Hi these ones:
Postby R00tKit » Tue Feb 21, 2012 7:58 am
hi
i kill kaspersky service avp.exe in user mode
and this method also work for its UI :))
http://www.mediafire.com/?e6od81xewhkoyzr
Re: Kill kaspersky 2012 from user mode :)
Postby 0x16/7ton » Thu Oct 04, 2012 7:12 pm
Hello again:)
So as promised, I wrote a PoC specifically for creation of av Kaspersky.
This PoC update NtClose code with some features ..But now unloading only service avp.
And okay look it here video:
http://www.sendspace.com/file/6k2ooy
:lol: :lol: :lol: :lol: very funny kasp :)
Re: AV SP Discussion & Bypass
Postby R00tKit » Tue Nov 20, 2012 9:10 am
Ok ha ha ha
just another AV killer
we ( me and my good friend 0x16/7ton ) write POC that can be able kill AV
Securuty flaw allowed total manipulation with av soft. with this trick we able to inject code inside AV processes and for test we target Dr.web , As payload we choose injecting code into the original GUI process and sending special IOCTL to it driver and disable it self-protection ( for fun :mrgreen: we select sending ioctl , although killing it is simple without send anything )
we say this is universal method fro injection code inside AV process but need test over AV's
demo :
http://www.sendspace.com/file/bm7a8i
regard
Re: AV SP Discussion & Bypass
Postby rinn » Tue Nov 20, 2012 9:54 am
Hi.
Yet another Dr.Web 8 termination, which differs from the above posted.
Link to download.
http://www.sendspace.com/file/cicteh
Pasword for archive is "test" without quotes.
Last edited by EP_X0FF on Wed Nov 04, 2015 4:48 am, edited 2 times in total.
Reason: quote added
