Hi I am doing so research to improve my network security, and I wanted to find out
What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
Printable View
Hi I am doing so research to improve my network security, and I wanted to find out
What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
Once a hacker/virus has free reign on your computer he/she/it can do whatever he/she/it wants. It's trivial to lookup centain keywords (like NAV2000.EXE i.e.) in the processlist and kill that process.
And some viruses/worms/trojans disable your AV and firewalln if they can get past your protections in the first place. (like before you have updated your virus data files.)
You might like to look at :
http://www.winpatrol.com
http://www.diamondcs.com.au
http://digilander.libero.it/zancart
Also, if you can, run hijack this on one of the machines, and post the log?
I would be inclined to isolate one, connect it to the net and run Housecall from Trend Micro, might help you find out what you are dealing with?
Good luck
EDIT:.....yes, that is my theoretical answer to your theoretical question :)
Moxnix..............so that's what happened to my peanut butter & jelly sandwich?........I had accused my Tomcat, and grounded him from virus writing...........guess I will have to apologise?
:D
if a hacker were inside your network running as admin s/he could use pslist on your machine to see what processes are running and kill it with pskill. the same could be done if NB access is obtained. a bat calling pskill could be added to start-up. a hacker could bind a stealth bat file to a harmless executable or make it an email attachment which included a net stop command for the service names of all popular av's od a vbs that used rpc to do the same. bat2exe can be used to make a bat file a com file it could be named microsoft.com hotchick.com whatever.com and an unsuspecting |user could be tricked into running it. should i keep going?
tools that kill processes are not detected by av...they're legit! the newest bat stealthers are still not detected and a properly morphed and packed pair of executables can bypass detection.
its a jungle out there!
most of the best (best in the hackers piont of view) trojans,rats ,and viruses come with this feature. these trojans ,viruses,or rats can kill any firewall or antivirus they just have to know the name of the processes (which is not very hard )and put it in the kill process list and it will
search the running proceses and if he or she put the type of firewall or anti virus name youhave in the list it will be killed
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
good luck ;)
dont know if this has been posted yet so sorry if it has been already
Now thats very easy.....just unplug what ever internet connection that you may have and don't ever connect to the net again.....or load anything from removable storage either....or if you have infrared capabilities, allow any laptop or portable device near your computer (including cell phones)......or -- just about anything.Quote:
Originally posted here by disturb
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
nilih, so it was your tom at fault.....but why did he close the tray with the sandwich in it?? Sure made a mess when your over-applied jelly squirted all over.
attacker can use trojan/worm/process killer that can disable your AV, once it pass through your security he can modefied, delete,configure other program in your pc by use of trojan such as BO and sub7 that are mostly downloaded in the internet.. the coz the intrusion is the low security and outdated virus definition...
to disable your AV an attacker needs full access to your system which he can gain using different methods,when he got there he would search for some known proccess and then kill it.on windows this is lot easier the atacker searches your MUICACHE and finds the proccess it needs to kill.The hardest part of this for an atacker is the first step which is getting full access
to your system a smart hacker could easily do so by exploiting not made public vulnerabilities and a lame cracker would use known exploits against you to get access.
He can't use exploit, or any kind of tool the AV is there for this. and I think without an exploit is much harder to getadmin. therefor harder to kill the AV. I am right?