How to protect my virus.exe from Anti-virus with Kernel-Mode Rootkit

I can successfully load Virus.exe to kernel, but must to be started Virus.exe,

If virus.exe is started in the user mode, the anti-virus detects this.

Is there a method that I can protect Virus.exe from anti-viruses?

Algorithm :

Every Boot ->

Start virus.exe user mode in the background // failed because anti virusses detect it.

load virus.exe process to kernel = finish // success not detect.

edit : I thought of starting Virus.exe directly from kernel mode, but it will be detected when a virus scan is done on the computer even if it is not started from user mode.

Please suggest something I’m in trouble.

Okay, I will try the NtSetInformationFile Hook method to protect Virus.exe from being deleted.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.