Last-minute presentation: Terminating hidden processes

Dmitry Gryaznov McAfee

The presentation will discuss the challenges associated with terminating hidden processes. It is composed of three parts:

Part I: is a technical background that covers:

  • The Windows kernel Active process list
  • How process enumeration works on Windows
  • The Windows system or kernel process
  • How process deletion works on Windows

Part II: discuss the rootkits challenge:

  • How rootkits make their processes orphan and hidden
  • How to detect hidden process
  • The challenge of terminating hidden orphan processes
  • The solution
  • Suggestions to Microsoft
  • Conclusions

Part III: is a live demo on the kernel debugger showing all of the things discussed in the presentation.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.