-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2001-07-17 at 18:58:40 Chris Adams wrote: CA> I might be worth seeing exactly what triggers this behaviour in the task CA> manager - the application tab might have a different filtering criteria CA> (e.g. is it strictly ACL-based or might it be looking at something like the CA> original filename attribute in the exe header?). The names of the executables are hardcoded in taskmgr.exe, and form the following list: services.exe smss.exe winlogon.exe csrss.exe If the name of an executable in the Processes tab matches any of this list, Task Manager refuses to kill it. In short, renname your trojan to any of the above. ;-) It is a strangely implemented feature, because you might consider many other processes not in this list "critical system processes", such as lsass.exe, svchost.exe, etc. You can try to kill these, but you will simply get Access Denied, since Task Manager tries OpenProcess(), which fails. Cheers, - -- Dimitry Andric <dimat_private> PGP Key: http://www.xs4all.nl/~dim/dim.asc Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3 -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i Comment: http://www.gn.apc.org/duncan/stoa_cover.htm iQA/AwUBO1SNErBeowouIJajEQKJzwCfaqkiAHPd+b/F1QQb3hoy2e2vhTAAn0d8 JRcFko4dUhFxsVkYVwtsFtQn =CigK -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 15:09:01 PDT