Once a malicious program is installed on a system, it is essential that it stays concealed, to avoid detection. Techniques known as rootkits allow this concealment, by modifying the host’s operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system’s list of processes, or keep its files from being read.
Some malicious programs contain routines to defend against removal, not merely to hide, but to resist attempts to remove them.
Each ghost-job would detect that the other had been killed and start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to simultaneously kill them (very difficult) or deliberately crash the system.