If you’ve got a malware infestation that interferes with installing regular antivirus protection, or ransomware that keeps you from booting Windows at all, it may be time to call in a hit man. HitmanPro 3.7 is specifically designed to clear out this kind of resistant malware, and its new Kickstart module foils malware that holds your computer for ransom.
Vendors frequently offer cleanup-only tools like HitmanPro for free. You don’t have to pay to run a scan with HitmanPro, but if you want to remove malware found by the scan you’ll have to pay for it ($19.95 per year for one license, $29.95 for three) or register for a 30-day free trial. On the plus side, you don’t have to start that 30-day trial if the scan came up clean.
Easy Launch, Easy Scan
By default, the tiny HitmanPro executable installs a local copy on the PC you’re scanning and sets it to scan at each reboot. However, you can also choose to just run a one-time scan without installing anything. In testing, I had no trouble installing this product on my twelve malware-infested test systems. That’s refreshing, considering that getting some products installed has required hours of tech support intervention via phone and live chat.
Like Malwarebytes’ Anti-Malware Free 1.51, HitmanPro has a user interface that’s focused on the singular task at hand. Most users will just launch it and immediately click Next to initiate the scan. Yes, there are a few configuration settings, but leaving them at their default values will ensure maximum security.
The time required for a scan depends strongly on the number of suspicious unknown files found, because HitmanPro uploads such files for cloud-based analysis. On my standard clean test system, a full scan took just four minutes and a repeat scan came in barely over a minute. The average for recent antivirus products is over 30 minutes, so HitmanPro is definitely fast!
Scanning the infested systems took longer, in some cases much longer. A couple of times I noticed in the scan results that the connection with the cloud had failed. I rescanned those systems to ensure the best result.
At the end of a scan, HitmanPro lists all the malware, suspicious files, and tracking cookies that it found. Its scan relies on technology from five antivirus companies: Dr. Web, IKARUS, G Data, Emsisoft, and Bitdefender. Clicking on any of the found items displays which of the antivirus engines detected it and what name each used to describe it.
Some list items will include little rectangular notes that the company calls “chevrons.” For a running process, the chevron displays the process ID. HitmanPro use chevrons to flag drivers, files that launch at startup, and files protected by Windows File Protection, among other things.
Double-clicking an item in the results list brings up an extraordinarily detailed list of attributes noted by HitmanPro. The average user won’t necessarily want to deal with this level of detail, but I found it fascinating.
The list also indicates HitmanPro’s recommended action for each found item. I saw no need to change the defaults except in one particular case. On every test system HitmanPro identified the well-known security tool RootkitRevealer as a Trojan. It’s not, so I chose the option to report this file as safe.
Very Good Cleanup
I did observe that in several cases HitmanPro detected the installer for a particular malicious program without detecting the installed program; that counts as a miss. Also, one combination rootkit and keylogger managed to keep running despite HitmanPro’s attempt at removal. Still, it scored very well overall.
HitmanPro detected 84 percent of my active malware samples and scored 6.3 points for malware cleanup. FixMeStick 2013, another cleanup-only tool, also scored 6.3 but detected 82 percent. These two aren’t far behind the top current score of 6.6 points, shared by Norton AntiVirus (2013) and Webroot SecureAnywhere Antivirus 2013.
Because FixMeStick works by booting into an alternate operating system, it’s especially effective against rootkits. Its score of 9.2 points for rootkit removal beats all others except for Kaspersky Anti-Virus (2013), which scored 9.4. HitmanPro took an impressive third place with 8.4 points for rootkit removal, a score shared by Norton.
For a full explanation of how I come up with these scores, see How We Test Malware Removal.
HitmanPro 3.7 malware removal chart
Emsisoft Emergency Kit 2.0 is another USB-based solution, but it’s not bootable like FixMeStick. The idea is that you’ll carry it around and run a scan whenever you need to. It scored 5.6 points overall for malware removal, but just 1.2 points against rootkits.
Malwarebytes is probably the best known cleanup-only antivirus tool, and Comodo Cleaning Essentials is PCMag’s Editors’ Choice in this category. Both were tested using my previous malware collection, so results aren’t directly comparable. Comodo scored 6.8 points overall and 8.7 point for rootkit removal. Like Emsisoft, Malwarebytes fared poorly against rootkits, with just 3.6 points, but its overall score of 6.4 points is quite good.
Kickstart Foils Ransomware
The term “ransomware” refers to malware that takes over a user’s computer and demands payment before it will release the hostage. In some cases, the ransomware encrypts important documents. More commonly, it takes over the boot process and completely prevents access to Windows. Ransomware often uses disguises. One common example pretends to be a warning from the FBI, while another masquerades as a Windows Genuine advantage notification.
You’d be surprised how often people just pay up… and how rarely the ransomware actually releases control of the system when they do. Smart users know that it’s a fake, but when you can’t boot Windows you can’t run a scan to get rid of the malware.
HitmanPro’s new Kickstart feature is designed to rescue a computer held hostage by ransomware. From a clean computer you launch HitmanPro and create a bootable Kickstart USB. Booting from the USB bypasses the ransomware and launches a dedicated desktop, where it can run a full scan using Hitman Pro. FixMeStick works in much the same way, but it boots to a dedicated Linux variant.
Alas, I couldn’t test Kickstart with real ransomware due to interaction with VMware. I managed a workaround to boot the infested virtual machine from the Kickstart USB, but my jury-rigged system didn’t let it function properly. I booted a clean physical system from the Kickstart USB and watched the scan in its dedicated desktop—it definitely worked!
Effective, but Not Free
HitmanPro 3.7 proved itself an effective malware cleanup tool in my tests, and its ransomware-fighting Kickstart module is unique. On the other hand, FixMeStick deals with ransomware by booting to an alternate operating system, and it scored almost the same as HitmanPro. Both have one problem; they’re not free.
The most common reason to reach for a cleanup-only tool is that malware on your PC actively blocks installation of a full-scale security product. You’ve already paid for the product you’re trying to install, so you’re probably not enthused about paying again to get it installed. The free Comodo Cleaning Essentials remains our Editors’ Choice for cleanup-only antivirus. Still, if ransomware keeps you from running Comodo a Kickstart from HitmanPro may be the exact solution you need.
More Antivirus reviews:
|Tech Support||Email support.|
|OS Compatibility||Windows Vista, Windows XP, Windows 7|
|Type||Business, Personal, Enterprise, Professional|
Copyright © 2012 Ziff Davis, Inc