[Delphi] Bypass KAV 2010 Sandbox

[Nytro]

[Delphi] Bypass KAV 2010 Sandbox

Author: chaincoder

program KAV;

uses
  WINDOWS,sysutils;


PROCEDURE SAVE(NEWDROPPATH:STRING);
var
F:FILE;
BUFFERSTRING :STRING;
BEGIN
  AssignFile(F, NewDropPath);
  Rewrite(F, 1);
  BUFFERSTRING:='555555555555555555555555555';
  If (IOResult = 0) Then
  Begin
  BlockWrite(F, BufferString[1], Length(Bufferstring));
  CloseFile(F);
  End;
END;
Function TranslateMacro(Macro: String): String;
Var
  Size          :Cardinal;
  Output        :Array[0..MAX_PATH] of Char;
Begin
  Result := '';
  FillChar(Output, SizeOf(Output), #0);

  Size := SizeOf(Output);
  Size := GetEnvironmentVariable(PChar(Macro), Output, Size);
  If (Size > 0) Then
    Result := Output;
End;
VAR
DAT  : STRING;
KIS  : STRING;
APP  : STRING;
i    : INTEGER;
FOUND : BOOLEAN;
begin
DAT:=TranslateMacro('APPDATA');
DELETE(DAT,1,2);
FOR I:=0 to 100 do
begin
  KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT';
  DELETEFILE(kis);
end;
FOR I:=0 to 100 do
begin
  KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT';
  DELETEFILE(kis);
end;
  app:= TranslateMacro('APPDATA')+'\1.txt';
  save(app);
  FOUND:=false;
  FOR I:=0 to 100 do
  begin
  KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT';
  if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END;
  end;
  FOR I:=0 to 100 do
  begin
  KIS:=TranslateMacro('ALLUSERSPROFILE')+'\Application Data\Kaspersky Lab\Sandbox\KLSB1\Device\HarddiskVolume'+inttostr(i)+DAT+'\1.TXT';
  if fileexists(kis) THEN BEGIN FOUND:=TRUE; BREAK; END;
  end;
 // deleteFILE(win);
  if  FOUND then
  MESSAGEBOX(0,pchar('RUNNING INSIDE KAV)'),'STATUS',0) ELSE
  MESSAGEBOX(0,pchar('NOT RUNNING INSIDE KAV)'),'STATUS',0) ;


end.