new process terminator "SPT"

Discussion in 'ProcessGuard' started by Devil's Advocate, Sep 30, 2006.

Thread Status:
Not open for further replies.
  1. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Just got SPT a process killer boasting 16 kill methods from the one of your competitor's site. http://syssafety.com/leaktests.html

    Someone try kill method 7 and tell me if PG comes out on top?
     
  2. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    What are we trying to kill, a process protected by PG or PG itself?
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi, I downloaded both files from here, when I run I just see box like when u run a batch file for a split second and then nothing else.
     
  4. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I believe it needs to be run from the command line.
     
  5. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Indeed, method 7 can terminate protected processes and pgaccount even with protect from reading and SMH enabled.
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    ok, thanks
     
  7. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    It can do botho_O

    So do you think this is a flaw in PG or o_O
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Any instructions how to run it?

    Thanks.
     
  9. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Copy the file spt.exe to c:\

    Click Start>Accessories>Command prompt

    Type:

    cd\ (enter)
    spt (enter)

    You then get instructions on how to use it.

    HTH
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Thanks. I will try it.
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just tried method 7 and it failed to terminate BufferZone service. It,s great.
     
  12. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Won't run at all on my machine Win 2k, PG 3.41.

    Running from the command box I get a Windows pop up saying
    "The procedure entry point GetProcesSID could not be located in the dynamic link library KERNEL32.dll"
     
  13. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    /ot on
    I just testet it against Neoava Guard Beta 2. Neoava passes all methods with flying wings :thumb:
    /ot off
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It will be better to move the thread to let me post OT here.
     
  15. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I'm not sure because I'm not knowledgable enough about these things.

    However, I noticed that when explorer.exe was terminated by spt.exe, a few seconds later explorer.exe restarted. I thought that was odd. When you terminate explorer.exe with the task manager it stays terminated.

    So I installed PG from fresh and started it up without a reboot with all global protections enabled. I removed all programs from the protection tab except for the PG entries and my browser (which I was going to terminate). I protected my browser and pgaccount.exe from reading and also with SMH.

    When spt method 7 was used to terminate my browser (I OK'd the PG execute alert once), I received a SMH alert saying that pgaccount (not my browser?) was being closed using WM_destroy. I cancelled and got another SMH alert wanting to terminate pgaccount using WM_NCdestroy. I cancelled and spt hung. I noticed in the PG alerts that explorer.exe had been blocked from reading pgaccount.

    All the applications that were running (i.e.cmd, browser, task manager and PG) continued to run OK but I was unable to start any new processes.

    I retried the experiment from scratch but this time all I did was to stop explorer.exe from reading processes and this stopped spt from working.

    So it appears that spt is using explorer.exe to do it's work and explorer.exe by default has enough rights to help spt out.
     
  16. LostSoulCoder

    LostSoulCoder Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    2
    Heh...Try to terminate it using -f switch and for example method 2 i.e. thread termination. Almost all security programs fail with this.
    My poor KAV hung and didn't answer on mouse clicks. Any suggestions? :rolleyes:
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    tried method 2 and yes it was killed!!
     
  18. LostSoulCoder

    LostSoulCoder Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    2
    According to my experience methods 1-7 with -f switch kill's almost all "unkillable" programs.
     
  19. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Confirmed here with Neoava Guard. Will be an new task for the developers.
     
  20. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    the -f switch doesn't seem to make any difference for PG.
     
  21. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Ok, what I wrote above is absolute rubbish.

    Stopping explorer from reading did not stop the termination. What locked everything up was having pgaccount protected by SMH and then trying to start a new programme.

    With SMH enabled for pgaccount, whatever I tried to run gave rise to alerts about pgaccount being closed and stopped any new processes from running. To get the system working again, I had to disable PG protection and terminate pgacount with the task manager. All the blocked processes, which must have queued up then ran one after another.
     
  22. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    BufferZone service ClnSvc.exe is killed only by method 2 and 4.
     
  23. LeeH

    LeeH Registered Member

    Joined:
    Mar 6, 2005
    Posts:
    25
    Location:
    West London, UK
    I guess there is a lot of work to do....

    At least PG passes the keylogger leaktest since I use the "autoblock new applications" feature!


    Best regards,
    Lee
     
  24. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Oh right forgot to say that the keylogger on the same download page using method 2 beats PG's global hooks. But that one wasn't surprising to me.
     
  25. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Allow the keylogger to execute and see if PG intercepts the looging itself please.
     
Thread Status:
Not open for further replies.