Alibaba cloud server mining virus solution (practiced)

1、cpu Too high , It's a virus

2、 Get into Linux Connect to Alibaba cloud server

3、 Use top Command dynamic view cpu Occupancy rate

 Two cases 
1、 No processes with high occupancy are found , Skip to step 7 
2、 Found processes with high occupancy , Use kill -9  pid  Killing the process will find that the virus continues to appear , useless , Skip to step four 

4、 Check the address of the virus file

 Input  ls -l /proc/{
     Viruses PID}/exe     Check the virus path 

5、 Enter the virus file , Delete them all

6、kill Kill process , complete , Look again cpu, Virus free process done

7、 If the Alibaba cloud server displays cpu Very high , however Linux The viewing process did not find cpu The process with a high proportion , Then it means that the process is hidden .

 adopt  cat /etc/ld.so.preload  It's found that there are .so The file of , This is a virus hidden file 
vim  Enter this file and you will find many .so file , But it is a read-only file , Cannot modify file 
 So simply put the whole  ld.so.preload File deletion .

8、 After deleting , Use top Check the process , appear cpu Processes with a high proportion

9、 Skip to step 4

10、 use crontab -l Check whether there are scheduled tasks
Delete scheduled tasks crontab -r

summary ：

 1.  use top Check the process    Get virus pid
 2.  hide      Delete  cat /etc/ld.so.preload      .so file   
 3.   Not hidden 
 4. ls -l /proc/{
     Viruses PID}/exe     Check the virus file path 
 5.  Delete virus files 
 6. kill -9 pid   Kill the virus process