Date: 09/09/05 (IT Professionals) Keywords: security, spyware Hello! I'm trying to fix a spyware on my friend's computer, and I stuck into this problem: there are some processes I cannot terminate (though I'm logged on as an administrator). It says "Access denied" or something like this. I tried several ways: usual Task Manager, the ProcessExplorer, command-line ntsd tool, and some others. I see problem is not with these tools, but with my privileges. Note that this only works if your user group has debug privileges, check Control Panel->Administrative Tools->Local Security Policy->Local Policies->User Rights Assignment->"Debug Programs". I've run across some nasty spyware that turns off the debug privilege for Administrators and runs itself as a system process. It is very good, but XP Home doesn't have the Local Security Policy snap-in. So, how can I check/enable that debug privilege for myself? Maybe there is some third-party policies editor? If such thing as "debug privilege" exists in XPHome, and if the spyware could disable it, there must be some way to enable it back. I'm pretty sure all those policies live somewhere in HKEY_LOCAL_MACHINE\SECURITY\Policy\Accou Or am I searching in a completely wrong direction? Probably will be X-posted. Source: http://www.livejournal.com/community/itprofessionals/21533.html
|