The Avenger

Command Reference

Drivers to disable:

The "Drivers to disable:" command directive unloads and disables the drivers listed.

How do I use it?

A driver should be listed for disablement by its "driver name", rather than its so-called "DisplayName" or its file name. See "Drivers to delete:" and An In-Depth Example for more details.

When do I use it?

When there are active malicious drivers present, including kernel- and boot-level drivers. This is probably the most important functionality in The Avenger, since few other programs can disable active malicious kernel drivers.

This command directive should ALWAYS be used instead of direct file or registry manipulation when a driver may be active. Removing a driver file or a key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services directly instead of using "Drivers to disable:" is very dangerous and can cause system deadlock.

Anything else I should know?

  • This command does not remove drivers outright from the system. It simply unloads the drivers from active memory and sets their "Startup Type" (the "Start" DWORDs in the registry) to "Disabled" (value = 4). To remove drivers outright, use "Drivers to delete:".

  • Please also see the caveats for "Drivers to delete:".

Any special notes on syntax?

Example Usage

Drivers to disable:

FarCry - Mollio