Results 1 to 8 of 8

Thread: need help disabling anti virus

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default need help disabling anti virus

    hi guys,

    i have 2 machines setup one is running backtrack and the other is running xp

    i have installed avg free on the xp machine and i want to try and disable it using meterpreter.

    i have a meterpreter session running and i run getcountermeasure and i run killav but it does not kill avg

    any ideas?

    thanks in advance

  2. #2
    Senior Member skull2006's Avatar
    Join Date
    Jan 2010
    Location
    In my skull
    Posts
    125

    Default Re: need help disabling anti virus

    Quote Originally Posted by roonie View Post
    hi guys,

    i have 2 machines setup one is running backtrack and the other is running xp

    i have installed avg free on the xp machine and i want to try and disable it using meterpreter.

    i have a meterpreter session running and i run getcountermeasure and i run killav but it does not kill avg

    any ideas?

    thanks in advance
    you have session so that's it don't matter if you disable AV or not.

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: need help disabling anti virus

    Quote Originally Posted by skull2006 View Post
    you have session so that's it don't matter if you disable AV or not.
    i have a session because i ran the payload on the xp machine to connect back to me. the problem is when i try to add meterpreter as a service using metsvc AVG will pick this up i want to be able to disable AVG somehow

  4. #4
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: need help disabling anti virus

    Antivirus Bypass
    ps to list processes in meterpeter, kill avg and any daemons that might be monitoring it (they can be sneaky).

  5. #5
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: need help disabling anti virus

    Get GUI with VNC then goto add and remove programs then remove the offender (AVG). Or yo can follow CKings suggestion if you want to be a little bit more stealthy although killing some of these processes might be more difficult than you think.

  6. #6
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default Re: need help disabling anti virus

    thanks for the replies

    i tried killing the processes for avg but they keep coming back.

    i got my meterpreter session to connect back to me without AVG knowing by using the msfencode and using shitkata_ga_nai to encoded it

    my problem is when i run the metsvc script in meterpreter AVG picks this up, i dont know if there is someway to use msfencode on these scripts?

  7. #7
    Member CKing's Avatar
    Join Date
    Mar 2010
    Location
    downtown, riverfront
    Posts
    83

    Default Re: need help disabling anti virus

    You wouldn't want to encode the script itself, it only runs on you're machine, you would want to encode the executable the script is uploading and running. I'm going to say right now that I have zero experience with metsvc but from looking at the script at http://=https://www.metasploit.com/r...eter/metsvc.rb it looks like you could just encode the metsvc.exe (or whatever avg is detecting) file before its uploaded.
    The process keeps coming back because there is a daemon(s) monitoring it. After reading " [urlhttp://www.velocityreviews.com/forums/t622945-p4-how-do-you-stop-avg.html]How do you stop AVG? - Page 4[/url] " I concluded the daemon was called avgwdsvc.exe. You need to kill the daemon(s) and then the process itself immediately after, it is possible that the daemons will be faster than your connection making this approach impossible.
    Next i would try renaming(or removing) the avg executable then killing it so the daemon cant find it when it trys to restart it.
    This community typically encourages(strongly) a help yourself attitude so in the future try your favourite search engine first, but all the same I hope that helps and post back if it works.

  8. #8
    Senior Member
    Join Date
    Jul 2009
    Posts
    135

    Default Re: need help disabling anti virus

    You can try to add an "exception" for the offending executables in AVG. Go withing AVG's settings to do so.

Similar Threads

  1. Anti-Ettercap tools
    By SecureSurfer in forum Beginners Forum
    Replies: 11
    Last Post: 06-14-2010, 03:04 PM
  2. Recompile WHOSTHERE to avoid Anti-Virus
    By Stewtn in forum OLD Pentesting
    Replies: 3
    Last Post: 10-06-2009, 11:42 PM
  3. Error: disabling IRQ 7
    By BigMac in forum OLD Newbie Area
    Replies: 1
    Last Post: 06-30-2008, 02:12 AM
  4. Which anti-interception comunication?
    By drpepperONE in forum OLD General IT Discussion
    Replies: 3
    Last Post: 01-27-2008, 08:59 AM
  5. Firefox anti aliasing?
    By flxfxp in forum OLD BackTrack v2.0 Final
    Replies: 0
    Last Post: 03-15-2007, 11:18 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •