Jump to content

Recommended Posts

Posted

I have managed to make a batch file that will stop all (or most anyway) security services that prevent our tools from running. It is a simple batch file and I think that with a bit of editing it can be implanted into Switchblade.

Credit:

The guys at Hack Forums.net and DELmE's Batch Virus Generator v 2.0

Thanks guys.

Download:

Media Fire

Rapidshare, Mega upload and LOTS more (Multiupload.com)

If you need to kill another process just tell me what it is and I will add it to the list and update the links. :D

Hope all of this helped.

Posted

Call me crazy but i think most AVs today run in the kernel level, so a simple .bat file won't kill them...

How much testing have you done (i could be wrong)?

  • 1 month later...
Posted

Let's see it...

The command "tskill" does not exist anymore on Vista/7. Up to now I don't have this command on my Vista nor 7.

Assuming "taskkill" command on XP+Vista+7.

Let's see your file on my XP SP3, with Avast & Antivir Avira & Norton :

- Avira detects it as "virus batch" and delete it..

- Avast too, as trojan

- Nothing for norton.

IT DOES NOT WORK AT ALL (see log : http://pastebin.com/f3eb3c9cd )

"Access is denied."

Antivirus's still up ;)

They run in kernelland, so your lazy batch can't shoot them..

Moreover, you don't even RTFM, you should have used :

taskkill /F (force to terminate the process) and /IM for imagename (processus name)

The same for the firewall, the good command is :

netsh firewall set opmode mode = disable >nul

AVkillers in userland NEVER work and will NEVER work.

Posted

first off it needs to run as system ... so you would need to use something like "

http://rmccurdy.com/scripts/procexp%20as%20system.exe

or

http://rmccurdy.com/scripts/RUNAS_SYSTEM.vbs ( xp )

I would startover and use something like getcountermeasure script and work backward to a .bat:

http://www.google.com/search?q=metasploit++getcountermeasure

http://rmccurdy.com/scripts/quickclean.txt ( some M$ batch foo )

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...