Another POC PsKill

PsKill http://technet.microsoft.com/en-us/sysinternals/bb896683.aspx

Terminates other processors but I can't get it to work I click on it brings up a user agreement accept or decline I press accept and now I can't open it at all.

SSj or Nick or some one can you guys work out how to use this??

You just need to execute it via the command prompt. Working fine here and it does terminate processes. Will check it with Malware Defender soon.

EDIT: Malware Defender (and presumably all other classical HIPS) successfully controls the behaviour of this POC (and prevents process termination) in default configuration. This POC must use a different mechanism to terminate processes than the one described here:
https://ssj100.forumotion.com/other-f6/malware-defender-270-eqsyssecure-41-process-privilege-control-flaw-t55.htm

Nothing fancy. It uses TerminateProcess. Quoting from 12 ways to terminate a process:

"TerminateProcess or NtTerminateProcess

Everyone knows about TerminateProcess. You simply open a handle to the target process and call TerminateProcess. In case TerminateProcess is hooked, you can call the equivalent Native API function NtTerminateProcess."

Usage:

c:\sysinternals>pskill 1276

PsKill v1.13 - Terminates processes on local or remote systems
Copyright (C) 1999-2009 Mark Russinovich
Sysinternals - www.sysinternals.com

Unable to kill process 1276:
Access is denied.

Malware Defender blocks it:

5/13/2010 14:27:52 Create new process Permitted
Process: c:\windows\system32\cmd.exe
Target: c:\sysinternals\pskill.exe
Cmd line: pskill 1276
Rule: [App]*

5/13/2010 14:27:54 Duplicate handle to another process Permitted
Process: c:\windows\system32\conhost.exe
Target: c:\sysinternals\pskill.exe
Handle: (Event) 0x0000007C
Rule: [App]*

5/13/2010 14:27:58 Terminate another process Denied
Process: c:\sysinternals\pskill.exe
Target: c:\program files\idm computer solutions\ultraedit\uedit32.exe
Rule: [App]*