Hitman Pro removes Popureb.E

The latest release of Hitman Pro 3.5.9 – build 126 – will remove the infamous Trojan “Popureb” without the need to reinstall the operating system as previously advised by Microsoft.

Malware like Popureb overwrites the hard drive’s Master Boot Record (MBR), the first sector – sector 0 – where code is stored to bootstrap the operating system after the computer’s BIOS completed its start-up checks. The rootkit hides the MBR by hooking the DriverStartIo of the harddisk driver atapi.sys, making it effectively invisible to both the operating system and most security software.

The Cloud Assisted Miniport Hook Bypass technology that was added to Hitman Pro in an earlier release this month is designed to detect these sophisticated rootkits. Our Cloud Assisted Miniport Hook Bypass is capable of detecting and removing the Popureb bootkit.

Build 126 of Hitman Pro 3.5 contains a new Tool Action: Replace with standard MBR.

This new action offers users a means to overwrite a non-standard MBR with a standard MBR returning it to a clean state. This new Tool Action is only available to users when scanning a system with Hitman Pro in Early Warning Scoring (EWS) mode. Users do not need to use the Windows Recovery Console to return the MBR to a clean state.

A beta version of Hitman Pro 3.5.9 build 126 can be downloaded here:

32-bit: http://dl.surfright.nl/HitmanPro35beta.exe
64-bit: http://dl.surfright.nl/HitmanPro35beta_x64.exe

UPDATE: Click here to view Hitman Pro in action against Popureb.

Comments are closed.

%d bloggers like this: