Jump to content

Switchblade

digital desperado

By digital desperado
in Questions

 Share

Recommended Posts

Joerg Newbie

Joerg

Posted
Posted

I think nircmd closes a windows with the title "Remo*", but I didn't look into the code.

The best solution is to deactivate the antivirus program. I don't think that you can prevent the picking up if you run these applications, but you can pack them into an encrypted archive, which will protect them of being scanned.

But to execute them, you need to extract them and this will alert your anti virus software.

Link to comment
Share on other sites
digital desperado Newbie

digital desperado

Posted
  • Author
Posted

Thanks for your help Joerg

I was reading old forum talks and came across moonlit's thread about AVKill. I was real interested in all the things said about it. I would like like to find a program that kills antivirus without hurting the computer and being able to restart the antivirus when the person reboots the computer.

I downloaded an old copy of switchblade and have been picking it apart to see how it works. I have just about figured out almost every thing. I have a good friend who is willing to let put it on his computer to see how it works because he has "Deep freeze" installed so it shouldn't cause him any long lasting problems.

In switchblade there are a couple of things I still don't understand......in "progcc.bat" area there is a line that states......

nircmd.exe win close ititle "Remo"

and in "modsmax.bat" it states..........

nircmd.exe win max ititle "Remo"

Do you know what those lines do? Can you tell me if there is a AVKill type program that won't hurt a persons computer and resets upon reboot? I have done google searches on both of these questions and didn't find the answer or perhaps I didn't ask the right question. I know csrss.exe is a AVKill program. But I'm not sure if it does the things I asked above. I don't want to hurt anyones computer. Thanks Again.

Link to comment
Share on other sites
moonlit Newbie

moonlit

Posted
Posted
I was reading old forum talks and came across moonlit's thread about AVKill. I was real interested in all the things said about it. I would like like to find a program that kills antivirus without hurting the computer and being able to restart the antivirus when the person reboots the computer.

That's what AVKill did but I no longer distribute AVKill in binary or source form and will not resume doing so. It was only useful against a certain number of antivirus products and I never intended it to be any more than a proof of concept (though many came before mine, I just wanted to see if I could do it).

Link to comment
Share on other sites
  • 2 months later...
RedGiant Newbie

RedGiant

Posted
Posted
That's what AVKill did but I no longer distribute AVKill in binary or source form and will not resume doing so. It was only useful against a certain number of antivirus products and I never intended it to be any more than a proof of concept (though many came before mine, I just wanted to see if I could do it).

Would you be willing to share some information about AVKill, or where one can look to get more information? Was it just a bunch of net stop {service} commands? I've been reading about modifying executables to avoid detection, but killing the AV may be easier (or not). Seems like the AV co's are making it harder to stop the service, no matter what privs you have.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...