Jump to content

Working AV Killer


catchyanow
 Share

Recommended Posts

I have managed to make a batch file that will stop all (or most anyway) security services that prevent our tools from running. It is a simple batch file and I think that with a bit of editing it can be implanted into Switchblade.

Credit:

The guys at Hack Forums.net and DELmE's Batch Virus Generator v 2.0

Thanks guys.

Download:

Media Fire

Rapidshare, Mega upload and LOTS more (Multiupload.com)

If you need to kill another process just tell me what it is and I will add it to the list and update the links. :D

Hope all of this helped.

Link to comment
Share on other sites

Call me crazy but i think most AVs today run in the kernel level, so a simple .bat file won't kill them...

How much testing have you done (i could be wrong)?

Link to comment
Share on other sites

  • 1 month later...

Let's see it...

The command "tskill" does not exist anymore on Vista/7. Up to now I don't have this command on my Vista nor 7.

Assuming "taskkill" command on XP+Vista+7.

Let's see your file on my XP SP3, with Avast & Antivir Avira & Norton :

- Avira detects it as "virus batch" and delete it..

- Avast too, as trojan

- Nothing for norton.

IT DOES NOT WORK AT ALL (see log : http://pastebin.com/f3eb3c9cd )

"Access is denied."

Antivirus's still up ;)

They run in kernelland, so your lazy batch can't shoot them..

Moreover, you don't even RTFM, you should have used :

taskkill /F (force to terminate the process) and /IM for imagename (processus name)

The same for the firewall, the good command is :

netsh firewall set opmode mode = disable >nul

AVkillers in userland NEVER work and will NEVER work.

Link to comment
Share on other sites

first off it needs to run as system ... so you would need to use something like "

http://rmccurdy.com/scripts/procexp%20as%20system.exe

or

http://rmccurdy.com/scripts/RUNAS_SYSTEM.vbs ( xp )

I would startover and use something like getcountermeasure script and work backward to a .bat:

http://www.google.com/search?q=metasploit++getcountermeasure

http://rmccurdy.com/scripts/quickclean.txt ( some M$ batch foo )

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...