Disable external process' critical status 06-30-2016, 06:09 AM
#1
Yo.
With this recent skids binded RAT being forced in here, I figured I would jump on the karma wave and help the maybe 1 or so people actually infected.
The RAT reportedly set's itself as system critical, this means it will bluescreen you if you terminate the process. This is obviously annoying as it requires you to restart your computer to actually terminate the desired process.
So I made a program in PureBasic that utilizes NtSetInformationProcess and ZwQueryInformationProcess to set and then check that the process is no longer critical, after this if you please you can traverse the process tree and hard terminate all child and parent process' under that PID with NtTerminateProcess.
Here's source:
Main: http://pastebin.com/XaDLM6mG
SetCriticalFlag: http://pastebin.com/Uxa3cvGc
Direct download to exe: https://a.sinister.ly/iphdhi.zip
#PromiseNotARat
![[Image: 285a3430109b43f1856569115351ce4b.png]](http://image.prntscr.com/image/285a3430109b43f1856569115351ce4b.png)
With this recent skids binded RAT being forced in here, I figured I would jump on the karma wave and help the maybe 1 or so people actually infected.
The RAT reportedly set's itself as system critical, this means it will bluescreen you if you terminate the process. This is obviously annoying as it requires you to restart your computer to actually terminate the desired process.
So I made a program in PureBasic that utilizes NtSetInformationProcess and ZwQueryInformationProcess to set and then check that the process is no longer critical, after this if you please you can traverse the process tree and hard terminate all child and parent process' under that PID with NtTerminateProcess.
Here's source:
Main: http://pastebin.com/XaDLM6mG
SetCriticalFlag: http://pastebin.com/Uxa3cvGc
Direct download to exe: https://a.sinister.ly/iphdhi.zip
#PromiseNotARat
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)