Subj : Re: killing processes in win2k To : Geo. From : tom Date : Thu Mar 29 2001 04:09 pm From: tom No, they're using a technique we talked about before. The trojan author configured a list of executables to hunt down. The trojan calls the api directly, issues a terminate and poof! No more app, just an icon. I think NT is safer if you're not running with full priviledges. I haven't had a chance to check. Might need to find a way around a few things. That Northpoint fiasco put the Zap on a few clients (myself included) so I've been busy... a lot of dial-ups to configure. Geo. wrote: > > You mean KILL -f or you mean a remote kill command? > > Geo. > > "tom" wrote in message news:3AC21A3D.425E@tcgweb.com... > > One recent variation of a trojan uses this to kill firewalls, ids's and > > av software. > > Really slick. > > TerminateProcess even leaves icons on the task tray so you think you're > > still safe. Apps don't know they've bit the big bit bucket, so to speak. > > > > > > > > > > > > Geo. wrote: > > > > > > OOOoooo, I like the sound of that one, TerminateProcess.. Yeah, that's > > > the ticket, can it be used remotely to terminate a process on a remote > > > box where you have admin level access? (isn't there an rkill or > > > something like that in one of the reskits?) > > > > > > Geo. > > > --- BBBS/NT v4.00 MP * Origin: Barktopia Gating Project http://HarborWebs.com:8081 (1:379/45) .