In the previous recipe, we gave two reasons to why the antivirus process is still running even after using the killav.rb script. In the previous recipe, we addressed the first issue, that is, the killav.rb list doesn't include the processes to be killed. In this recipe, we will address the second issue that the antivirus program is running as a service on the target machine. Before we proceed, let us first understand the difference between a process and a service.

A process is any piece of software that is running on a computer. Some processes start when your computer boots, others are started manually when needed. Some processes are services that publish methods to access them, so other programs can call them as needed. A process is user-based, whereas a service is system-based.

Antivirus can also run some components as a service such as e-mail filters, web access filters, and so on. The killav.rb script cannot kill services. So, even if we...