Why couldn Nigel kill this process using the “End Process” button in the Windows Task Manager?
Nigel got the typical Windows message, “This is a critical system process. Task Manager cannot end this process.” when you try to kill a system process and Windows doesn’t allow you to do so in order not to damage it, because Microsoft considered it risky!! 😉 Some examples of Windows 2000 critical system processes included in this category shown in the Task Manager output provided by Spinal are: csrss.exe, evntsvc.exe, lsass.exe, mstask.exe, regsvc.exe, services.exe and smss.exe. So it is probable one of those is the backdoor. It seems a “Windows 2000 Task Manager Process Termination Vulnerability” was published in BugTraq, ID 3033 (http://www.securityfocus.com/bid/3033). Windows 2000 is not case sensitive when determining whether or not a process is associated with the OS or not [1]. If a file has the same name as a system process, a user will not be able to terminate it. This is the reason why the backdoor introduced in the Spinal web server when it was compromised cannot be termin
