HitmanPro.Kickstart – # 2
clean a ransomed PC

In the 1st part of our workshop “HitmanPro.Kickstart” we have created a bootable USB flash-drive, which we will use to scan and clean a PC in this part of the workshop.
It´s important that the BIOS supports booting from USB devices, you will probably have to go to your BIOS settings and change the boot order, so that USB devices are checked before the CD-ROM and harddrives in your PC. Otherwise the PC will not boot from the attached USB flash-drive but from its internal harddisk.

BIOS settings - choose your startup order

BIOS settings – choose your startup order

Depending on the BIOS manufacturer and your computer model, the settings are named differently and are attainable with different key combinations at boot time. Be sure to check the display on the screen, that appears for a short time, when you start the computer. You may need to override the Boot sequence, everytime you start your computer and manually select your USB-stick as a boot device ( some PC models of Dell require this for example).

Verschiedene Möglichkeiten, das BIOS des Rechners aufzurufen

some ways to access your BIOS

On one of our PC´s it was necessary to leave the BIOS settings untouched, so that the hard-drive would be the first in the boot sequence. Then we had to hit F12 at bootup-time to get to a Boot-Menu, where we could choose the USB flash-drive for just this startup, otherwise the PC just would boot to a black screen. Watch the screen at the startup time for brief messages, play with the settings until the machine will start.

HitmanPro boot message

HitmanPro boot message

The PC is booting from the USB flash-drive, showing HitmanPros boot options.  You can choose to bypass the Master Boot Record, using HitmanPros boot code or to process the regular boot sequence, which can be necessary if you have any alternative Boot-Loader like GRUB installed on your PC. Thereafter Windows boots up as normal and you have the opportunity to enter the Windows Start menu, in case you need to start Windows in safe mode (with network support as HitmanPro requires access to its cloud-based database).
The computer will now boot until it asks for your user login credentials, or just up to the desktop if your system is configured to logon automatically, and HitmanPro will start after a short break. In case that Malware is already started at this time, HitmanPro will try to end all processes of unwanted software. It´s possible, that your screen is now flickering, in that case leave Hitman alone and wait until the screen turns to normal again.

HitmanPro.Kickstart is running

HitmanPro.Kickstart is running

To find the different options of HitmanPro, you´ll just have to click on “settings” and you can change the settings, language, scan behavior or you can get a license for your copy of HitmanPro. HitmanPro also offers a 30 day free license to cleanup an infected PC without having to buy HitmanPro.

You get a 30 day license for free !

You get a 30 day license for free !

Within the settings you can also activate the EWS (early warning score). Unlike the standard Scan, which sends suspicious files into the “Scan cloud” to get them scanned with various anti virus products, the EWS can be performed without network connection and uses a scoring which is based on the behavior of the file it evaluates. This is also a very effective way to detect zero-day malware / ransomware, because the EWS is not dependent on signatures. In the case that new ransomware is not yet discovered via signatures by the scanners in the Surfrights scan cloud, EWS can still be a good way to detect the ransomware by the score and the informations it provides about suspicious files. So the interested user can evalute the threat potential of a suspicious, unknown file by analyzing it with HitmanPros EWS.

So back to the start screen in HitmanPro, let´s start a scan by hitting [next] on the main screen. HitmanPro will show you a blue window with an overview on the files it analyzes. It will show you the usual progress bar and a list of files – mostly cookies –  that it has classified for your further evaluation. To get more information on a specific file, you can just click on it and you´ll be given an explanation about Hitmans outfindings on it.

HitmanPro is scanning - nothing harmful found

HitmanPro is scanning – nothing harmful found

If HitmanPro finds a threat, the blue windows will change to red, notifying you, that something possibly harmful has been found. You can evaluate it by yourself, with a click on the file in the list and you´ll be given an explanation about the file and its dependencies in windows.

Threat found

Threat found

The analysis shows you the name and location of the file and its dependencies, when it was first recognized as malware by HitmanPro and its associated scan cloud. You can see the names it is known for in other AV-Products and you will get a scoring for the malware. The higher the score, the greater the potentional threat that comes from the malware.
In our example the file “Offene Rechnung 13 Jan 2013.com” was found to be dangerous and HitmanPro tells us, that the file is detected as a Trojan by G-Data and Ikarus. It also shows some details on the files propertys itself. If the malware was new for HitmanPro, the file is uploaded to the “Scan cloud” and scanned by 5 different Anti-Virus products. The outcome of the analysis is stored into the Scan cloud, so that the results are directly accessible by other users. This ensures, that unknown files are analyzed by the first finding, classified by threat potential and the results are accessible in the Scan Cloud for every HitmanPro-user.

HitmanPro shows details of the Malware

HitmanPro shows details of the Malware

After finishing the scan, you can choose what to do with the listed files. You can individually choose to delete them, keep them in quarantine or ignore them. “delete” is the preselected option . If you find some wanted elements in this list, like cookies you want to keep, then you should choose to ignore them in the dropdown menu.

HitmanPro lets you choose, what to do with the infected files

HitmanPro lets you choose, what to do with the infected files

To proceed, just click on next and HitmanPro will perform the chosen actions and will give you an overview on what actions have been performed. You have also the possibility to save a log-file here for your records.

HitmanPro en scanning removal results#

all selected actions have been performed

Just klick on “next” again and you will see a final statistic on what has been done so far. After closing the program, windows will need to reboot, to perform cleanups of remants of the found malware, which HitmanPro cannot access during windows runtime, so that the system is clean from malware by reaching the Windows logon screen.

done - hitmanPro shows a final overview

done – HitmanPro shows a final overview

A new scan with HitmanPro should now show a clean system, you can see the blue window color here, showing that everything is fine.

Hopefully the PC is now malwarefree. It is always a good idea to perform a scan a few windows starts after a system-cleanup, just to ensure that no malicious code, which would eventually be able to reload some code parts from the internet,  was overseen. It cannot hurt eihter, to double check your scan results by other tools like Malwarebytes Antimalware or ESET´s Onlinescanner.

18 thoughts on “HitmanPro.Kickstart – # 2
clean a ransomed PC”

  1. Hi Guys,

    thanks for this guide!

    I got one problem by doing this! A friend sent me his notebook with BKA trjan.
    I´d been booting with Hitman, waiting a whole long time and get back an error
    (No internet connection!)

    But i connected this Notebook directly with my router
    (No MAC filter)

    Thanks for help Guys =)

    regards

  2. My pc got the ICE version of ransomware. I tried hitman pro kickstart with usb, and everything seemed to work at first. I selected it in the bootup menu, and I chose option one, then it started windows. I entered my password and the malware screen came back up, but hitman did not overcome it. I waited ten minutes and rebooted and went through the whole process again, with no success. Hitman pro kickstart is not able to overcome the virus. I am on a Dell XPS Studio with Intel chip, Windows 7 OS.

  3. Hitman startet nicht automatisch – wenn ich das Programm manuell starte stürzt alles ab (wie vorher und mit anderen anti malware Programmen auch)
    Für mich sieht es so aus als boote der PC vom Stick. Kurz steht auch hitman da, aber dann wieder boot von cd (keine drin) danach sieht alles aus wie immer. Jemand eine Idee? lt Telekom habe ich mir citadel eingefangen

    1. Hallo Fine,

      das sollten sich mal unsere Experten anschauen. Melde dich bitte kostenfrei in unserem Forum an und erstelle ein neues Thema. Die Experten werden dir bei der Bereinigung helfen.

      Grüße,
      TB, ABBZ

  4. Hi,
    I am having a problem with this fix for a ransomware infection.

    I am not getting any option to activate the free HitmanPro licence and therefore am being forced to purchase the software.

    Does anyone have a solution apart from purchasing the software!
    Thanks,
    Paul

    1. There can be exactly two reasons why you are forced to purchase the software:

      1., The user’s License states that the “free trail” is only available for “private users”. If your PC is used in an “Active Directory”, you are supposed as a commercial user.

      2., You have activated a “Free Trial Version” for this PC in the past. As the “Free Trial Version” is only available once per PC, it will be denied by the Licence Management.

      If you have any further questions or if you should assist you in cleaning-up your PC, please do not hesitate to register yourself with our support forum:
      http://forum.botfrei.de/forumdisplay.php?51-English-Support

      Rgds,
      TK, ABBZ

  5. I lost control on my computer which is controlled now by GVU Tojan.
    I downloaded hitmanpro and started from USB BUT it does not scan and stops waiting for internet connection.. How can I overcome this problem?

    Thanks

    1. Hello SJ,

      The HitmanPro urgently needs an Internet connection, it will not work without this. Please log in our forum, the experts there will help you.

      regards,
      TB ABBZ

  6. Hello,

    I am having a problem removing a RootKit. Hit man pro boots from USB ok but after scan starts a black screen keeps appearing with just mouse arrow showing?

    This Rootkit seems to get harder to kill every time i see it.

    Current state:

    PC, Windows Vista 32bit:

    When trying to start in safe mode, computer loads desktop then restarts.
    The computer starts normally ok but then the screen fills with security scans and warning messages! If I try and open ANYTHING the computer crashes.
    This includes task manager or msconfig!
    I’m totally stuck! Any suggestions?

    Thanks

    1. Hello again,
      Thank you for your response. I Just got the issue fixed.

      Unfortunately I’m not sure how.
      I just kept retrying to run HitMan Pro and it eventually worked through quick scan and removed the rootkit. From there I was able to start the PC normally and run a full scan to complete the clean.

      Thank you for your response

  7. Program works great but,

    I just used the kickstart software to stop the running NSA Virus but the computer fails to establish an internet connection so the Hitman Pro software will quit when it doesnt see the internet. Thus failing all together. Is there a work around to get it to work without an internet connecion?

  8. Hello, After successfully running software I click activate free license and window pops up asking for email address. PC freezes and cannot enter email. Tried to get free license on infected pc before running software by clicking on License tab but PC freezes when prompted for email address. Is it possible to get free license code other ways? Thank you.

Kommentare sind geschlossen.