  • IMPROVED: Malware removal
  • CHANGED: PUA Engine
  • FIXED: Freezing during removal of complex PUA files

New in HitmanPro 3.8.11.300 (May 10, 2019)

  • FIXED: Issue that HitmanPro could not be updated on Windows Vista systems
  • FIXED: A problem that could cause GUI issues on certain Windows versions

New in HitmanPro 3.8.10.298 (May 10, 2019)

  • ADDED: Detection of malware that uses persistence through Windows Platform Apps
  • FIXED: Potential issue that could detect svchost as "Suspicious"
  • IMPROVED: Detection of Potentially Unwanted Programs (PUPs/PUAs)
  • REMOVED: Private Cloud settings in "Proxy" tab
  • INFO: Several minor bug fixes

New in HitmanPro 3.8.00.295 (Jul 4, 2018)

  • FIXED: Removal of Chrome cookies on Windows 10
  • IMPROVED: Performance of the remnant scan

New in HitmanPro 3.8.00.294 (May 30, 2018)

  • FIXED: Uninstall of older HitmanPro version after upgrading to 3.8
  • FIXED: Scheduled Scan if user has no administrative rights
  • FIXED: False Positive on certain Microsoft files
  • FIXED: Force Breach not working on Windows 10
  • FIXED: Detecting PUPs as malware on certain files
  • FIXED: Potential DLL hijacking vulnerability
  • IMPROVED: Detection of Potentially Unwanted Programs (PUPs/PUAs)
  • INFO: Several minor fixes and improvements

New in HitmanPro 3.8.00.292 (Jan 17, 2018)

  • ADDED: Norwegian language
  • IMPROVED: Kovter (fileless malware) detection
  • IMPROVED: Cookie detection in Microsoft Edge and IE (for Windows 10 Fall Creators Update)
  • UPDATED: User interface, matching Sophos colors
  • UPDATED: HitmanPro icon, matching Sophos colors
  • FIXED: Vulnerability in zlib
  • FIXED: Vulnerability in libpng
  • INFO: Several minor fixes and improvements

New in HitmanPro 3.7.20.286 Beta (May 15, 2017)

  • FIXED: Right click scan (Scan with HitmanPro)
  • FIXED: Vulnerability in HitmanPro driver (Kernel Pool Overflow, BSOD)
  • FIXED: Vulnerability in HitmanPro driver (Kernel Pool Overflow, Local Privilege Escalation)
  • FIXED: Vulnerability in HitmanPro driver (Out of bounds read)

New in HitmanPro 3.7.18.284 (May 15, 2017)

  • IMPROVED: Activation mechanism.
  • IMPROVED: Cookie detection.
  • IMPROVED: Detection of Potentially Unwanted Programs (PUPs/PUAs).
  • INFO: Several minor fixes and improvements.

New in HitmanPro 3.7.15 Build 281 Beta (Oct 17, 2016)

  • IMPROVED: Detection and removal for Kovter fileless malware.
  • FIXED: Detection of Cookies for Internet Explorer and Edge.
  • REMOVED: Kickstart functionality.

New in HitmanPro 3.7.14 Build 280 (Sep 23, 2016)

  • ADDED: Detection and removal for Kovter fileless malware.
  • IMPROVED: Detection and removal for Poweliks fileless malware.

New in HitmanPro 3.7.14 Build 276 (Sep 9, 2016)

  • ADDED: Support for computers running Windows 10 Anniversary Update with SecureBoot enabled.
  • IMPROVED: Detection of Potentially Unwanted Programs (PUPs).
  • IMPROVED: Scan performance on some versions of Windows.
  • IMPROVED: Several minor fixes and improvements.
  • INFO: Build aligned with Sophos Clean.

New in HitmanPro 3.7.14 Build 263 (Apr 26, 2016)

  • ADDED: Detection for fileless malware using WMI to hijack your Browser (Yeabests.cc).
  • ADDED: Details of ScriptText used by fileless malware hiding in WMI.
  • FIXED: Problem with Poweliks detection.
  • UPDATED: Internal whitelists.

New in HitmanPro 3.7.13 Build 257 (Feb 25, 2016)

  • FIXED: Save Log button (was broken since build 256).
  • UPDATE: Polish language.

New in HitmanPro 3.7.12 Build 256 (Feb 10, 2016)

  • Added credentials support to proxy pre-authentication
  • Added /proxycred command line switch
  • Added dual code signed signatures (Authenticode) on EXE, DLL and SYS files
  • Added protection against DLL preloading attacks
  • Updated raw registry parser

New in HitmanPro 3.7.12 Build 253 (Jan 21, 2016)

  • Added support for authenticated proxies.
  • Fixed false positive on user32 on 32-bit Windows Vista introduced since Patch Tuesday December 8th (thanks Stupendous Man for reporting).

New in HitmanPro 3.7.10 Build 251 (Nov 3, 2015)

  • IMPROVED: Remnant scanner.
  • IMPROVED: Compatible Disk Access mode.
  • IMPROVED: Scanning Windows Server environments.
  • IMPROVED: Quarantaine.xml formatting.

New in HitmanPro 3.7.10 Build 250 (Oct 9, 2015)

  • FIXED: Tracking Cookie scan for Internet Explorer.

New in HitmanPro 3.7.10 Build 249 (Oct 9, 2015)

  • ADDED: Workaround for KB2999226 on Windows Vista:
  • The files in KB2999226 are digitally signed with the SHA-256 algorithm. Authenticode signatures with SHA-256 digest are not supported on Windows Vista. This resulted in that HitmanPro listed these files as suspicious.

New in HitmanPro 3.7.10 Build 248 (Oct 5, 2015)

  • ADDED: Detection and removal of 'Ads by LaSuperba' malware.
  • See here for example: https://twitter.com/erikloman/status/649967142121701377
  • ADDED: Detection and repair of patched dnsapi.dll (both 32-bit and 64-bit)
  • ADDED: Command line switch /diskmode=compatible|direct.
  • ADDED: Tracking Cookie scan for Microsoft Edge.
  • FIXED: Tracking Cookie scan for Internet Explorer.
  • IMPROVED: Improved Windows 10 compatibility.
  • IMPROVED: Remnant scan.
  • IMPROVED: Cloud lookup performance.

New in HitmanPro 3.7.9 Build 246 (Sep 27, 2015)

  • IMPROVED: Improved Windows 10 compatibility.
  • IMPROVED: Improved Crusader malware removal engine.

New in HitmanPro 3.7.9 Build 245 (Aug 28, 2015)

  • ADDED: Forensic based detection of MultiPlug adware.
  • IMPROVED: Windows 10 support
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.9 Build 242 (Jun 16, 2015)

  • IMPROVED: Remnant scan
  • FIXED: Rare Illegal Instruction exception caused by bug in MSVCR120 on 64-bit system
  • UPDATED: Polish language

New in HitmanPro 3.7.9 Build 241 (May 7, 2015)

  • IMPROVED: Remnant scan, specifically handling of user registry keys

New in HitmanPro 3.7.9 Build 240 (Mar 27, 2015)

  • IMPROVED: Remnant scan
  • IMPROVED: Forensic clustering
  • IMPROVED: Command line switch /proxy is no longer case sensitive
  • FIXED: False positive on jusched.exe

New in HitmanPro 3.7.9 Build 238 (Feb 17, 2015)

  • IMPROVED: Malware removal on Windows 8.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.9 Build 236 (Feb 10, 2015)

  • FIXED: Handling of Proxy Auto-Config (PAC) files.
  • ADDED: Command line switch /proxy=
  • Example: /proxy=http://server/pac.js
  • IMPROVED: Remnant scanner.

New in HitmanPro 3.7.9 Build 234 (Jan 12, 2015)

  • FIXED: Problem introduced in build 233 causing HitmanPro to stop working.

New in HitmanPro 3.7.9 Build 233 (Jan 9, 2015)

  • IMPROVED: Detection and removal of new variant of Reveton ransomware.
  • FIXED: Issue with the Internet Explorer cookie enumerator causing the scan to never finish.
  • FIXED: Issue causing HitmanPro to stop working.

New in HitmanPro 3.7.9 Build 232 (Jan 9, 2015)

  • ADDED: Detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
  • ADDED: Integration of Department Of Justice ransomware user32.dll decrypter.
  • IMPROVED: Detection of local proxy servers.
  • IMPROVED: Removal engine to handle malformed file/folder names.
  • IMPROVED: Detection of malformed registry values.
  • IMPROVED: Removal of specific ZeroAccess variants.
  • FIXED: False positive on user32.dll on Windows 10 Technical Preview.
  • FIXED: Rare crash when user clicked on Activate Free License on machines with specific NVIDIA GeForce driver.

New in HitmanPro 3.7.9 Build 231 Beta (Oct 29, 2014)

  • ADDED: Detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
  • ADDED: Integration of Department Of Justice ransomware user32.dll decrypter
  • IMPROVED: Detection of local proxy servers
  • IMPROVED: Removal engine to handle malformed file/folder names
  • IMPROVED: Detection of malformed registry values
  • IMPROVED: Removal of specific ZeroAccess variants
  • FIXED: False positive on user32.dll on Windows 10 Technical Preview
  • FIXED: Rare crash when user clicked on Activate Free License on machines with specific NVIDIA GeForce driver

New in HitmanPro 3.7.9 Build 229 Beta (Oct 27, 2014)

  • Improved removal engine to handle malformed file/folder names
  • Improved detection of malformed registry values
  • Improved removal of specific ZeroAccess variants

New in HitmanPro 3.7.9 Build 228 Beta (Oct 4, 2014)

  • Added detection and removal of file-less registry-based Poweliks trojan. Both Run and CLSID variants.
  • Added integration of Department Of Justice ransomware user32.dll decrypter
  • Fixed false positive on user32.dll on Windows 10 Technical Preview.
  • Improved detection of local proxy servers

New in HitmanPro 3.7.9 Build 225 (Sep 5, 2014)

  • IMPROVED: Detection for new variant of user32.dll ransomware infection

New in HitmanPro 3.7.9 Build 224 Beta (Aug 27, 2014)

  • ADDED: Detection for new variant of user32.dll ransomware infection

New in HitmanPro 3.7.9 Build 223 Beta (Aug 25, 2014)

  • IMPROVED: Multiple improvements to scanning autorun entries on 64-bit systems
  • IMPROVED: NTFS reader
  • UPDATED: Embedded white lists

New in HitmanPro 3.7.9 Build 221 (Jul 16, 2014)

  • FIXED: User32.dll false positive related to reading from specific encrypted filesystems
  • FIXED: Support for Windows 2003 64-bit and XP 64-bit
  • IMPROVED: Closing of Chrome when removing cookies
  • CHANGED: Restore point is no longer created when removing cookies only

New in HitmanPro 3.7.9 Build 220 (Jun 30, 2014)

  • IMPROVED: Removal of malware files with specific DACL.
  • FIXED: Restore point creation during silent operation.
  • FIXED: False positive detection of user32.dll on encrypted file systems.

New in HitmanPro 3.7.9 Build 219 (Jun 23, 2014)

  • ADDED: Detection of user32.dll infected system files.
  • IMPROVED: Repair of infected system files
  • IMPROVED: MBR rootkit detection
  • IMPROVED: Remnant detection
  • IMPROVED: Application termination while processing JSON files
  • IMPROVED: Portuguese language
  • ADDED: Croatian language
  • UPDATED: Embedded white lists

New in HitmanPro 3.7.9 Build 216 (Mar 29, 2014)

  • FIXED: Applications started with a delay while HitmanPro was running and Alert was installed.

New in HitmanPro 3.7.9 Build 215 (Mar 28, 2014)

  • FIXED: Automatic update was not working on small number of systems.

New in HitmanPro 3.7.9 Build 214 (Mar 26, 2014)

  • ADDED: Detection for compromised Start Page en Search Engines in Google Chrome
  • ADDED: Initial support for HitmanPro.Alert 3 integration
  • FIXED: Application termination during Remnant scan
  • FIXED: Scan stuck at 99% classification caused by a malformed Firefox prefs.js
  • IMPROVED: Potentially Unwanted Programs (PUP) scanner for Internet Explorer, Firefox and Google Chrome
  • IMPROVED: Google Chrome now automatically closes gracefully when deleting cookies
  • IMPROVED: Removal of malware hijacking web browser shortcuts
  • IMPROVED: Detection of profile location of Firefox
  • IMPROVED: Auto resizing display resolution when screen is smaller than 800x600
  • IMPROVED: Windows Task Scheduler 2.0 support
  • CHANGED: Potentially Unwanted Programs (PUPs) are now default set to Delete (was previously set to Ignore). This due to overwhelming number of helpdesk questions.
  • UPDATED: End User License Agreement 1.2. Conditions for use of the Free License have changed.

New in HitmanPro 3.7.9 Build 212 (Jan 30, 2014)

  • Includes the changes from the previous Beta version
  • UPDATED: 64-bit version now uses SSE2 instruction set

New in HitmanPro 3.7.9 Build 211 Beta (Jan 27, 2014)

  • IMPROVED: Ransomware detection through forensic clustering
  • IMPROVED: Forensic clustering algorithm
  • IMPROVED: Remnant scan to repair web browser shortcuts
  • IMPROVED: Scanning of Start Menu items on Vista, Windows 7 and 8
  • ADDED: Internet Explorer start page and search engine to remnant scan
  • ADDED: Firefox Prefs.js to remnant scan
  • ADDED: Repair for disabled Command Prompt
  • FIXED: Tab handling in trial request dialog
  • FIXED: Problem parsing AppInit_DLLs registry value
  • FIXED: Crash when the scan stumbles on a specific crafted file
  • UPDATED: Botan crypto library

New in HitmanPro 3.7.8 Build 208 (Oct 31, 2013)

  • IMPROVED: Keyboard handling in Kickstart boot menu. On some BIOSes a key press was not detected.
  • IMPROVED: Kickstart boot loader now auto continues after 10 seconds when no option was chosen.
  • IMPROVED: Small textual changes in Kickstart boot menu.
  • IMPROVED: SanDisk USB flash drive handling.
  • UPDATED: Kickstart 2.3.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.8 Build 207 (Oct 15, 2013)

  • FIXED: Kickstart now recognizes all 'SanDisk Cruzer' USB flash drives as removable drives; new SanDisk Cruzer USB-sticks have their fixed disk bit set instead of removable drive.
  • FIXED: A problem related to outputting number of detected files and traces
  • FIXED: Detection of Sophos SafeGuard MBR boot loader.
  • IMPROVED: Forensics-based universal detection of the Sinowal/Torpig Trojan.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.7 Build 205 (Aug 28, 2013)

  • Includes changes from the previous Beta versions

New in HitmanPro 3.7.7 Build 205 Beta (Aug 26, 2013)

  • FIXED: Processing of ShellServiceObjectDelayLoad startup entries.
  • FIXED: Processing of Task Scheduler jobs.

New in HitmanPro 3.7.7 Build 204 Beta (Aug 16, 2013)

  • ADDED: Forensics-based universal detection of the Sinowal/Torpig Trojan.
  • IMPROVED: Compatibility with TeaTimer from Spybot S&D.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.7 Build 203 (Aug 5, 2013)

  • FIXED: On some hardware the default Direct Disk Access scanning method caused the PC to become less responsive.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.7 Build 202 (Aug 5, 2013)

  • IMPROVED: Forensic clustering. In previous build, the cluster information was sometimes not available.
  • IMPROVED: Zeus/Zbot behavioral-based detection.
  • IMPROVED: Fixed various small issues.
  • ADDED: In-cloud malware intelligence from Kaspersky Lab.

New in HitmanPro 3.7.6 Build 201 (Jun 3, 2013)

  • ADDED: Repair for NTFS Symbolic Links placed by ZeroAccess on Windows Defender and Microsoft Security Essentials. Now repairs folders and corresponding files in Winsxs folders as well. In addition, ACL security is reset.
  • IMPROVED: Detection of zero-day ransomware through forensic clustering.
  • IMPROVED: Java exploit drive-by-download detection through forensic clustering.
  • FIXED: Unexpected termination of HitmanPro during remnant scan on computers with FAT32 system volume.

New in HitmanPro 3.7.6 Build 201 Beta (May 31, 2013)

  • ADDED: Repair for NTFS Symbolic Links placed by ZeroAccess on Windows Defender and Microsoft Security Essentials. Now repairs folders and corresponding files in Winsxs folders as well. In addition, ACL security is reset.
  • FIXED: Unexpected termination of HitmanPro during remnant scan on computers with FAT32 system volume.

New in HitmanPro 3.7.5 Build 200 Beta (May 29, 2013)

  • IMPROVED: Detection of zero-day ransomware through forensic clustering.
  • IMPROVED: Java exploit drive-by-download detection through forensic clustering.

New in HitmanPro 3.7.5 Build 199 (May 25, 2013)

  • FIXED: Suspicious classified items set to Quarantine were not removed after pressing Next button.

New in HitmanPro 3.7.5 Build 197 (May 24, 2013)

  • Includes all the changes from the previous Beta versions

New in HitmanPro 3.7.5 Build 197 Beta (May 23, 2013)

  • ADDED: Bootkit Gapz removal via Kickstart.
  • FIXED: On some computers keyboard was unresponsive in Kickstart BIOS Boot Menu
  • UPDATED: Kickstart 2.2

New in HitmanPro 3.7.5 Build 196 Beta (May 17, 2013)

  • ADDED: Java exploit drive-by-download detection through forensic clustering.
  • IMPROVED: Forensic clustering.
  • IMPROVED: Detection of zero-day ransomware through forensic clustering.
  • IMPROVED: Detection and removal of malware starting via Command Processor (cmd.exe).
  • IMPROVED: Remnant scanner.

New in HitmanPro 3.7.3 Build 194 (Apr 15, 2013)

  • IMPROVED: File remnant scanner detects more remnants.

New in HitmanPro 3.7.3 Build 194 Beta (Apr 12, 2013)

  • FIXED: HitmanPro driver leaked some nonpaged kernel memory when scanning in Direct Disk Access mode.
  • IMPROVED: Minor improvements to Compatible Disk Access mode.
  • IMPROVED: Detection of zero-day Urausy ransomware through forensic file clustering.

New in HitmanPro 3.7.4 Build 193 Beta (Apr 2, 2013)

  • IMPROVED: Detection of zero-day Urausy ransomware through forensic file clustering.
  • FIXED: HitmanPro stopped working when it encountered a particular forensic cluster.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.3 Build 192 Beta (Mar 28, 2013)

  • ADDED: Removal of child pornography images dropped by Urausy ransomware.
  • ADDED: Detection of zero-day Urausy ransomware through forensic file clustering.
  • ADDED: Kickstart hardening to protect HitmanPro processes from Winwebsec malware family.
  • Use Kickstart against Disk Antivirus Professional, AVASoft Antivirus Professional or other rogue antiviruses.
  • IMPROVED: Forensic file clustering speed.
  • IMPROVED: Reduced memory usage during forensic file clustering.
  • IMPROVED: Processing of registry key values.
  • FIXED: On some BIOSes, when booting with Kickstart, Windows loader would hang with either frozen screen or blinking cursor.
  • UPDATED: Kickstart Bootstrap loader 2.1.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.2 Build 190 (Mar 1, 2013)

  • IMPROVED: Kickstart blocking ransomware stealing the desktop from HitmanPro.
  • UPDATED: Kickstart Bootstrap loader 1.3.
  • ADDED: Norgwegian language.

New in HitmanPro 3.7.2 Build 189 (Feb 25, 2013)

  • ADDED: Kickstart blocks ransomware stealing the desktop from HitmanPro.
  • ADDED: Kickstart blocks "Image File Execution Options" hijacking.
  • ADDED: Kickstart lists the file that was added 'Most Recent as Startup' as suspicious.
  • ADDED: Kickstart keeps track of processes that are started during boot.
  • ADDED: VirusTotal API key is now embedded so it is no longer needed to register an account.
  • ADDED: /excludefile command line option to exclude files and folders from the scan.
  • ADDED: Text Log File now shows number of encountered files that were excluded from the scan.
  • ADDED: Detailed file view now shows parent process name as property.
  • ADDED: Detailed file view now lists both local and remote network connections
  • FIXED: Reveton ransomware detection caused false postives.
  • FIXED: Network Port enumerator now lists listening ports correctly.
  • FIXED: On some systems HitmanPro shuts down unexpectedly at end of scan.
  • IMPROVED: Force Breach process filtering.
  • IMPROVED: License activation retry mechanism.
  • UPDATED: Kickstart Bootstrap loader 1.2.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.2 Build 188 (Feb 6, 2013)

  • ADDED: NTFS Timeline Forensics to cluster malware related files and establish malware infection timeline.
  • ADDED: Detection of zero-day Reveton ransomware through file clustering.
  • ADDED: Repair of non-existing Winlogon startup entries.
  • ADDED: Complete removal of ZeroAccess 'recycler variant'.
  • IMPROVED: Removal of malware hijacking Winmgmt service.
  • IMPROVED: File remnant scanner detects more remnants.
  • IMPROVED: Detection of malware starting through Winlogon.
  • IMPROVED: Proxy is set to NoProxy when Kickstart started HitmanPro at Winlogon desktop.
  • IMPROVED: Parsing of Run entries.
  • IMPROVED: Services enumerator.
  • IMPROVED: Raw registry parser.
  • FIXED: Portuguese language.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.1 Build 186 (Jan 24, 2013)

  • ADDED: "Erase USB flash drive" to context menu in Kickstart dialog. This removes the Kickstart boot loader from the USB flash drive.
  • ADDED: Kickstart dialog now shows size of selected USB flash drive.
  • FIXED: White listed Master Boot Record (MBR) of RollbackRX and EAZ-FIX.
  • FIXED: Compatibility LaCie Wuala Cloud Storage file system driver.
  • UPDATED: Internal white lists.

New in HitmanPro 3.7.0 Build 185 (Dec 21, 2012)

  • FIXED: Some applications were incorrectly classified as Suspicious.
  • UPDATED: Embedded white lists.

New in HitmanPro 3.7.0 Build 184 (Dec 21, 2012)

  • ADDED: Upgrade version 3.6 to version 3.7.

New in HitmanPro 3.7.0 Build 183 (Dec 18, 2012)

  • FIXED: On some systems, booting from Kickstart USB flash drive resulted in blinking cursor.
  • UPDATED: Kickstart bootstrap loader to version 1.1.
  • UPDATED: Bulgarian language.

New in HitmanPro 3.7.0 Build 182 (Dec 13, 2012)

  • IMPROVED: Zero-day Zbot/Citadel detection through behavioral scan.
  • IMPROVED: Zero-day Reveton/Weelsof ransomware detection through behavioral scan.
  • IMPROVED: Error handling while creating Kickstart USB flash drive.
  • IMPROVED: Auto Force Breach while booting via Kickstart.
  • FIXED: Small USB flash drives (< 1GB) threw error 112 while creating Kickstart bootable USB flash drive on XP.

New in HitmanPro 3.7.0 Build 181 (Dec 11, 2012)

  • FIXED: On some systems a scan froze the computer.
  • FIXED: On some systems a scan never finished while classifying kept hovering around 99%.
  • FIXED: Creating Kickstart USB flash drive under XP failed most of the time causing unusable Kickstart USB flash drive. This problem did not occur under Windows 7 or 8.
  • FIXED: Windows showed a weird error dialog on Kickstart dialog on systems with floppy drive.
  • FIXED: Shell Integration was not working.
  • FIXED: Scheduler was not working.
  • IMPROVED: Removal of rootkit Necurs under 64-bit Windows.
  • See also: http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
  • IMPROVED: Messaging to the user while creating Kickstart USB flash drive. Now showing an error dialog when creation of the Kickstart USB flash drive has failed.
  • IMPROVED: Various minor improvements.
  • UPDATED: Swedish and Portugues languages.

New in HitmanPro 3.7.0 Build 179 (Dec 4, 2012)

  • ADDED: HitmanPro.Kickstart to easily remove ransomware using USB flash drive.
  • ADDED: Flying Kick icon on the Welcome screen.
  • Click this icon to turn any existing USB flash drive into a bootable HitmanPro.Kickstart USB flash drive.
  • ADDED: Zero-day detection of ransomware through behavioral scan.
  • ADDED: Zero-day detection of Zbot infections through behavioral scan.
  • ADDED: Automatic creation of log files.
  • ADDED: Logs under Settings, History where you can view the created log files.
  • ADDED: /nologs command line option.
  • ADDED: Scan for specific recent files (part of remnant scan).
  • ADDED: NoViewContextMenu policy repair.
  • IMPROVED: Removal of ZeroAccess (Sirefef) infected services.exe on 64-bit systems.
  • IMPROVED: NTFS parser. On some systems HitmanPro processed too many files due to incorrectly parsing specifc NTFS records. These systems should see an improvement in scan speed.
  • IMPROVED: Crusader to replace infected critical system files with clean original versions.
  • IMPROVED: Remnant scanner.
  • IMPROVED: Parsing of registry keys related to the Windows Shell (XP).
  • FIXED: On some systems HitmanPro unnecessarily restarted explorer.exe.
  • UPDATED: Support driver.
  • UPDATED: German, French, Spanish, Italian, Russian and English languages.

New in HitmanPro 3.6.2 Build 174 (Nov 12, 2012)

  • IMPROVED: Detection of Symmi malware.
  • IMPROVED: Detection of malware that starts through Scheduled Tasks.
  • IMPROVED: Operations on Boot Configuration Data (BCD) are now handled by Crusader service.
  • FIXED: On some systems the Settings dialog was blank.
  • UPDATED: Internal white lists

New in HitmanPro 3.6.2 Build 173 (Oct 25, 2012)

  • FIXED: Force Breach was broken in build 171.
  • FIXED: HitmanPro process sometimes lingered during quiet command line scans.
  • FIXED: /pup command line switch was not working.
  • FIXED: Compatibility issue with Ashampoo firewall (32-bit only)
  • IMPROVED: Detection of ransomware.
  • IMPROVED: Bootkit detection.
  • IMPROVED: Scheduler.
  • IMPROVED: Various improvements to command line based scans.
  • IMPROVED: Various minor improvements.

New in HitmanPro 3.6.2 Build 171 (Oct 11, 2012)

  • FIXED: /lic command line switch was broken.
  • IMPROVED: PE header anomaly detection.
  • UPDATED: Portugues language.

New in HitmanPro 3.6.2 Build 168 (Oct 10, 2012)

  • ADDED: Windows 8 RTM support.
  • ADDED: Windows Server 2012 support
  • ADDED: Scan and clean registry of unloaded user profiles.
  • ADDED: Scan for Potentially Unwanted Programs (PUP). Default action is Ignore.
  • ADDED: Settings for Potentially Unwanted Programs.
  • ADDED: Action to hide Potentially Unwanted Program family.
  • ADDED: Apply actions to items of same family or classification.
  • ADDED: Detection for RTLO unicode filename spoofing.
  • ADDED: Detection for malware hiding its source executable filename from process memory.
  • ADDED: Reset Settings to revert to default settings, reset reported false positives and ignored items.
  • ADDED: Application exits with code 7 when a license error has occured.
  • ADDED: XML Log now contains Cookie and PUP in attribute type.
  • ADDED: Command line switch /logtype=txt|xml.
  • ADDED: Command line switch /nopups. Note: /noremnants implies /nopups.
  • ADDED: Command line switch /deactivate.
  • FIXED: Command line swich combination /quiet /lic no longer show message box when activation has failed.
  • FIXED: On some systems the scan for remnants never ended due to malformed NTFS record.
  • IMPROVED: Detection of ransomware starting through LNK files.
  • IMPROVED: Scoring on executables requiring elevation.
  • IMPROVED: Gossip cloud classifier now uses Bing Azure.
  • IMPROVED: ASLR detection on Services.exe.
  • IMPROVED: Removal of new ZeroAccess CLSID variant.
  • IMPROVED: Handling of Volume Boot Record (VBR).
  • IMPROVED: Repair of disabled Task Manager policies.
  • IMPROVED: Command line switch /log=file.txt exports log in text format.
  • IMPROVED: Uninstall procedure.
  • UPDATED: Internal embedded white lists.
  • REMOVED: Windows 8 Release Preview embedded white list
  • REMOVED: Windows 8 Consumer Preview embedded white list

New in HitmanPro 3.6.1 Build 164 (Aug 11, 2012)

  • IMPROVED: Made a minor change to the Behavioral Scan, regarding the detection of executable files that do not mention their disk location in memory.
  • FIXED: A bug introduced in build 163 caused the reboot function not to work properly.

New in HitmanPro 3.6.1 Build 163 (Jul 27, 2012)

  • ADDED: New Text File Log export format which is useful for posting scan logs in forums.
  • ADDED: Save Log hyperlink is available directly after scan (before removal).
  • ADDED: Support for displaying huge number of items in the Scan Results view.
  • ADDED: WFP chevron on infected critical systems files. As always, these files will be replaced by clean safe versions.
  • FIXED: Boot Configuration Data (BCD) settings were only fixed when a Bootkit was removed. Now HitmanPro always checks BCD and offers repair when misconfiguration (by malware) was detected.
  • IMPROVED: Removal of the Cidox VBR Rootkit.
  • IMPROVED: Deployment of the temporary HitmanPro Support Driver.
  • IMPROVED: Greatly improved performance of the Scan Results view.
  • IMPROVED: Several other but minor improvements.
  • CHANGED: The rows in the Scan Results view can no longer be expanded/collapsed. Instead if you highlight an item in the view it will show the vendor classification (click to show classification).
  • CHANGED: Double click on an item in the Scan Results view will show the More Information panel (if available).
  • CHANGED: Removed gradients in the Scan Results view to streamline with the rest of the GUI.

New in HitmanPro 3.6.0 Build 160 (Jun 25, 2012)

  • ADDED: Detection and removal of ZeroAccess/Sirefef services.exe variant.
  • More info in our blog.
  • ADDED: Detection of ASLR stripped files (cause by malware infection).
  • ADDED: Detection of TLS callback on system files (caused by malware infection).
  • IMPROVED: Removal of ZeroAccess/Sirefef related files and folders.
  • IMPROVED: Remnant scan.

New in HitmanPro 3.6.0 Build 159 (Jun 21, 2012)

  • ADDED: Windows 8 Release Preview support.
  • ADDED: Detection and removal of XULRunner redirect scripts.
  • ADDED: /fb command line switch to perform Force Breach.
  • ADDED: HitmanPro switches the desktop to ensure visibility.
  • Some Ransomware use a dedicated desktop to prevent applications from popping up.
  • IMPROVED: Force Breach to kill more processes.
  • IMPROVED: Force Breach now works under SYSTEM or SERVICE account.
  • IMPROVED: Detection and removal of ZeroAccess/Sirefef CLSID variant.
  • IMPROVED: Improved removal of MaxSS bootkit.
  • IMPROVED: Improved Volume Boot Record (VBR) handling.
  • FIXED: A problem where Default scheduled scan would not scan for cookies.
  • FIXED: SafeBoot Minimal was not working.
  • FIXED: Behavioral scoring on WOW64 uninstall keys.
  • FIXED: Compatibility issue with Dataplex caching software from NVELO.
  • UPDATED: Portugues language.
  • UPDATED: Internal white lists.

New in HitmanPro 3.6.0 Build 156 (May 11, 2012)

  • ADDED: XPAJ bootkit (MBR) detection and removal.
  • ADDED: Yurn bootkit (MBR) detection and removal.
  • ADDED: Detection and removal of Volume Boot Record (VBR) bootkits.
  • ADDED: Detection and removal Cidox, Mayachok, Rovnix bootkit.
  • ADDED: Master Boot Record details (under More Information).
  • ADDED: Portuguese language.
  • IMPROVED: Removal of Necurs rootkit.
  • IMPROVED: Pre-boot malware removal engine.
  • IMPROVED: Various minor improvements.
  • UPDATED: Internal white lists

New in HitmanPro 3.6.0 Build 153 (Apr 19, 2012)

  • ADDED: Behavioral scan now detects spoofed memory mapped file names.
  • IMPROVED: Several minor user interface issues.
  • FIXED: Solved a time zone issue when validating the license.
  • UPDATED: Internal white lists.

New in HitmanPro 3.6.0 Build 152 (Apr 13, 2012)

  • NEW: Bitdefender logo.
  • IMPROVED: Bootkit detection heuristic.
  • IMPROVED: Direct Disk Access handling.
  • IMPROVED: Handling of GPT disks.
  • IMPROVED: Scheduler starts a scan when it has missed its time window (thanks Adric).
  • IMPROVED: Scheduler performs Default scan when the last Default scan was at least 30 days ago.
  • FIXED: Solved a problem where HitmanPro would keep scanning indefinitely.
  • FIXED: Solved a problem where HitmanPro could not overwrite an existing activation license due to changed file attributes.
  • FIXED: Solved a problem handling the license files.
  • FIXED: Solved a problem handing the 'no proxy' setting.
  • Updated internal white lists.

New in HitmanPro 3.6.0 Build 151 (Mar 29, 2012)

  • IMPROVED: Detection and removal of MBR bootkits.
  • INFO: Hitman Pro is called HitmanPro. On Twitter use #HitmanPro.
  • Several other minor improvements.

New in HitmanPro 3.6.0 Build 148 (Mar 15, 2012)

  • NEW: Added detection and removal of Sinowal.knf rootkit (aka Mebroot, Torpig).
  • This rootkit was served through the Dutch NU.nl news site on March 14, 2012 from 11:30 till 13:42.
  • IMPROVED: Crusader malware removal engine to counter watchdogs.
  • IMPROVED: Detection and removal of 64-bit variant of ZeroAccess (aka Sirefef).
  • Detects and removes the Desktop.ini ZeroAccess files in the assembly folder.
  • INFO: Hitman Pro is called HitmanPro. On Twitter use #HitmanPro.
  • Several other minor improvements.

New in HitmanPro 3.6.0 Build 146 (Mar 2, 2012)

  • Support for Windows 8 Consumer Preview.
  • IMPROVED: Crusader malware removal engine.
  • Added Crusader kernel assist to prevent malware watchdogs to redeploy.
  • IMPROVED: Removal of new 64-bit variant of ZeroAccess (aka Sirefef).
  • This new variant re-infects the SubSystems registry key on reboot using Netsvcs.
  • IMPROVED: Winsock LSP repair.
  • IMPROVED: Remnant scan.
  • IMPROVED: Authenticode classifier.
  • IMPROVED: Hosts file repair. Now detects BOM obfuscation.
  • FIXED: VirusTotal integration. Now uses Public API version 2.0.
  • UPDATED: Tracking cookies now show browser icon (IE, Firefox, Chrome).
  • UPDATED: Scheduler.
  • UPDATED: Embedded black lists.
  • UPDATED: Embedded white lists.
  • UPDATED: Language strings.
  • INFO: Version 3.5 is automatically upgraded to 3.6 in the next couple of days.
  • INFO: Hitman Pro is called HitmanPro. On Twitter use #HitmanPro.
  • Several other minor improvements.

New in HitmanPro 3.6.0 Build 138 (Dec 29, 2011)

  • FIXED: On Windows XP the Shell Integration caused the desktop to lock when right clicking in Start Menu or Quick Launch.
  • FIXED: Scan at Startup performed Quick Scan when setting was set on Default Scan.
  • FIXED: 'File objects scanned' incorrectly reported the number of file objects scanned.

New in HitmanPro 3.6.0 Build 137 (Dec 26, 2011)

  • Hitman Pro is now called HitmanPro. On Twitter use #HitmanPro.
  • NEW: Added Scanning for Malware Remnants.
  • This new feature scans the File System and Registry for common malware related paths (files, folders, keys). The Remnant Scan combines a multi-threaded local scan with cloud based confirmation. In 3.6.0 we are detecting only a few hundred remnants; more will be added to the cloud in the coming weeks. We are still fine tuning the tooling on the backend.
  • NEW: Added new Scheduler to allow scanning Daily, At Startup, Mon, Tue, Wed, Thu, Fri, Sat, Sun at specific times. The scheduler is a process called hmpsched.exe.
  • NEW: Shell integration by using a Shell Extension which adds an icon to the context menu and also allows multiple selected files to be scanned.
  • NEW: Added 'Goto location' to context menu to highlight the file in Windows Explorer.
  • NEW: Added 'Show information' to context menu to expose more internal information to the end user. Tip: the information can be copy-pasted.
  • NEW: Added third opinion scan using VirusTotal.
  • To use this feature you enter your personal VirusTotal Public API Key on the Advanced tab under Settings.
  • NEW: Added detection for files signed with weak Authenticode signatures (RSA 512-bit keys).
  • NEW: Added chevrons to highlight items in the result list that are running [PID] or start by [Run], [Service] or [Driver].
  • NEW: Added detection and repair for the HOSTS file that was altered by malware.
  • NEW: Added /clean command line switch to automatically quarantine and remove malware.
  • NEW: Added the option to disable the automatic upload of suspicious files to the Scan Cloud.
  • IMPROVED: Cloud Assisted Miniport Hook Bypass.
  • IMPROVED: Detection and removal of Sinowal, Mebroot rootkit.
  • IMPROVED: Removal of TDL4 (and variants) on systems where Boot Configuration Data (BCD) was persistently malformed by TDL4. Removing TDL4 from those systems could cause a non-bootable system (BSOD). HitmanPro now repairs BCD before removing TDL4 (or variants).
  • IMPROVED: NTFS Parser to work better with heavily fragmented files.
  • IMPROVED: Direct Disk Access now always scans using the lowest possible level.
  • IMPROVED: Firefox and Chrome cookie scan.
  • CHANGED: For regular users Early Warning Scoring (EWS) is no longer available from the Next button. Expert users can re-enable the EWS scan mode on the Advanced tab under Settings.
  • INFO: 3.6.0 is currently only available in English.

New in HitmanPro 3.5.9 Build 131 (Oct 28, 2011)

  • Updated internal embedded whitelists.

New in HitmanPro 3.5.9 Build 130 (Sep 28, 2011)

  • Improved detection of RDP Worm Morto.
  • Improved detection of Sinowall/Mebroot.

New in HitmanPro 3.5.9 Build 129 (Aug 10, 2011)

  • Detects and removes latest ZeroAccess rootkit.
  • Improved detection of Sinowall rootkit.
  • Improved removal of 64-bit version of ZeroAccess rootkit.
  • Improved kernel-mode guard to block code injection attacks on Hitman Pro scan and removal process.
  • Improved Cloud Assisted Miniport Hook Bypass to support detection of detours.
  • Improved Crusader's watchdog.
  • Added Romanian language.

New in HitmanPro 3.5.9 Build 127 (Jul 16, 2011)

  • Added detection and removal of the ZeroAccess rootkit. Read our blog for more information.
  • Added kernel mode guard to block code injection attacks on Hitman Pro scan and removal process.
  • Added DACL monitor on Hitman Pro executable.
  • Added 'Follow us on Twitter' button on Welcome pane.
  • Added license information bar above the navigation buttons.
  • Added Proxy tab under Settings.
  • Fixed a bug regarding the auto activation of the free license.
  • Fixed several minor GUI issues.
  • Updated Swedish language.

New in HitmanPro 3.5.9 Build 126 (Jul 8, 2011)

  • Detects and removes Popureb rootkit.
  • Various stability improvements.

New in HitmanPro 3.5.9 Build 125 (Jun 20, 2011)

  • Fixed a crash while scanning miniport drivers on FAT32 filesystems.
  • Updated SQLite library.

New in HitmanPro 3.5.9 Build 124 (Jun 18, 2011)

  • Version 3.5.9
  • Added Cloud Assisted Miniport Hook Bypass feature. Read our blog for more information.
  • Added Mebroot/Sinowal detection and removal.
  • Added removal of new variant of Trojan Vundo.
  • Added Master Boot Record (MBR) protection when restoring infected MBR to counter rootkit watchdogs.
  • Added repair for BCD testsigning. Testsigning is a feature of 64-bit Windows that, when enabled, allows loading of non-signed drivers on 64-bit Windows. Testsigning is typically abused by 64-bit bootkits.
  • Added Registration on Setup dialog.
  • Improved corrupted/damaged file handling.
  • Improved removal of malware files that change their file security.
  • Hitman Pro won't check for a program update when the last check was less than 2 hours ago.
  • Fixed a crash that was caused by a bug introduced in build 121 (64-bit only).
  • Fixed a crash when Compatible Disk Mode was selected and the cloud uploader failed to get access to the file.
  • Fixed a displaying problem when a filename was too long causing visual overlap.
  • Fixed a problem during activation of a new key when the license files were read-only.
  • Close button is now disabled during malware removal process.
  • Product Activation is now performed on a separate thread.
  • Several minor user interface improvements.
  • Updated Brazilian-Portuguese language (thanks Bruno).
  • Updated internal embedded whitelist.

New in HitmanPro 3.5.8 Build 121 (Jun 1, 2011)

  • Added detection and removal of latest TDL4 bootkit.
  • Improved behavioral scan.
  • Improved removal engine.
  • Added Indonesian language.
  • Updated Czech language.

New in HitmanPro 3.5.8 Build 119 (Mar 22, 2011)

  • Added support for Windows 7 and 2008 Service Pack 1.
  • Improved method of replacing infected system files.
  • Updated internal embedded white list.
  • Added Bulgarian language.
  • Updated Swedish language.

New in HitmanPro 3.5.8 Build 118 (Dec 17, 2010)

  • Added ability to change values in raw registry hives (bypassing Windows APIs).
  • Improved the removal of rootkit drivers that are set to start at boot.
  • Improved scan speed (5-15% on traditional hard disks).
  • Added ability to repair an invalid security zone. An invalid zone prohibits running ActiveX controls on for example the Microsoft Management Console.
  • Added ability to repair the NoFolderOptions policy.
  • Changed the default "Delete" action label on infected critical system files into "Replace". The old text confused some users. Please note that Hitman Pro never deletes critical system files or the master boot record. By design, Hitman Pro replaces (when available) infected files or code with verified clean safe versions and data.
  • Changed the "Do not delete" label into "Ignore".
  • Fixed a bug where the command line arguments did not propagate after an update. This could result in the Hitman Pro window to appear while scanning silently.
  • Removed the AV Ballot window.
  • Added Buy Now button on Free/Trial license.
  • Updated End-User License Agreement (EULA): The "Free License" permits you to use one copy of the Software solely for personal, noncommercial purposes.

New in HitmanPro 3.5.7 Build 117 (Dec 17, 2010)

  • Fixed the check box under Settings related to the LNK exploit protection
  • Updated German language
  • Updated Polish language.
  • Updated internal embedded whitelist.

New in HitmanPro 3.5.7 Build 116 (Oct 13, 2010)

  • Added support for Alternate Data Streams (ADS).
  • Added new Setup dialog that is displayed after the EULA.
  • Users using Hitman Pro from an USB stick no longer have to use the /noinstall switch.
  • Improved Early Warning Scoring related to gossip classifier which improves detection of 0-day rogues.
  • Fixed occasional product activation problems.
  • Fixed a problem where the Scan at startup would not honor the Default scan mode.
  • Updated Botan crypto library.
  • Updated libpng library.
  • Updated SQLite library.
  • Updated several translations.
  • Several minor improvements.
  • Add new command line switches for corporate environments:
  • /nostartboot - does not install the 'Scan at startup' component
  • /nostartmenushortcut - does not create start menu shortcuts
  • /nodesktopshortcut - does not create desktop shortcut

New in HitmanPro 3.5.6 Build 115 (Sep 11, 2010)

  • Contains complete removal of 'Here You Have' worm.
  • Added process hardening to Hitman Pro's malware removal service (Crusader).
  • Improved detection and removal of malware related registry keys.
  • Improved detection and removal of malware starting through Autorun.inf.
  • Improved cloud communication so that it reverts to fixed IPs when DNS queries are compromised by malware.
  • Fixed a problem resetting the ACL on malware files.
  • Fixed 'Scan at startup' setting so that 'Scan method' is now remembered.
  • Added /lic=PRODUCTKEY command line switch which is useful in corporate environments.
  • Several minor improvements.

New in HitmanPro 3.5.6 Build 112 (Aug 31, 2010)

  • Added support to remove the latest TDL3 rootkit from the Master Boot Record (sector 0) on 32-bit and 64-bit versions of Windows.

New in HitmanPro 3.5.6 Build 111 (Aug 27, 2010)

  • Improved Force Breach (thanks Sky69).
  • Several other minor improvements.

New in HitmanPro 3.5.6 Build 110 (Aug 23, 2010)

  • Removes new variant of Bamital/Drooptroop trojan that is infecting explorer.exe and winlogon.exe or wininit.exe.
  • Improved detection of infected system files protected by Windows File Protection.
  • Improved replacement of infected system files with clean original versions.
  • Improved handling of 16-bit MS-DOS files.
  • Improved detection and removal of specific malware starting as library (DLL).
  • Improved Early Warning Scoring (EWS) regarding malware faking file dates.
  • Fixed a problem updating uninstall information (date and version).

New in HitmanPro 3.5.6 Build 109 (Aug 4, 2010)

  • Added universal detection of the LNK vulnerability.
  • Added automatic disabling of the Hitman Pro LNK Exploit Protection when Windows is not vulnerable for attacks abusing the LNK vulnerability. Ex. when Security Update KB2286198 (MS10-046) is installed.
  • Note: Since Microsoft no longer supports Windows 2000 and Windows XP RTM, SP1 and SP2, the Hitman Pro LNK Exploit Protection remains available for these operating systems.

New in HitmanPro 3.5.6 Build 108 (Aug 4, 2010)

  • Added option to protect the computer against Windows shortcut vulnerability. Added Chinese (Traditional) language.
  • Updated Polish language.

New in HitmanPro 3.5.6 Build 107 (Jul 20, 2010)

  • Added detection and removal of the Stuxnet malware.
  • Added MS-DOS COM file format support.
  • Added /nocookies command line switch.
  • Fixed a problem with the 64-bit updater.
  • Fixed support for Sophos SafeGuard.
  • Fixed French language.
  • Added Chinese (Simplified) language.

New in HitmanPro 3.5.6 Build 106 (Jul 20, 2010)

  • Added compatibility with TrueCrypt full disk encrytion (thanks BoerenkoolMetWorst).
  • Fixed a problem in the driver that caused a BSOD on some systems.
  • Fixed a problem with the right-click scan on non-NTFS drives (thanks Avinash).
  • Fixed a problem with the right-click scan under Compatible Disk Access.
  • Fixed a problem with the activation on Korean or Japanese systems (thanks Jun).
  • Updated internal white lists.
  • Updated several languages.

New in HitmanPro 3.5.6 Build 105 (Jul 10, 2010)

  • Fixed a problem related to the removal of specific versions of the TDL3 rootkit.

New in HitmanPro 3.5.6 Build 104 (Jun 22, 2010)

  • Latest TDL3 (aka Alureon) Rootkit detection and removal. Also works in Early Warning Scoring mode (ex. when the computer does not have an Internet connection to consult the Scan Cloud).
  • Added a sticky TDL3 Rootkit detection message. This message appears when the hard disk stack contains a reference to a hidden driver, typical TDL3 behavior.
  • Improved removal of Trojans and Rootkits that are protected by a Kernel thread.
  • Added removal of adware and adult related Tracking Cookies in Internet Explorer, Firefox and Chrome. Removal of these Tracking Cookies is of course free, does NOT require a license.
  • Improved Internet connection detection. I.e., when the connection is ex. hijacked by a local proxy, Hitman Pro will now attempt to bypass it.
  • Authenticode certificates are now handled on a separate thread.
  • Improved handling of files that contain resources with specially crafted data to make Anti-Virus software crash.
  • Small improvement in the hash classifier when performing a right-click scan.
  • New Anti-Virus Ballot Screen which appears when the computer is not protected by an Anti-Virus program, or when the computer is using an AV program that is not compatible with the Windows Security Center. This screen does not appear when you purchased a Hitman Pro license.
  • Return of the AV Scan Cloud vendor icons on the Welcome page.
  • Improved the Intelligent removal of malware related remnants.
  • Updated the French language strings.
  • Updated graphics. More color and detail.
  • Updated internal Whitelists.
  • Several other minor improvements.

New in HitmanPro 3.5.4 Build 98 (Apr 27, 2010)

  • Added WinHTTP prerequisite check.
  • A message is displayed on computers running Windows 2000 pre-SP3 and Windows XP RTM.
  • Fixed a problem on computers receiving the message:
  • "The procedure entry point EncodePointer could not be located in the dynamic link library kernel32.dll"
  • Added Czech language
  • Added Swedisch language

New in HitmanPro 3.5.4 Build 97 (Apr 24, 2010)

  • Added Quick scan which only scans load point locations and in memory objects.
  • You typically use the Quick scan when you just want to check whether malware is active on the computer.
  • You can choose Quick scan from the split button on the Welcome dialog or specify the /quick command line switch.
  • Improved the overall scan performance on systems protected by an active on-access AV scanner.
  • Fixed a memory leak reducing memory consumption by 20-40MB compared to previous versions.
  • Replaced WinInet by WinHTTP network stack for internet communication. This allows more proxy options and also allows Hitman Pro to run under different accounts like SYSTEM. This is particularly useful in corporate situations.
  • Improved the Scan-at-startup by postponing the scan until the computer has started up (hard disk activity is near idle).
  • Postponing the startup scan improves the overall computer startup speed. Hitman Pro monitors the "Avg. Disks Queue Length" Performance Counter to determine whether the computer finished starting applications. Hitman Pro postpones the startup scan up to a maximum of 5 minutes. After that, the scan is started, despite hard disk activity.
  • Changed the Scan-at-startup from default normal scan to Quick Scan.
  • Fixed a problem with the Winsock repair functionality on 64-bit platforms. Thanks Rein.
  • Added Advanced tab under Settings allowing proxy configurations:
  • Use Internet Explorer settings (default)
  • Web Proxy Auto-Discovery Protocol (WPAD)
  • Proxy Automatic Configuration URL (PAC)
  • Manual proxy configuration
  • Proxy authentication
  • Added Compatible Disk Access mode.
  • This mode uses the Windows API for accessing the disk. This makes Hitman Pro compatible with hard disk snapshoting tools like Rollback RX and AyRecovery. Note that this mode reduces the chance of finding complex rootkits. You can change the Disk Access mode on the Advanced tab under Settings.
  • Added License tab under Settings.
  • Added Apply to all to the drop down action menu of a detected item.
  • Added hyperlink to the finish page allowing the scan log to be exported as XML.
  • Added /ews command line switch.
  • Added /noupload command line switch.
  • Added /quick command line switch.
  • Added /debug and /debug:full command line switch. Use this switch to generate a mini dump if the program crashes.
  • Updated internal white lists.
  • Lots of minor internal changes.
  • Added Arabic language
  • Added Polish language
  • Built using Visual Studio 2010.

New in HitmanPro 3.5.4 Build 92 (Mar 6, 2010)

  • Detects and removes TDL3 rootkit version 3.273
  • Added detection and repair for rogues changing .exe file assignment
  • Updated language strings

New in HitmanPro 3.5.4 Build 91 (Feb 27, 2010)

  • Detects and removes TDL3 rootkit version 3.27 (actively spreading since Feb. 23).
  • TDL3.27 rootkit authors solved a bug that allowed disk access through SPTI. TDL3.27 (or newer) now monitors SPTI and serves the uninfected bytes when trying to read the hard disk driver from disk. Hitman Pro now uses different methods to detect this highly advanced rootkit.
  • The rootkit's authors are actively watching the security industry, monitoring which tools can detect and remove their creation. Each update shakes off a few tools making this rootkit one of the most resilient malware to date.
  • Improved removal on files with specific permissions.
  • Added XML logging.
  • Watch our Blog as a post on Logging will appear shortly.
  • Added command line switches:
  • /log=C:\Folder\ (make sure the path ends with a backslash)
  • /log=C:\File.xml
  • /noinstall
  • Added registry value LogPath which behaves the same as the /log= command line switch.
  • Added Hungarian strings.
  • Updated Russian, Estonian, and Greek strings.

New in HitmanPro 3.5.4 Build 90 (Feb 16, 2010)

  • Fixed removal of malware related jobs configured in the Windows Task Scheduler.
  • Updated Italian, French and Portuguese-Brazilian language strings.

New in HitmanPro 3.5.4 Build 89 (Feb 12, 2010)

  • Added Force Breach. When holding the left Ctrl-key while starting Hitman Pro (hold until its window appears) will terminate all non-essential processes that run in the user's context. This is particularly useful when a fake/rogue anti-malware application is killing every process you want to start. See movie.
  • Added resolution changer. In Safe Mode scenario's where the computer boots in 640x480 the resolution is automatically increased by Hitman Pro to 800x600.
  • Added browser history crawler to correlate possible malware to visited (black listed) sites. The crawler currently supports Firefox and Internet Explorer.
  • Added ability to restore Desktop Wallpaper when repairing the Desktop Wallpaper policy.
  • Improved Early Warning Scoring.
  • Improved detection of remnants.
  • Several minor bug fixes.

New in HitmanPro 3.5.4 Build 87 (Feb 4, 2010)

  • Updated removal technology to handle TDL rootkit version 3.24 (updated variant of the Google Redirect Virus)
  • Added initial support for keyboard commands.
  • Some minor fixes.
  • Updated internal whitelists.

New in HitmanPro 3.5.4 Build 86 (Jan 19, 2010)

  • Ability to fix the Google Redirect Virus (TDL)
  • Some minor fixes.

New in HitmanPro 3.5.4 Build 85 (Jan 15, 2010)

  • Added removal of TDL3 rootkit version 3.2 (aka TDL3+).
  • This rootkit infects the hard disk driver (usually atapi.sys or iaStor.sys) and redirects Google search results.
  • Improved detection and removal of fake/rogue anti-malwares (scareware).
  • Fixed a occasional crash while scanning on Windows 7.
  • Fixed a crash related to DEP/NX.
  • Fixed a rare crash when user closes the window.
  • Added a reminder panel when the removal license has expired.
  • Remembers Do Not Repair actions.
  • Added Destop Wallpaper policy repair.
  • Added Portuguese-Brazilian language.
  • Updated several language strings.
  • Several minor bug fixes.

New in HitmanPro 3.5.4 Build 84 (Dec 23, 2009)

  • Added caching to the Gossip classifier.
  • Fixed a problem relating the Winlogon Shell registry value to a threat. The Shell value is reset upon removal of the threat.
  • Fixed the empty result view which is related to the 'Report this file as Safe' functionality.

New in HitmanPro 3.5.4 Build 83 (Dec 23, 2009)

  • Fixed a problem in detecting active Internet Connection.
  • Fixed the empty result view which is related to the 'Report this file as Safe' functionality.

New in HitmanPro 3.5.4 Build 82 (Dec 22, 2009)

  • Fixed a problem reading data from encrypted hard drives.
  • Early Warning Scoring (EWS) is no longer on the Settings screen. Also, it is no longer remembered as a default scan. It now needs to selected manually from the new split button "Next" on the Welcome screen. Note that EWS is not meant to run on a daily basis. It is intended for experts only as it potentially lists non-malware files. EWS can also be used when the Internet connection is disabled or unavailable.

New in HitmanPro 3.5.4 Build 81 (Dec 18, 2009)

  • Added Quarantine and History functionality under Settings.
  • Changed the default action to Quarantine on malware items that are recognized by just one AV partner.
  • Malware items are excluded from the scan result list when the item was reported by the user as safe and the item was recognized as malware by just one AV partner. The reported as safe item will reappear when the item is classified as malware by two or more AV partners.
  • Fixed a problem handling ShellServiceObjectDelayLoad items.
  • Vista laptop computers running Intel Turbo Memory Driver iaNvStor.sys cannot use the new disk access mode to detect and remove TDL3 rootkit. This is due to iaNvStor.sys incorrect implementation of specific I/O control codes. Users who suspect a TDL3 infection should disable this specific Intel driver (the iaNvStor.sys is non-essential) and run Hitman Pro again. Hitman Pro build 79 and 80 stopped working when this driver was present.
  • Removed the Windows 7 Task Bar integration as it causes random program stops. The issue is still under investigation.
  • Updated internal whitelists.

New in HitmanPro 3.5.3 Build 80 (Dec 2, 2009)

  • Fixed a problem removing TDL3 rootkit infection from systems with specific third party drivers.
  • As of build 79, Hitman Pro is digitally signed with a new Microsoft Authenticode certificate.

New in HitmanPro 3.5.3 Build 79 (Nov 30, 2009)

  • Detects AND removes the TDL3 rootkit.
  • Hitman Pro 3.5 is one of the first applications that can remove the TDL3 rootkit.
  • Improved alternate disk access mode.
  • Improved removal engine.
  • Improved behavioral scan engine.
  • Fixed a problem with 'Scan with Hitman Pro' checkbox under Settings.
  • Updated internal whitelists.
  • Added Turkisch language.

New in HitmanPro 3.5.3 Build 78 (Nov 2, 2009)

  • Added the Compatible with Windows 7 logo. Hitman Pro 3.5 successfully completed Microsoft's testing regime to prove it can be readily installed and run reliably on Windows 7.
  • Fixed a problem in handling the $MFT bitmaps.
  • Added alternate disk access mode when the default mode (kernel driver) is blocked by a rootkit (some variants of TDSS/Alureon).
  • Added detection and removal of malicious autorun files on removable drives.
  • Improved scan speed on files that have an authenticode certificate.
  • Improved detection and removal of fake/rogue anti-malwares (scareware).
  • Improved removal of fake/rogue anti-malware collaterals.
  • Used a different counter to determine the total scan time (more accurate).
  • Added a timer on the scan window that indicates the scan time.
  • Small improvements in screen updates.
  • Fixed several translation typos.
  • Added Catalan language.

New in HitmanPro 3.5.2 Build 76 (Oct 5, 2009)

  • Added Winsock repair functionality.
  • When Hitman Pro deleted a malicious Winsock LSP protocol driver it now repairs the LSP chain.
  • With previous versions, this problem resulted in having Internet connection problems.
  • Fixed a problem where specifc directories where not scanned due to non-resident $I30 NTFS-indexes (index fragmentation).
  • Improved detection of malicious Mozilla Firefox extensions and plugins.
  • Improved detection of malware that starts through a scheduled task (Windows Task Scheduler).
  • Fixed a problem with the network enumerator (port scan).
  • Added Windows 7 taskbar integration. The progress bar is now also displayed in the Taskbar button.
  • This feature works for Windows 7 build 7600 (RTM) or newer only.

New in HitmanPro 3.5.1 Build 75 (Sep 24, 2009)

  • ded the "Show 'Scan with Hitman Pro' on files and folders in Windows Explorer" option under Settings.
  • This feature is also known as the much requested 'right-click scan'.
  • Note: Scanning a folder does not scan recursively due to volume reasons.
  • Updated the internal whitelist.

New in HitmanPro 3.5.1 Build 74 (Sep 24, 2009)

  • Fixed a problem where files are not correctly uploaded to the scan cloud. Thanks to simisg.
  • This problem first occurred in build 72.

New in HitmanPro 3.5.1 Build 73 (Sep 19, 2009)

  • Added Macedonian language texts to the user interface.

New in HitmanPro 3.5.1 Build 72 (Sep 17, 2009)

  • Fixed a problem reading a specific fragmented $MFT table which caused a scan to complete under 10 seconds.
  • Fixed the inability to disable daily scanning on certain computers in Settings.
  • Fixed determining the initial state of the System Restore Point checkbox in Settings.
  • Fixed handling high DPI font sizes.
  • Added Greek language texts to the user interface. Thanks to Ippokratis.

New in HitmanPro 3.5.1 Build 70 (Aug 28, 2009)

  • Improved detection of zero-day malware.
  • Improved detection of auto starting malware.
  • Fixed a problem in handling authenticode certificates when malware infected a code signed PE-file.

New in HitmanPro 3.5.1 Build 69 (Aug 14, 2009)

  • Fixed a problem when scanning during boot.

New in HitmanPro 3.5.1 Build 68 (Jul 24, 2009)

  • Changed Crusader removal tactics to handle specific new rootkits.
  • Updated the internal whitelist.

New in HitmanPro 3.5.1 Build 67 (Jul 24, 2009)

  • Added option to report a file as safe. This will also set the default action on that file to "Do not delete" (locally).
  • Improved dynamic detection and removal of fake/rogue anti-malware traces.
  • Fixed a potential issue which could cause the removal engine not to timeout when removing a particular malicious driver.
  • Updated the internal whitelist.

New in HitmanPro 3.5.1 Build 66 (Jul 11, 2009)

  • Fixed a problem in handling cloud responses resulting in files not being uploaded.
  • Improved detection and removal of fake/rogue anti-malwares (scareware).
  • Fixed a typo in the Estonian language file.
  • Added Spanish language to the user interface.

New in HitmanPro 3.5.1 Build 65 (Jun 30, 2009)

  • Improved intelligent cleanup of registry, file and folder references.
  • Improved detection and removal of fake/rogue anti-malwares (scareware).
  • Improved Scan Cloud scanning capacity.
  • Added more rules to Early Warning Scoring (EWS) to help experienced users with zero-day malware.
  • Updated the internal whitelist.
  • Added Italian language texts to the user interface.
  • Updated the user interface with a red banner when malicious software is detected.

New in HitmanPro 3.5.0 Build 59 (Jun 4, 2009)

  • Finetuned timeouts concerning Scan Cloud (fixes "Upload failed").
  • Added Estonian language texts to the user interface. Thanks to Lauri SC.

New in HitmanPro 3.5.0.58 (Jun 3, 2009)

  • Behavioral Scan
  • The unique Behavioral Scan is basically the core of Hitman Pro 3 and is the result of thoroughly analyzing hundreds of thousands of malware samples and legitimate files. It is capable of quickly distinguishing malicious and legitimate software, without using traditional virus signatures. Hitman Pro 3.5 consists of only in-house developed technology.
  • Direct Disk Access
  • Hitman Pro 3.5 reads files and registry information directly from the hard disk. Usually one would use a regular Windows Application Programming Interface (API's).
  • Advanced malware is filtering Windows API's and prevents traditional anti-virus software to even detect the infection. Current malware (like TDS rootkit and its variants) are not detected by current (and even upcoming 2010) versions of renowned anti-virus software. Most popular anti-virus products that you find in the shops rely on Windows API's. Hitman Pro 3.5 hardly uses these and looks for discrepancies between the raw data on the disk and what Windows API's return.
  • Because Hitman Pro 3.5 is now reading directly off the disk (circumventing regular Windows API's), it is also no longer slowed down by active traditional anti-virus software installed on the computer.
  • Multithreading
  • The Behavioral Scan is now fully multithreaded. This means that Hitman Pro 3.5 efficiently distributes the many classifications tasks over the available system resources. For instance, consulting and uploading files to the Scan Cloud is now done simultaneously with other classification tasks. Scan overview is also showing live progress of the activities during classifying. Suspicious files are now also displayed sooner, thanks to multithreading.
  • On new computer systems, Hitman Pro 3.5 is now done within a minute, what previously took 3-10 minutes. And when done, users know exactly if their computer is infected. Never before was an on-demand comprehensive anti-virus scanner this fast.
  • File Compression
  • Version 3.0 prohibited that large files were sent to the Scan Cloud. In Hitman Pro 3.5 this limitation is removed because unknown suspicious files are now first compressed before upload. Fraudulent and fake anti-virus software of 20 MB or more in size are now also quickly identified.
  • Secure Connection (SSL)
  • It is now possible to use a secure connection (SSL) while uploading unknown suspicious files to the Scan Cloud. Transmitted data cannot be read or tampered with while it is being sent. This feature is of course enabled by default.
  • Enhanced PE Heuristics
  • The Behavioral Scan is specialized in analyzing executable files, so called Portable Executables (PE). These are usually EXE, DLL and SYS files. Hitman Pro 3.5 not only determines their entropy (an indication of deliberate encryption to hinder virus research) but it also analyses PE import tables and detects anomalies commonly found in malware. Version 3.5 now also analyses individual data directories and detects debug information. It also recognizes so called Microsoft .NET files.
  • Gossip Rating
  • Every week cyber criminals are releasing new fraudulent and fake anti-virus software. These so called 'rogues' are created by criminals to convince users that the computer is infected with often non existing objects. To gain the trust of the user, these programs look very professional. To remove the infections, the software asks the user to pay up, preferably using a credit card.
  • Real and trusted security vendors give their best to detect these fraudulent programs. But since the criminals often update their fake creations, it sometimes takes days for professionals to find and create a remedy for these new variants. In the meantime various websites and forums on computer security are already debating the latest fake anti-virus and fake anti-spyware programs.
  • Hitman Pro version 3.0 introduced besides the Behavioral Scan also the Security Gossip system. Next to consulting the Scan Cloud, it also consulted several search engines on the internet, to determine if security relating websites and forums were debating a detected program. Hitman Pro 3.0 did this autonomously, but as of version 3.5 this is done centrally where a new enhanced version of this innovative technique is also a lot more efficient. We named the new central function Gossip Rating and it's ratings are also fed to the Early Warning Scoring system so Hitman Pro 3.5 can offer to remove yet unknown fake scanners.
  • Thanks to Gossip Rating, Hitman Pro 3.5 automatically gathers and uses the discussions between thousands of people behind security related websites and forums to battle malware on your computer.
  • Early Warning Scoring (EWS)
  • The Early Warning Scoring system replaces the 'Virus analyst' function in Hitman Pro 3.0. Early Warning Scoring (EWS) automatically shows (yet) unknown but suspicious files that may pose an immediate threat. The purpose of EWS is to give more experienced users a more usable 'knife' to remove zero-day threats that are still undetected or remedied by respected anti-virus professionals.
  • EWS is possible thanks to the innovate technology behind the Behavioral Scan. To use EWS users must manually enable the function (at Settings). Enabling EWS will reveal zero-day malware that is still undetected by the many virus scanners in de Scan Cloud. EWS shows the Behavioral Scan Threat Score (a figure indicating how malicious a file potentially is) as well as a description why it is possibly dangerous.
  • Repair of Unsafe DNS Settings
  • In version 3.5 we have added a universal check for DNS settings. An unsafe DNS server can make security related website unreachable. During online banking, unsafe DNS server can also relay users to exact looking fake banking websites. To dynamically detect unsafe DNS server addresses Hitman Pro consults public black lists.
  • When one of the network connections is using a blacklisted DNS server address, Hitman Pro will offer to restore it to safe addresses: DHCP in case the adapter is using a dynamic IP address or OpenDNS when the adapter is using a static IP address.
  • Repair of Unsafe Proxy Settings
  • Numerous Trojan horses function as a local proxy server. This causes all internet traffic to flow through the malware. When anti-virus software removes this malware the proxy server settings often remain unfixed. Because of this Internet Explorer - and other programs relying on system wide proxy server settings - can no longer communicate with the internet. Hitman Pro 3.5 automatically detects if the computer is using a non-existing local proxy server and shall restore the connection with the internet.
  • Crusader
  • The Crusader is the internal name of the component responsible for removing malicious software. Hitman Pro commands it to repair or remove malicious files, registry keys, values and shortcuts. In version 3.5 the Crusader component is enhanced with new innovative techniques.
  • Physical Take Out
  • All malicious software is now physically overwritten (sector level) on the disk, so it is impossible for these files to become active again.
  • Boot-time Service
  • Version 3.5 has received an extra service that - in addition of the Hitman Pro native NT Bootdeleter - will remove malware related registry objects and shortcuts. Thanks to the new Boot-time Service resistant malicious software is now also thoroughly removed immediately during reboot.
  • Restore of Critical System Files (WPF)
  • To ensure the stability of Windows, infected but critical system files cannot be just removed. Hitman Pro 3.5 will look for a safe copy of the system file and replaces the infected version.
  • If there is no safe copy found on the local hard disk the user is offered the possibility to copy a safe original version from an original Windows installation disk.
  • The computer system remains working in case a critical system file cannot be restores, albeit still infected. This new method prevents 'operation successful, patient died' that other anti-virus software causes.
  • Updated Built-in Whitelist
  • With Hitman Pro 3.5 we would like to help more users internationally. To quickly scan non-English and non-Dutch systems really fast as well, we have updated the built-in whitelist with system files of Windows languages as German, Italian, French, Turkish, Russian, etc. It also contains information on 64-bit (x64) versions of Windows XP, Vista and 2008 and about Windows 7 as well.
  • Next to the fact that the whitelist increases the speed of the scan process, it also makes removing legitimate files by Hitman Pro impossible.
  • New User Interface
  • Hitman Pro 3.5 received a completely new GUI (Graphical User Interface). Because the new development team was not limited by the possibilities of AutoIt Script in the old version of 3.0, the team looked to make the user interface easier, more detailed and a lot snappier.
  • More Control
  • Some security enthusiasts were not happy about the level of control Hitman Pro 3 offered. The user could not easily unmark the detected malicious files (identified by professional anti-virus products) and had no insight in which files were sent to the Scan Cloud.
  • Without changing the extremely easy way the Hitman Pro software works, every user now has also control over the (by professional virus scanners identified) malicious files and which unsafe settings are to be fixed by Hitman Pro.
  • Increased Visiblity Security Vendors
  • The live scan overview now displays one or more malware names when a security vendor in the Scan Cloud identified it. This give more insight in which security vendors identified a file as malicious.
  • New Product Icon
  • To celebrate the new program Hitman Pro 3.5 introduces a brand new colorful product icon to represent the innovative scan technology of the Behavioral Scan and the multi engined Scan Cloud.

New in HitmanPro 2.5.1.0 (Aug 28, 2006)

  • Added Spy Sweeper 5 support. Hitman will now, when installed by user, operate Spy Sweeper 5.
  • Added "Do not ask again" checkbox when removing Quarantine archives.
  • Added extra report information concerning Spyware Doctor.
  • Added more recognition of registry defaults to Expert (keys that should be repaired instead of removed).
  • Fixed NOD32 report (was broken in Hitman Pro 2.5).
  • Fixed problem restarting Spy Sweeper UI (shields) when Hitman finished scanning.
  • Fixed Disk Cleanup. In Hitman Pro 2.5.0 it was cripled (it never cleaned the browsercache).
  • Fixed error during Uninstall of Hitman Pro 2.5.0
  • Improved exiting Spyware Doctor 4.0.
  • Improved handling of registry entries in Expert.
  • Updated some language strings; users, thank you for reporting them.
  • Changed Cookies under Threats (in Expert). Moved them from Threats to their own category (since Cookies don't deserve to be called a threat).

New in HitmanPro 2.5 (Aug 15, 2006)

  • Added Expert tool. Even though Hitman Pro was never designed for the experienced user, a lot of people asked for it. Users can now have complete insight and control over threat objects (files and registry keys).
  • Added checkbox to disable automatic removal of threats (main screen). When unchecked, the Expert tool will be displayed after inspections. With the Expert tool users have full control of the detected threats. Note that threats are always added to the Expert threat cache.
  • Added prelimenary support for Spy Sweeper 5. Note that Hitman is not capable of using it yet. It will only instruct Spy Sweeper 5 to shutdown and startup when inspecting the system (so it does not interfere with the other AntiSpyware applications). Hitman Pro version 2.5.1 will deliver Spy Sweeper 5 support (Webroot changed a lot and its not so easy to integrate it into Hitman).
  • Improved "Improved spyware removal". This function helps the external antispyware application removing threats.
  • Removed Hitman Pro AntiSpyware since its not compatible with the new internal functions and I decided not to migrate it. Instead, I will add my FuzzyLogic system to Hitman Pro 2.6. FuzzyLogic relies more on a rule set, rather than a lot of signatures. The Proof of Concept I have finished recently finds practically every known spyware and virusses. But it's main task is to find yet unknown threats. People interested in FuzzyLogic can contact me for a demonstration.
  • Rewrote the Quarantine. Hitman Pro is now way faster and efficient in quarantining threats. I also had to rebuild it to fit the Epxert tool (Expert quarantines threats before removing them).
  • Added support for Internet Explorer 7. Hitman Pro was not able to download files when Users were running the beta version of Microsoft's new browser. This has been fixed.
  • Fixed a problem with SurfRight on systems that do not have NTFS on the Windows drive. SurfRight cannot be enabled when Windows is not installed on an NTFS drive. SurfRight relies on NTFS permissions to protect the user against attacks through known and unknown vulnerabilities in internet applications. Protection is based on the "Least User Access" principle, a security model where Windows Vista relies on next year. Linux and Mac OS X obey this principle for years and Hitman Pro delivers it for Windows XP today (in fact, already since April 2005).
  • Added support for Windows Live Messenger in the SurfRight control panel in Hitman Pro. It's mentioned properly now (previously it stated MSN Messenger).
  • Updated Internet Explorer (SurfRight) icon to Internet Explorer 7 style.
  • Improved SurfRight Helper. I changed the way files are opened from the SurfRight Helper. Also improved accuracy of the icons in the download list (sometimes SurfRight Helper could not locate a fitting icon).
  • Added support for Spyware Doctor 4.0. Had to rewrite some code so Hitman is able to shutdown Spyware Doctor, when needed.
  • Changed enumeration of installed programs. This is now done only when NOD32 is not installed (and is about to be installed).