KillAV script update - how to stop an NOT_STOPPABLE service

[John Nash <rootsecurityfreak () gmail com>]

I tried finding other .exe files running as AVG and also the services which
are running. However, it is not as simple as "sc stop service_name" as you
guys mentioned previously

AVG has 2 services in its version 9 free version - avg9wd and avg9emc

avg9emc is a STOPPABLE service and hence can be stopped using "net stop
avg9emc" or "sc stop avg9emc"

however, avg9wd is an NOT_STOPPABLE service and hence the above 2 commands
will not work on it

the way you can stop it is to first disable it by using "sc config avg9wd
start= disabled" and then killing it. This way it will not be restarted
after it is killed.

I guess this would change the flow of the script a little, as currently it
just kills the processes hoping they will not be restarted.

Just want to acknowledge that the above technique was taken from this video
on securitytube :

http://securitytube.net/Metasploit-Megaprimer-Part-10-%28Post-Exploitation-Log-Deletion-and-AV-Killing%29-video.aspx

http://bit.ly/bLbpFf (in case the above url breaks)

it's a long video but he takes you through all the explanations ...

i am python guy who is now forced to learn ruby coz of the love for
metasploit :) if i get free weekend with ruby this week,,,,, i'll try and
make the changes ..

rgds,

jn

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework