[R00tKit]

hi
i kill kaspersky service avp.exe in user mode

and this method also work for its UI :))

http://www.mediafire.com/?e6od81xewhkoyzr

[EP_X0FF]

Hello,

are you plan to share more details about methods you used in your poc? Do they work on Vista+ systems?

Thanks.

[R00tKit]

hi EP

with some change it worked Very well in windows seven :)

[Tigzy]

Hello

Any code or explanation?
Is this a PoC or the code is known?

[Vrtule]

I am interested in details of the killing method too.

[Brock]

Why so interested? KAV is hardly invincible even from usermode :lol:

[Tigzy]

It's not about KAV, I don't care on how is it invincible or not :D
It's only for information.

[Brock]

Basic rule of thumb... GUI process = more vuln to attack ;) See such non-sense as this

http://www.kernelmode.info/forum/viewto ... 67&start=0

[Tigzy]

Yes, I know there are numerous ways to kill a process : http://wj32.wordpress.com/2009/05/10/12 ... a-process/
What I only want to know is the method the author used to do this.

[Brock]

Author doesn't touch on other methods, just some general methods which are more than well known to public. I think the interest lies within a method which may not be on this __list__ ?