当前位置:网站首页>Record the process of cleaning up mining viruses
Record the process of cleaning up mining viruses
2022-07-06 21:48:00 【Run, Deng DengZi】
Catalog
One 、 The phenomenon
The website is down , Check that the background service is down , Unable to restart normally .
Two 、 Handle
1. View memory usage
Without starting any services , Memory has been basically exhausted :
free -h
total used free shared buff/cache available
Mem: 7.6G 6.4G 581M 401M 690M 640M
Swap: 0B 0B 0B
2. Check the resource usage of each process
top
top - 11:44:00 up 389 days, 23:40, 4 users, load average: 0.00, 0.01, 0.05
Tasks: 209 total, 1 running, 156 sleeping, 0 stopped, 52 zombie
%Cpu(s): 0.1 us, 0.2 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 8008264 total, 683664 free, 6721116 used, 603484 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 642776 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2999 root 20 0 162244 2432 1592 S 0.3 0.0 0:00.68 top
5303 root 30 10 3180208 56596 784 S 0.3 0.7 1791:48 xmrig
...
notice xmrig Taking up resources .
3. View scheduled tasks
ls /var/spool/cron/
root
see root The contents of the document :
vi root
30 21 * * * bash /usr/local/apache-tomcat-8.0.46/bin/.moneroocean/miner.sh
see .moneroocean Files under directory :
cd /usr/local/apache-tomcat-8.0.46/bin/.moneroocean
ll
total 8628
-rw-r--r-- 1 root root 6983 Jun 8 03:52 config.json
-rwxr-xr-x 1 root root 375 Jun 8 03:49 miner.sh
-rwxr-xr-x 1 root root 8821240 Apr 1 09:46 xmrig
4. Delete file
cd /var/spool/cron/
rm -rf *
cd /usr/local/apache-tomcat-8.0.46/bin/
rm -rf .moneroocean/
5. kill xmrig process
Find all xmrig Process and kill :
ps -ef | grep xmrig
6. Restart the service
It's best to restart the server and then restart the service , At this time, the service is normal .
边栏推荐
- 语谱图怎么看
- 分糖果
- Redistemplate common collection instructions opsforset (V)
- Vim 基本配置和经常使用的命令
- jvm:大对象在老年代的分配
- One line by line explanation of the source code of anchor free series network yolox (a total of ten articles, you can change the network at will after reading it, if you won't complain to me)
- 技术分享 | 抓包分析 TCP 协议
- SQL:存储过程和触发器~笔记
- The underlying implementation of string
- Z function (extended KMP)
猜你喜欢
[Li Kou brushing questions] one dimensional dynamic planning record (53 change exchanges, 300 longest increasing subsequence, 53 largest subarray and)
Why rdd/dataset is needed in spark
Absolute primes (C language)
The difference between break and continue in the for loop -- break completely end the loop & continue terminate this loop
Happy sound 2[sing.2]
Vit paper details
Summary of cross partition scheme
Is it profitable to host an Olympic Games?
Checkpoint of RDD in spark
Set up a time server
随机推荐
LeetCode:1189. The maximum number of "balloons" -- simple
Why is the cluster mode of spark on Yan better than the client mode
Microsoft technology empowerment position - February course Preview
R language for text mining Part4 text classification
Thinking about agile development
MySQL removes duplicates according to two fields
Fzu 1686 dragon mystery repeated coverage
红杉中国,刚刚募资90亿美元
FZU 1686 龙之谜 重复覆盖
ACdreamoj1110(多重背包)
Checkpoint of RDD in spark
JPEG2000 matlab source code implementation
Five wars of Chinese Baijiu
Explain ESM module and commonjs module in simple terms
袁小林:安全不只是标准,更是沃尔沃不变的信仰和追求
语谱图怎么看
Depth first traversal (DFS) and breadth first traversal (BFS)
Uni app app half screen continuous code scanning
Proxy and reverse proxy
R3live notes: image processing section