digital desperado Posted July 5, 2008 Share Posted July 5, 2008 I'm new here..... Here is my question: in switchblade in folder "Progcc.bat", what does nircmd.exe win close ititle "Remo" do? also netpass.exe, mailpv.exe, mspass.exe were picked up by my anti virus scan (AVG). What can be done to stop that? Thanks for any help Quote Link to comment Share on other sites More sharing options...
Joerg Posted July 5, 2008 Share Posted July 5, 2008 I think nircmd closes a windows with the title "Remo*", but I didn't look into the code. The best solution is to deactivate the antivirus program. I don't think that you can prevent the picking up if you run these applications, but you can pack them into an encrypted archive, which will protect them of being scanned. But to execute them, you need to extract them and this will alert your anti virus software. Quote Link to comment Share on other sites More sharing options...
digital desperado Posted July 6, 2008 Author Share Posted July 6, 2008 Thanks for your help Joerg I was reading old forum talks and came across moonlit's thread about AVKill. I was real interested in all the things said about it. I would like like to find a program that kills antivirus without hurting the computer and being able to restart the antivirus when the person reboots the computer. I downloaded an old copy of switchblade and have been picking it apart to see how it works. I have just about figured out almost every thing. I have a good friend who is willing to let put it on his computer to see how it works because he has "Deep freeze" installed so it shouldn't cause him any long lasting problems. In switchblade there are a couple of things I still don't understand......in "progcc.bat" area there is a line that states...... nircmd.exe win close ititle "Remo" and in "modsmax.bat" it states.......... nircmd.exe win max ititle "Remo" Do you know what those lines do? Can you tell me if there is a AVKill type program that won't hurt a persons computer and resets upon reboot? I have done google searches on both of these questions and didn't find the answer or perhaps I didn't ask the right question. I know csrss.exe is a AVKill program. But I'm not sure if it does the things I asked above. I don't want to hurt anyones computer. Thanks Again. Quote Link to comment Share on other sites More sharing options...
moonlit Posted July 6, 2008 Share Posted July 6, 2008 I was reading old forum talks and came across moonlit's thread about AVKill. I was real interested in all the things said about it. I would like like to find a program that kills antivirus without hurting the computer and being able to restart the antivirus when the person reboots the computer. That's what AVKill did but I no longer distribute AVKill in binary or source form and will not resume doing so. It was only useful against a certain number of antivirus products and I never intended it to be any more than a proof of concept (though many came before mine, I just wanted to see if I could do it). Quote Link to comment Share on other sites More sharing options...
RedGiant Posted September 19, 2008 Share Posted September 19, 2008 That's what AVKill did but I no longer distribute AVKill in binary or source form and will not resume doing so. It was only useful against a certain number of antivirus products and I never intended it to be any more than a proof of concept (though many came before mine, I just wanted to see if I could do it). Would you be willing to share some information about AVKill, or where one can look to get more information? Was it just a bunch of net stop {service} commands? I've been reading about modifying executables to avoid detection, but killing the AV may be easier (or not). Seems like the AV co's are making it harder to stop the service, no matter what privs you have. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.