Jump to content

Help Pocketknife


0hWhatsH1sFace

Recommended Posts

Hello,

I recently created an USB pocketknife using the USB HACKS forum section. However, I ran it on my machine accidentally and now it is disabling the anitvius. I have tried running the "antidote" files but it doesn't seem to be working. What do I do to fix this. Please answer as soon as possible. Thank you.

Link to comment
Share on other sites

Hello,

I recently created an USB pocketknife using the USB HACKS forum section. However, I ran it on my machine accidentally and now it is disabling the anitvius. I have tried running the "antidote" files but it doesn't seem to be working. What do I do to fix this. Please answer as soon as possible. Thank you.

you need to kill the process, or figure out when it was installed and uninstall it it, im not fomiliar with the program but you might need to remove it from start up to, if that doesn't work, safemode and kill it. if nothing else works reinstall your anti virus.

Link to comment
Share on other sites

you need to kill the process, or figure out when it was installed and uninstall it it, im not fomiliar with the program but you might need to remove it from start up to, if that doesn't work, safemode and kill it. if nothing else works reinstall your anti virus.

http://forums.hak5.org/index.php?showtopic=6746

That is what I am referring to. I am not sure how to kill the process though. Im pretty sure it runs on start up also

Link to comment
Share on other sites

Please don't Bump your own post, it will just make us not want to respond to you.

If you supplied more information it might be of more help:

What OS?

Detail of what you have tried?

Have you checked your startup for an entry to delete?

Have you run the "Antidote" with Administrator Privileges (Right click, run as Administrator)

Link to comment
Share on other sites

Please don't Bump your own post, it will just make us not want to respond to you.

If you supplied more information it might be of more help:

What OS?

Detail of what you have tried?

Have you checked your startup for an entry to delete?

Have you run the "Antidote" with Administrator Privileges (Right click, run as Administrator)

Sorry,

I have Windows 7, I have tried looking for a file in startup that I could uncheck/delete but had no luck, I ran the "Antidote" with administrator priviliges, however I am not sure that the antidote applies to the Anti- Virus Kill.

Link to comment
Share on other sites

Deleted comment, (you posted right before I did and it was redundant)

New comment: honestly I would run a bootable anti virus cd

Okay do you know where I could download one/could you recommend one? Im a little hesitant about downloading things though at the moment with my antivirus software not working...

Link to comment
Share on other sites

Download a linux distro (Backtrack 5, Ubuntu, Knoppix, Whatever you want) and find that file and just rename it after you boot from the LIVE DVD/CD.

Renaming the file should prevent it from starting and if that is not the correct file killing the antivirus you can rename it back to what it should be.

So take csrss.exe and do:

mv csrss.exe csrss.exe.bak

run that command from the directory csrss is in.

Link to comment
Share on other sites

Doh! csrss.exe, is a SYSTEM file! DO NOT DELETE IT IF IT LIVES IN SYSTEM32!! If however, it is in some place like c:\csrss.exe, then remove it. But do not try to kill it without ensuring its a rouge version of the real windows file, check the path in task manager or Sysinternals process explorer, and if its outside of the system folder, then its not legit and safe to kill. On a side note, try uninstalling the AV, then reinstalling, should fix any issues you have with the anti-virus software. The payload for the thumbdrive you created should have all the source files and instructions in a readme though. At least, most of the usb hacks came with documentation in the files or instructions in the thread on how to use it.

Link to comment
Share on other sites

Executing a file that you have no idea what its consequences will bring about, its a really bad Idea. Go to the taskmanager and see if there is any unusual process taking up CPU cycles. Or post a screen shot of what your taskmanager looks like.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...