Hi I am doing so research to improve my network security, and I wanted to find out
What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
Printable View
Hi I am doing so research to improve my network security, and I wanted to find out
What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
Once a hacker/virus has free reign on your computer he/she/it can do whatever he/she/it wants. It's trivial to lookup centain keywords (like NAV2000.EXE i.e.) in the processlist and kill that process.
And some viruses/worms/trojans disable your AV and firewalln if they can get past your protections in the first place. (like before you have updated your virus data files.)
You might like to look at :
http://www.winpatrol.com
http://www.diamondcs.com.au
http://digilander.libero.it/zancart
Also, if you can, run hijack this on one of the machines, and post the log?
I would be inclined to isolate one, connect it to the net and run Housecall from Trend Micro, might help you find out what you are dealing with?
Good luck
EDIT:.....yes, that is my theoretical answer to your theoretical question :)
Moxnix..............so that's what happened to my peanut butter & jelly sandwich?........I had accused my Tomcat, and grounded him from virus writing...........guess I will have to apologise?
:D
if a hacker were inside your network running as admin s/he could use pslist on your machine to see what processes are running and kill it with pskill. the same could be done if NB access is obtained. a bat calling pskill could be added to start-up. a hacker could bind a stealth bat file to a harmless executable or make it an email attachment which included a net stop command for the service names of all popular av's od a vbs that used rpc to do the same. bat2exe can be used to make a bat file a com file it could be named microsoft.com hotchick.com whatever.com and an unsuspecting |user could be tricked into running it. should i keep going?
tools that kill processes are not detected by av...they're legit! the newest bat stealthers are still not detected and a properly morphed and packed pair of executables can bypass detection.
its a jungle out there!
most of the best (best in the hackers piont of view) trojans,rats ,and viruses come with this feature. these trojans ,viruses,or rats can kill any firewall or antivirus they just have to know the name of the processes (which is not very hard )and put it in the kill process list and it will
search the running proceses and if he or she put the type of firewall or anti virus name youhave in the list it will be killed
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
good luck ;)
dont know if this has been posted yet so sorry if it has been already
Now thats very easy.....just unplug what ever internet connection that you may have and don't ever connect to the net again.....or load anything from removable storage either....or if you have infrared capabilities, allow any laptop or portable device near your computer (including cell phones)......or -- just about anything.Quote:
Originally posted here by disturb
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
nilih, so it was your tom at fault.....but why did he close the tray with the sandwich in it?? Sure made a mess when your over-applied jelly squirted all over.
attacker can use trojan/worm/process killer that can disable your AV, once it pass through your security he can modefied, delete,configure other program in your pc by use of trojan such as BO and sub7 that are mostly downloaded in the internet.. the coz the intrusion is the low security and outdated virus definition...
to disable your AV an attacker needs full access to your system which he can gain using different methods,when he got there he would search for some known proccess and then kill it.on windows this is lot easier the atacker searches your MUICACHE and finds the proccess it needs to kill.The hardest part of this for an atacker is the first step which is getting full access
to your system a smart hacker could easily do so by exploiting not made public vulnerabilities and a lame cracker would use known exploits against you to get access.
He can't use exploit, or any kind of tool the AV is there for this. and I think without an exploit is much harder to getadmin. therefor harder to kill the AV. I am right?
You might like to check out Dialogue Science...a Russian outfit? I remember trying their software some time ago.
When you set it up you have to input to the system so it creates unique names & paths for files and processes? I think the idea of that was to make it hard to kill?
Cheers
i want the password of [email protected]
taken from the keshava's profileshouldn't the bit in red be stupid(!?)Quote:
Birthday 1984-02-14
OS computer
Skill Set explotive techniques
Work Experience education(university)
Biography i am a student, i am very bold.
Location bangalore
Interests playing cricket, reading books.
Occupation student
v_Ln
too funny, at least give the reasons, like my mom is dying and her doctors phone number is in her account and the hospital lost it!!!!
or , all my checking account ifo is in my account and could you plz help me retrieve it
or , etc, etc, etc,
i got to come back here more often that made me laugh so hard during what was otherwise a bleak day, especially where it was posted
the lack of imagination and straightforwardness was a little disappointing, thoughQuote:
Kesh old chap, you really will have to behave?....we have just stuffed the West Indies....you lot are next.....hey, please ask your father when you will be able to learn Rugby? :D
OK I give you guys the hockey..............but claim golf in return?
Tiger hunting?......fine, as long as I get the kit I want, and me and the Tiger get thirty minutes start....it shouldn't matter for him/her.......but it does for me?
I am older than your father I suspect? so please respect us old farts here?
Cheers
EDIT: i want the password of [email protected]
Why?
What has Mohan done to you?........is he poisonous to TIGERS?....is he aware that I have to feed my baby on other snakes?
Sounds like some sort of bad guy?
Stay lucky
Quote:
Originally posted here by valhallen
taken from the keshava's profile
shouldn't the bit in red be stupid(!?)
v_Ln
Yes is the answer to that question Val.
Kesh.Kesh.Kesh......You have set new standards for the worst first post on AO.
I do respect the fact that you are a Grand Master of "Explotive" techniques. pfft.
Kesh:
Points for:-
1. Social engineering 1 (you might have thought we were stupid)
2. Quality of post 0 (you get a "let" on that if it was your first
3. Ability to read 0 ( no "let" on that... the first page is clearly presented)
4. Stupidity 10 (I thinkk you have this "down pat"... Congratulations...)
BTW, I already have mohan's password and a few other "juicy" things too.... PM me and I'll help you out.....