[EP_X0FF]

Hello,

Test complete. PoC working - Kaspersky v13.0.1.4190 with default settings successfully prevented from work (including service). All job done from user mode - Kaspersky don't popup any warnings etc, all it hooks stay in place. GJ. Seems this method can be adopted for some malware usage.

[R00tKit]

YES YES i love this works :D
kaspersky lol lol
more info?
EP_X0FF is now chief executive of KIAKP : kernelmode.info Institution of approving Kaspersky killer POC :mrgreen: :mrgreen: :lol: :lol: :lol:

Propaganda: you have kasperkiller ? send to us (Public relations of KIAKP ) :lol: :lol:

[0x16/7ton]

Hello,

Test complete. PoC working - Kaspersky v13.0.1.4190 with default settings successfully prevented from work (including service). All job done from user mode - Kaspersky don't popup any warnings etc, all it hooks stay in place. GJ. Seems this method can be adopted for some malware usage.

Thanks EP_X0FF.As time appears,maybe i create new PoC.

[Thanat0S]

so who will share this POC with us?

[EP_X0FF]

so who will share this POC with us? :P

Obviously it's only author will decide - will he share or not.

[0x16/7ton]

okay here my article :
http://www.kernelmode.info/forum/viewto ... =11&t=1878
have fun :)

[0x16/7ton]

Hello again:)
So as promised, I wrote a PoC specifically for creation of av Kaspersky.
This PoC update NtClose code with some features ..But now unloading only service avp.
And okay look it here video:
http://www.sendspace.com/file/6k2ooy
:lol: :lol: :lol: :lol: very funny kasp :)

[R00tKit]

@0x16/7ton
hi amigo
what version of kaspersky?
if it is 2012 so what difference compare with my Code make this code beneficial ? i think nothing

thanks

[0x16/7ton]

@0x16/7ton
hi amigo
what version of kaspersky?
if it is 2012 so what difference compare with my Code make this code beneficial ? i think nothing

thanks

Of course it is Kaspersky v13.0.1.4190 .

my regards :)

[R00tKit]

so it hint my code is more valuable :)