-
March 31st, 2004, 02:26 PM
#1
Member
Killing Ant-Virus
Hi I am doing so research to improve my network security, and I wanted to find out
What are the ways that a hacker would disable my anti virus monitor? Whitout my knowledge?
You are what you have conquered not what you have!
-
March 31st, 2004, 02:32 PM
#2
Once a hacker/virus has free reign on your computer he/she/it can do whatever he/she/it wants. It's trivial to lookup centain keywords (like NAV2000.EXE i.e.) in the processlist and kill that process.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
March 31st, 2004, 02:47 PM
#3
And some viruses/worms/trojans disable your AV and firewalln if they can get past your protections in the first place. (like before you have updated your virus data files.)
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
March 31st, 2004, 04:27 PM
#4
You might like to look at :
http://www.winpatrol.com
http://www.diamondcs.com.au
http://digilander.libero.it/zancart
Also, if you can, run hijack this on one of the machines, and post the log?
I would be inclined to isolate one, connect it to the net and run Housecall from Trend Micro, might help you find out what you are dealing with?
Good luck
EDIT:.....yes, that is my theoretical answer to your theoretical question
Moxnix..............so that's what happened to my peanut butter & jelly sandwich?........I had accused my Tomcat, and grounded him from virus writing...........guess I will have to apologise?
-
March 31st, 2004, 07:21 PM
#5
if a hacker were inside your network running as admin s/he could use pslist on your machine to see what processes are running and kill it with pskill. the same could be done if NB access is obtained. a bat calling pskill could be added to start-up. a hacker could bind a stealth bat file to a harmless executable or make it an email attachment which included a net stop command for the service names of all popular av's od a vbs that used rpc to do the same. bat2exe can be used to make a bat file a com file it could be named microsoft.com hotchick.com whatever.com and an unsuspecting |user could be tricked into running it. should i keep going?
tools that kill processes are not detected by av...they're legit! the newest bat stealthers are still not detected and a properly morphed and packed pair of executables can bypass detection.
its a jungle out there!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
March 31st, 2004, 09:06 PM
#6
Senior Member
most of the best (best in the hackers piont of view) trojans,rats ,and viruses come with this feature. these trojans ,viruses,or rats can kill any firewall or antivirus they just have to know the name of the processes (which is not very hard )and put it in the kill process list and it will
search the running proceses and if he or she put the type of firewall or anti virus name youhave in the list it will be killed
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
good luck
dont know if this has been posted yet so sorry if it has been already
-
April 1st, 2004, 03:32 AM
#7
Originally posted here by disturb
just dont downlaod anything that can be a trojan
when i find out how to provent this from happening i will notify you
ps if you find out please tellme how to provent this from happening
Now thats very easy.....just unplug what ever internet connection that you may have and don't ever connect to the net again.....or load anything from removable storage either....or if you have infrared capabilities, allow any laptop or portable device near your computer (including cell phones)......or -- just about anything.
nilih, so it was your tom at fault.....but why did he close the tray with the sandwich in it?? Sure made a mess when your over-applied jelly squirted all over.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
April 1st, 2004, 12:51 PM
#8
attacker can use trojan/worm/process killer that can disable your AV, once it pass through your security he can modefied, delete,configure other program in your pc by use of trojan such as BO and sub7 that are mostly downloaded in the internet.. the coz the intrusion is the low security and outdated virus definition...
-
April 1st, 2004, 04:26 PM
#9
to disable your AV an attacker needs full access to your system which he can gain using different methods,when he got there he would search for some known proccess and then kill it.on windows this is lot easier the atacker searches your MUICACHE and finds the proccess it needs to kill.The hardest part of this for an atacker is the first step which is getting full access
to your system a smart hacker could easily do so by exploiting not made public vulnerabilities and a lame cracker would use known exploits against you to get access.
-
April 10th, 2004, 11:33 PM
#10
Member
He can't use exploit, or any kind of tool the AV is there for this. and I think without an exploit is much harder to getadmin. therefor harder to kill the AV. I am right?
You are what you have conquered not what you have!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|