So I am in terminal, and let's say there is a virus that reopens every time I go to terminal and kill the process (Using ps -ax) it just reopens with a new PID. So how do you use "bash -c 'while [ 0 ]; do date;done'" to continuously kill the process in the background?
Asked
Active
Viewed 692 times
1 Answers
0
Playing process-whack-a-mole like this is a fool's errand. Instead, use ps(1) to find the parent process ID (PPID) of the process, and kill the parent that keeps respawning the problem process. If you discover the parent is launchd(8), then use launchctl(1) to stop the job. Then look in the following three paths for the launchd .plist file that told launchd to run that job:
~/Library/LaunchAgents/
/Library/LaunchAgents/
/Library/LaunchDaemons/
Note, if you're on an ancient version of macOS (Mac OS X, OS X) from before System Integrity Protection (SIP) was introduced in macOS 10.11 El Capitan in 2015, then there are two additional directories to look in for launchd .plists:
/System/Library/LaunchAgents/
/System/Library/LaunchDaemons/
SIP has made it near impossible for malware to modify those locations under /System/, so in El Capitan and later you generally don't need to look there for malware.
Spiff
- 110,156