Page 1 of 13

AV SP Discussion & Bypass

PostPosted:Tue Feb 21, 2012 7:58 am
by R00tKit
hi
i kill kaspersky service avp.exe in user mode

and this method also work for its UI :))

http://www.mediafire.com/?e6od81xewhkoyzr

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Tue Feb 21, 2012 8:33 am
by EP_X0FF
Hello,

are you plan to share more details about methods you used in your poc? Do they work on Vista+ systems?

Thanks.

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Tue Feb 21, 2012 10:45 am
by R00tKit
hi EP

with some change it worked Very well in windows seven :)

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Tue Feb 21, 2012 3:34 pm
by Tigzy
Hello

Any code or explanation?
Is this a PoC or the code is known?

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Tue Feb 21, 2012 5:38 pm
by Vrtule
I am interested in details of the killing method too.

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Wed Feb 22, 2012 8:07 am
by Brock
Why so interested? KAV is hardly invincible even from usermode :lol:

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Wed Feb 22, 2012 8:41 am
by Tigzy
It's not about KAV, I don't care on how is it invincible or not :D
It's only for information.

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Wed Feb 22, 2012 8:51 am
by Brock
Basic rule of thumb... GUI process = more vuln to attack ;) See such non-sense as this

http://www.kernelmode.info/forum/viewto ... 67&start=0

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Wed Feb 22, 2012 10:20 am
by Tigzy
Yes, I know there are numerous ways to kill a process : http://wj32.wordpress.com/2009/05/10/12 ... a-process/
What I only want to know is the method the author used to do this.

Re: Kill kaspersky 2012 from user mode :)

PostPosted:Wed Feb 22, 2012 10:39 am
by Brock
Author doesn't touch on other methods, just some general methods which are more than well known to public. I think the interest lies within a method which may not be on this __list__ ?