Default/Deny and unusual file types?

[tim one]

When I used to develop government rootkits for Russia I used to mark the processes being protected by the rootkit as critical via RtlSetProcessIsCritical and laugh at the reactions from the live webcam when UK government officials terminated the processes and got landed with a BSOD crash.

Spoiler

This never really happened but that API does exist, but sometimes we need some humour

Your dark side!

 

[_CyberGhosT_]

When I used to develop government rootkits for Russia

Now i'm keeping an eye on you mister lol

 

[Wave]

Your dark side!

They recently paid me £820,000 to hijack a car remotely and request a ransom pay of £5m to unlock the car door

 

[_CyberGhosT_]

They recently paid me £820,000 to hijack a car remotely and request a ransom pay of £5m to unlock the car door

your living in City 40 too i bet, oops top secret

 

[shmu26]

I tried out NoVirusThanks ERP with a sample HTA file that I downloaded
http://www.htmlgoodies.com/legacy/beyond/reference/example.hta
I got a vulnerable process prompt (presumably because I manually added mshta to the list)
But after that, no prompt, no block, no nothing.
Looks like the ol' NVT EXE Radar Pro is true to its name: it monitors exe files.