Hitman Pro KickStart Removes FBI Ransomware

There’s a lot of fake FBI Ransomware out there, so much so in fact, that SurfRight (the makers of Hitman Pro) have developed a solution called KickStart that targets Ransomware.  Kickstart creates a bootable USB stick that prevents the ransomware from loading and then subsequently removes it for you.  It’s simple and effective.

Here’s how to create a Kickstart USB stick:

  1. On a computer that’s not infected with the fake FBI Ransomware you’ll download Hitman Pro with Kickstart from http://www.surfright.nl/en/downloads
  2. Open the Hitman Pro download.  You’ll notice at the bottom of Hitman Pro that there is a new button (little figure doing a karate kick).  Click that button.
    hitman-pro-kickstart
  3.  There will be a simple interface that goes into more details on how Kickstart works.  
  4. Plug-in an empty USB stick into a free USB port on your PC.
  5. Click Install Kickstart.  Hitman Pro Kickstart will erase the USB stick and then put all the necessary software on that stick for booting your PC into Windows without the Ransomware loading.  After Windows loads Hitman Pro will remove the ransomware automatically.
    Kickstart-USB-Stick

    kickstart-usb

 

 
 

, , ,

24 Responses to Hitman Pro KickStart Removes FBI Ransomware

  1. Dave December 7, 2012 at 3:59 pm #

    Very cool! Thanks, Matt.

    • malwarekilla December 7, 2012 at 4:19 pm #

      Sure man. I have a VM with this FBI Ransomware, so I’m going to try Kickstart out. Should be a good little video.

      • Dave December 7, 2012 at 4:37 pm #

        I have removed that ransomware as easily as running MBAM on the infected system. I like to try different methods if I have a little time with a machine and I read somewhere (may have been Bleeping Computer) that it could be removed by doing a system restore and so I tried that on the last one I had with that infection and sure enough, it wiped it out. If I get another one with that problem I will try out KickStart for sure. Sounds like a quick way to handle it.

        • malwarekilla December 7, 2012 at 5:01 pm #

          Yeah, booting into safemode and then running mbam usually kills it. Not sure what all the fuss is about with this ransomware right now.

          • Tony August 24, 2013 at 5:47 pm #

            Hi all i got hit by his just in a web browser i hit CTRL ALT DEL and ended the browser i have rebooted several times,and all the time i have not seen the window with the fbi thing return, so dose that mean i did not get this virus, i have win a scan with superantispywware,malwarbytes ,and DRWEBCURIT and all come up negative. should i d-load and run hit man if i have no signs of this virus at all?. I’m on windows 8 64 bit.

  2. malwarekilla December 7, 2012 at 4:23 pm #

    Update – according to the dev’s “Booting into a ransomed Windows 8 environment will be supported later.”

    • Simon December 7, 2012 at 5:15 pm #

      Did you know Hitman Pro has a forced Breach Mode – it stops all non essentials processes

      • malwarekilla December 7, 2012 at 6:48 pm #

        Yeah, I use it quite a bit, however those FBI loaders are superfast and prevent you from accessing anything. That’s why they created Kickstart.

        • Simon December 8, 2012 at 8:51 am #

          Thats excellent, awesome. Is Kickstart a free addition for registered users of Hitman Pro or separate ?

  3. John December 8, 2012 at 2:56 am #

    The only thing I do not like about hitmanpro is that if you already used it you cannot use it again unless you have a key to activate it. Otherwise it’s an owe some tool to use.

  4. John December 8, 2012 at 2:58 am #

    Any of you guys know how to go around that so you can use it again if trial expired?

  5. Dave December 8, 2012 at 3:07 am #

    Really cool Matt. Thanks for the information. Hitman Pro is really good.

  6. John December 9, 2012 at 4:15 am #

    What other techniques would you recommend besides bootcd for this malware?

  7. ZOU December 9, 2012 at 2:23 pm #

    The HitMan Pro team is really stepping it up with “kickstart” and “forced breach mode”.
    Hats off to ‘em!

  8. Shaun Zhang December 9, 2012 at 9:35 pm #

    Matt
    In your review, Remove Malware Free 2013 Edition, you have said you hoped that Malwarebytes Antimalware have force breach mode?
    Malwarebytes have already got something similar, it is called Malwarebytes Chameleon.
    Malwarebytes Chameleon will allow Malwarebytes Antimalware to run on the computer when the computer is infected with Rogue Security Software.
    See here
    http://www.malwarebytes.org/products/chameleon/
    You might want to do a review on Malwarebytes Chameleon

  9. Shaun Zhang December 10, 2012 at 12:40 am #

    I will clarify further about Malwarebytes Chameleon
    As soon as Malwarebytes Chameleon is running, you press any key to continue.
    Malwarebytes Chameleon will do one of the following things:
    If Malwarebytes Antimalware is already installed, Malwarebytes Chameleon will update Malwarebytes Antimalware.
    If Malwarebytes Antimalware is not installed, but the Malwarebytes Antimalware installer is on the computer, it will install Malwarebytes Antimalware using that installer on the computer before it updates Malwarebytes Antimalware.
    If Malwarebytes Antimalware is not installed, and Malwarebytes Antimalware installer is not anywhere on the computer, it will download Malwarebytes Antimalware installer and install Malwraebytes Antimalware before it updates Malwarebytes Antimalware.
    After all known malicious process is terminated by Malwarebytes Chameleon, Malwarebytes Antimalware will be launched, and it will perform a quick scan.
    All you need to do from that point onwards is to wait for the scan to finish, and remove everything detected.
    Malwarebytes Chameleon may fail to run as malware may attempt to block access to it, in this case, close the window that blocks Malwarebytes Chameleon from running, and run it again.
    If it fails to run again, try to run a renamed version of it, there are also .com and .scr versions of it, try these ones if you have to.
    You may even want to run Malwarebytes Chameleon in Safe Mode With Networking, in this case it will be more likely for Malwarebytes Chameleon to run successfully.

  10. Shaun Zhang December 10, 2012 at 12:44 am #

    Sorry, forgot to mention that Malwarebytes Chameleon will terminate all known malicious processes after it updates Malwarebytes Antimalware

  11. Shaun Zhang December 10, 2012 at 12:57 am #

    Also note:
    If you have already got Malwarebytes Antimalware installed, Malwarebytes Chameleon is included, you can find it in C:\Program Files\Malwarebytes Antimalware\Chameleon.
    If you are going to run Malwarebytes Chameleon from C:\Program Files\Malwarebytes Antimalware\Chameleon folder, don’t run mbam-killer.exe since mbam-killer.exe is used by Malwarebytes Chameleon to terminate known malicious processes.

  12. jcitizen December 10, 2012 at 1:41 am #

    So far – anything that hits me on my honeypot limited account, I just run CCleaner and reboot. I’d like a crack at this new one! Of course, my clients get pwned anyway, so this is golden information. As always – thanks Matt!!

  13. Shaun Zhang December 10, 2012 at 2:36 am #

    Matt
    I would like to inform you that even if Malwarebytes Installer is on the computer, Malwarebytes chameleon may not find it, in this case it will download the installer from the internet.

  14. Shaun Zhang December 10, 2012 at 6:53 am #

    By the way Malwarebytes Chameleon will only recognise the Malwarebytes Antimalware installer if the Malwarebytes Antimalware installer is in the same folder as Malwarebytes Chameleon

  15. Shaun Zhang December 10, 2012 at 7:18 am #

    Also, if you are going to do this review to use Malwarebytes Chameleon when the installer of Malwarebytes Antimalware is on the computer, you need to move Malwarebytes Chameleon into a folder in the drive where your operating system is installed, otherwise it may not work, e.g. If your operating system drive is C:, you must move Malwarebytes Chameleon folder into C: drive (make sure you include mbam-setup.exe in that folder as well, other file name for the installer may not work) in order to make Malwarebytes Chameleon install Malwarebytes Antimalware successfully, although you can try it in D drive (New Volume), if you have one.

  16. Ted December 10, 2012 at 11:38 am #

    Do you have anything else more to add Shaun?

  17. Bill Martin May 15, 2014 at 3:33 am #

    i use hitman pro kickstart sometimes right now im not using it tempoary to use more of my other usb stuff i dont have enough usbs

Leave a Reply



Steven missirlian