Jump to content
Sign in to follow this  
michaelslamet

You will never can kill this process

Recommended Posts

michaelslamet

This is a challenge for all gurus here :*

If you have 360 Internet Security (www.360safe.com) software installed, you will have ZhuDongFangYu.exe

running all the time on your PC, even if you already exit/close the antivirus.

I need to terminate this process.

Tried with "standard" task manager from Windows, sysinternal's process explorer and

Persistent Process Killer from '?do=embed' frameborder='0' data-embedContent>>

but none of them can kill this process.

I'm almost give up :x

Share this post


Link to post
Share on other sites
PhoenixXL

I could have tried it for the size was a little bit less, 185MB would take a long time for my connection to download.

As far as I know some Anti-Virus software(like AVAST) install Kernel hooks that prevent them from getting killed by other processes, this site even speaks the same


My code:

PredictText: Predict Text of an Edit Control Like Scite. Remote Gmail: Execute your Scripts through Gmail. StringRegExp:Share and learn RegExp.

Run As System: A command line wrapper around PSEXEC.exe to execute your apps scripts as System (LSA). Database: An easier approach for _SQ_LITE beginners.

MathsEx: A UDF for Fractions and LCM, GCF/HCF. FloatingText: An UDF for make your text floating. Clipboard Extendor: A clipboard monitoring tool. 

Custom ScrollBar: Scroll Bar made with GDI+, user can use bitmaps instead. RestrictEdit_SRE: Restrict text in an Edit Control through a Regular Expression.

Share this post


Link to post
Share on other sites
michaelslamet

@PhoenixXL: nevermind, thanks for trying to help :)

I think I found a solution, need to try it

Edited by michaelslamet

Share this post


Link to post
Share on other sites
michaelslamet

Ok, I found it can be killed by Process Hacker.

I can create a wrapper for it, but I wonder could we create a AutoIT script to kill this stub born process?

Share this post


Link to post
Share on other sites
guinness

ProcessClose()


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
michaelslamet

ProcessClose()

 

ProcessClose() is my very first try, but no luck :(

Share this post


Link to post
Share on other sites
FireFox

If the process is like your topic's title, sure ProcessClose won't kill it.


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites
michaelslamet

If the process is like your topic's title, sure ProcessClose won't kill it.

 

Is there any other ways to kill stub born process from AutoIT except ProcessClose() ?

If you have some free time, please download the software and try it. It's challenging o:)

Share this post


Link to post
Share on other sites
johnmcloud

I have installed that software on XP, ad i can kill the process with this line:

ProcessClose("ZhuDongFangYu.exe")

So wasn't a challenge :D

Maybe you have Vista+ so i think you only add admin rights to your script

EDIT: Tested on 7 64Bit and was exaclty what i have say:

#RequireAdmin
ProcessClose("ZhuDongFangYu.exe")
Edited by johnmcloud

Share this post


Link to post
Share on other sites
michaelslamet

@Johnmcloud

Weird, because on my system (XP and Win7 32bit), ProcessClose can not kill it, with or without #RequireAdmin

To  make sure, I just try it again on WinXP just before post this message (I has no access to Win7 machine until tommorow).

Anyway, could you kill 360sd.exe with ProcessClose() ?

Edit: typo

Edited by michaelslamet

Share this post


Link to post
Share on other sites
johnmcloud

I have tested again, ZhuDongFangYu.exe can be killed with ProcessClose, i'm sure a 100%

About 360sd.exe, i see this:

2hmob5j.jpg

Is always an antivirus so i don't think you can kill that process, but you can close the software manipulating the tray icon ( using autoit )

Edited by johnmcloud

Share this post


Link to post
Share on other sites
michaelslamet

Really weird. This site also confirm my issue that this process cant be easily killed.

As I posted before, I can kill it using Process Hacker and I can create a wrapper for it, just wonder could we do it purely using AutoIT without any external application.

Thank you John for spending time downloading, installing and try it with AutoIT :)

Could anybody else please confirm can you kill this process easily?

Share this post


Link to post
Share on other sites
michaelslamet

I can kill 360sd.exe on WinXP, but it's a different story on Win 7 :x

see attachment

Anybody please lead me to the light o:)

post-56983-0-11678300-1379931793_thumb.p

Share this post


Link to post
Share on other sites
michaelslamet

Really nobody can kill these processes? :

trancexx maybe?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×