Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Killing Ant-Virus

  1. #1

    Killing Ant-Virus

    Hi I am doing so research to improve my network security, and I wanted to find out
    What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
    You are what you have conquered not what you have!

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Once a hacker/virus has free reign on your computer he/she/it can do whatever he/she/it wants. It's trivial to lookup centain keywords (like NAV2000.EXE i.e.) in the processlist and kill that process.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    And some viruses/worms/trojans disable your AV and firewalln if they can get past your protections in the first place. (like before you have updated your virus data files.)
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    You might like to look at :

    http://www.winpatrol.com
    http://www.diamondcs.com.au
    http://digilander.libero.it/zancart

    Also, if you can, run hijack this on one of the machines, and post the log?

    I would be inclined to isolate one, connect it to the net and run Housecall from Trend Micro, might help you find out what you are dealing with?

    Good luck

    EDIT:.....yes, that is my theoretical answer to your theoretical question

    Moxnix..............so that's what happened to my peanut butter & jelly sandwich?........I had accused my Tomcat, and grounded him from virus writing...........guess I will have to apologise?


  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    if a hacker were inside your network running as admin s/he could use pslist on your machine to see what processes are running and kill it with pskill. the same could be done if NB access is obtained. a bat calling pskill could be added to start-up. a hacker could bind a stealth bat file to a harmless executable or make it an email attachment which included a net stop command for the service names of all popular av's od a vbs that used rpc to do the same. bat2exe can be used to make a bat file a com file it could be named microsoft.com hotchick.com whatever.com and an unsuspecting |user could be tricked into running it. should i keep going?

    tools that kill processes are not detected by av...they're legit! the newest bat stealthers are still not detected and a properly morphed and packed pair of executables can bypass detection.

    its a jungle out there!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Senior Member
    Join Date
    Feb 2004
    Posts
    197
    most of the best (best in the hackers piont of view) trojans,rats ,and viruses come with this feature. these trojans ,viruses,or rats can kill any firewall or antivirus they just have to know the name of the processes (which is not very hard )and put it in the kill process list and it will
    search the running proceses and if he or she put the type of firewall or anti virus name youhave in the list it will be killed

    just dont downlaod anything that can be a trojan


    when i find out how to provent this from happening i will notify you

    ps if you find out please tellme how to provent this from happening

    good luck




    dont know if this has been posted yet so sorry if it has been already

  7. #7
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by disturb


    just dont downlaod anything that can be a trojan


    when i find out how to provent this from happening i will notify you

    ps if you find out please tellme how to provent this from happening

    Now thats very easy.....just unplug what ever internet connection that you may have and don't ever connect to the net again.....or load anything from removable storage either....or if you have infrared capabilities, allow any laptop or portable device near your computer (including cell phones)......or -- just about anything.

    nilih, so it was your tom at fault.....but why did he close the tray with the sandwich in it?? Sure made a mess when your over-applied jelly squirted all over.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  8. #8
    attacker can use trojan/worm/process killer that can disable your AV, once it pass through your security he can modefied, delete,configure other program in your pc by use of trojan such as BO and sub7 that are mostly downloaded in the internet.. the coz the intrusion is the low security and outdated virus definition...

  9. #9
    to disable your AV an attacker needs full access to your system which he can gain using different methods,when he got there he would search for some known proccess and then kill it.on windows this is lot easier the atacker searches your MUICACHE and finds the proccess it needs to kill.The hardest part of this for an atacker is the first step which is getting full access
    to your system a smart hacker could easily do so by exploiting not made public vulnerabilities and a lame cracker would use known exploits against you to get access.

  10. #10
    He can't use exploit, or any kind of tool the AV is there for this. and I think without an exploit is much harder to getadmin. therefor harder to kill the AV. I am right?
    You are what you have conquered not what you have!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •