The Avenger
Command Reference
Drivers to delete:
The "Drivers to delete:" command directive unloads and deletes the drivers listed.
How do I use it?
A driver should be listed for deletion by its "driver name" (also known as its "service name" for user-mode services/drivers), which may be different from its so-called "DisplayName" and its file name. The "driver name" is the name of the subkey under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. Service names are also listed in the Windows services.msc console. See An In-Depth Example for more details.
When do I use it?
When there are active malicious drivers present, including kernel- and boot-level drivers. This is probably the most important functionality in The Avenger, since few other programs can remove active malicious kernel drivers.
This command directive should ALWAYS be used instead of direct file or registry manipulation when a driver may be active. Removing a driver file or a key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services directly instead of using "Drivers to delete:" is very dangerous and can cause system deadlock.
Anything else I should know?
Please note that the associated driver files are not removed automatically by this command. If you want to delete a driver file, you may use "Files to delete:" additionally, ONLY after using "Drivers to delete:" or "Drivers to disable:" first.
Any special notes on syntax?
In Version 1.0 this command directive was called "Drivers to unload:". The name was changed when "Drivers to disable:" was added, to avoid confusion (since both commands will unload active drivers).
Example Usage
Drivers to delete:
BadDriver
