当前位置:网站首页>Alibaba cloud server mining virus solution (practiced)
Alibaba cloud server mining virus solution (practiced)
2022-07-06 08:49:00 【Xiao Li Xiao Liu】
1、cpu Too high , It's a virus
2、 Get into Linux Connect to Alibaba cloud server
3、 Use top Command dynamic view cpu Occupancy rate
Two cases
1、 No processes with high occupancy are found , Skip to step 7
2、 Found processes with high occupancy , Use kill -9 pid Killing the process will find that the virus continues to appear , useless , Skip to step four
4、 Check the address of the virus file
Input ls -l /proc/{
Viruses PID}/exe Check the virus path
5、 Enter the virus file , Delete them all
6、kill Kill process , complete , Look again cpu, Virus free process done
7、 If the Alibaba cloud server displays cpu Very high , however Linux The viewing process did not find cpu The process with a high proportion , Then it means that the process is hidden .
adopt cat /etc/ld.so.preload It's found that there are .so The file of , This is a virus hidden file
vim Enter this file and you will find many .so file , But it is a read-only file , Cannot modify file
So simply put the whole ld.so.preload File deletion .
8、 After deleting , Use top Check the process , appear cpu Processes with a high proportion
9、 Skip to step 4
10、 use crontab -l Check whether there are scheduled tasks
Delete scheduled tasks crontab -r
summary :
1. use top Check the process Get virus pid
2. hide Delete cat /etc/ld.so.preload .so file
3. Not hidden
4. ls -l /proc/{
Viruses PID}/exe Check the virus file path
5. Delete virus files
6. kill -9 pid Kill the virus process
边栏推荐
- 游戏解包的危害及资源加密的重要性
- hutool优雅解析URL链接并获取参数
- To effectively improve the quality of software products, find a third-party software evaluation organization
- China high purity silver nitrate Market Research and investment strategy report (2022 Edition)
- Variable length parameter
- R language uses the principal function of psych package to perform principal component analysis on the specified data set. PCA performs data dimensionality reduction (input as correlation matrix), cus
- The network model established by torch is displayed by torch viz
- The mysqlbinlog command uses
- win10系统中的截图,win+prtSc保存位置
- Revit 二次开发 HOF 方式调用transaction
猜你喜欢
Double pointeur en langage C - - modèle classique
【嵌入式】使用JLINK RTT打印log
egg. JS getting started navigation: installation, use and learning
Screenshot in win10 system, win+prtsc save location
C语言深度解剖——C语言关键字
TP-LINK enterprise router PPTP configuration
C language double pointer -- classic question type
Navicat Premium 创建MySql 创建存储过程
企微服务商平台收费接口对接教程
Trying to use is on a network resource that is unavailable
随机推荐
Hutool gracefully parses URL links and obtains parameters
【嵌入式】Cortex M4F DSP库
Double pointeur en langage C - - modèle classique
visdom可视化实现与检查介绍
LeetCode:39. 组合总和
自动化测试框架有什么作用?上海专业第三方软件测试公司安利
力扣每日一题(二)
marathon-envs项目环境配置(强化学习模仿参考动作)
Generator parameters incoming parameters
Research Report on supply and demand and development prospects of China's high purity aluminum market (2022 Edition)
LeetCode:236. 二叉树的最近公共祖先
R language ggplot2 visualization: place the title of the visualization image in the upper left corner of the image (customize Title position in top left of ggplot2 graph)
LeetCode:387. 字符串中的第一个唯一字符
How to conduct interface test? What are the precautions? Nanny level interpretation
China Light conveyor belt in-depth research and investment strategy report (2022 Edition)
POI add write excel file
Simple use of promise in uniapp
ROS compilation calls the third-party dynamic library (xxx.so)
Leetcode: Sword finger offer 42 Maximum sum of continuous subarrays
Precise query of tree tree