EvilZone
Hacking and Security => Beginner's Corner => : Revolution99 September 27, 2015, 01:48:28 PM
-
Hi ! I am making a virus with C#. My question is, if anyone knows, any idea, on how i can close the antivirus. Any antivirus. How i can crash them or kill their process without to find out the exactly name of the process (because in that case i have to download all the antivirus thet exists on the world to find out). I know that propably there isn't any way, but i want to ask .... :(
-
Test the virus on a virtualbox. Or test it out on a real person.
-
Why would you need to kill anti-virus. Anti-virus technology is still mainly based on signatures.
It does not take much effort to make your thing FUD.
Answering the original question, several anti viruses have hidden undocumented switches like a registry key which disables them.
For more information read the The Antivirus Hacker’s Handbook which has been posted in the eBooks section.
-
Making it FUD would be the best route. Metasploit however has a script that disables any antivirus running that is in there list.
Take a look at it here: https://github.com/rapid7/metasploit-framework/blob/master/scripts/meterpreter/killav.rb
-
so if i make a "unique" virus the antiviruses they will not caught them from the beginning ?
-
so if i make a "unique" virus the antiviruses they will not caught them from the beginning ?
If the signature is not in the AV database it will not be detected. There are more things to consider though. Google around there are many papers online about AV Evasion, learn about Crypters. Hope your intentions ethical...
-
The most difficult to detect of them are metamorphic viruses which changes at each generation.
There can be no universal signature to detect such malware.
However they are very very difficult to develop.
Nowadays, no one bothers to develop such malware, when you get better ROI with ransomware.
-
Aha. Ok. thanks all of you guys for your answers !! :)