当前位置:网站首页>Record the process of cleaning up mining viruses
Record the process of cleaning up mining viruses
2022-07-06 21:48:00 【Run, Deng DengZi】
Catalog
One 、 The phenomenon
The website is down , Check that the background service is down , Unable to restart normally .
Two 、 Handle
1. View memory usage
Without starting any services , Memory has been basically exhausted :
free -h
total used free shared buff/cache available
Mem: 7.6G 6.4G 581M 401M 690M 640M
Swap: 0B 0B 0B
2. Check the resource usage of each process
top
top - 11:44:00 up 389 days, 23:40, 4 users, load average: 0.00, 0.01, 0.05
Tasks: 209 total, 1 running, 156 sleeping, 0 stopped, 52 zombie
%Cpu(s): 0.1 us, 0.2 sy, 0.0 ni, 99.7 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 8008264 total, 683664 free, 6721116 used, 603484 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 642776 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2999 root 20 0 162244 2432 1592 S 0.3 0.0 0:00.68 top
5303 root 30 10 3180208 56596 784 S 0.3 0.7 1791:48 xmrig
...
notice xmrig Taking up resources .
3. View scheduled tasks
ls /var/spool/cron/
root
see root The contents of the document :
vi root
30 21 * * * bash /usr/local/apache-tomcat-8.0.46/bin/.moneroocean/miner.sh
see .moneroocean Files under directory :
cd /usr/local/apache-tomcat-8.0.46/bin/.moneroocean
ll
total 8628
-rw-r--r-- 1 root root 6983 Jun 8 03:52 config.json
-rwxr-xr-x 1 root root 375 Jun 8 03:49 miner.sh
-rwxr-xr-x 1 root root 8821240 Apr 1 09:46 xmrig
4. Delete file
cd /var/spool/cron/
rm -rf *
cd /usr/local/apache-tomcat-8.0.46/bin/
rm -rf .moneroocean/
5. kill xmrig process
Find all xmrig Process and kill :
ps -ef | grep xmrig
6. Restart the service
It's best to restart the server and then restart the service , At this time, the service is normal .
边栏推荐
- Sql: stored procedures and triggers - Notes
- @Detailed differences among getmapping, @postmapping and @requestmapping, with actual combat code (all)
- Comparison between multithreaded CAS and synchronized
- 3D face reconstruction: from basic knowledge to recognition / reconstruction methods!
- Yuan Xiaolin: safety is not only a standard, but also Volvo's unchanging belief and pursuit
- 首批入选!腾讯安全天御风控获信通院业务安全能力认证
- Enhance network security of kubernetes with cilium
- In JS, string and array are converted to each other (II) -- the method of converting array into string
- 在Pi和Jetson nano上运行深度网络,程序被Killed
- 14年本科毕业,转行软件测试,薪资13.5K
猜你喜欢
爬虫实战(五):爬豆瓣top250
一行代码可以做些什么?
What can one line of code do?
Basic introduction of figure
20 large visual screens that are highly praised by the boss, with source code templates!
guava:Collections.unmodifiableXXX创建的collection并不immutable
跨分片方案 总结
1292_FreeROS中vTaskResume()以及xTaskResumeFromISR()的实现分析
[interpretation of the paper] machine learning technology for Cataract Classification / classification
ViT论文详解
随机推荐
Tips for web development: skillfully use ThreadLocal to avoid layer by layer value transmission
爬虫实战(五):爬豆瓣top250
Hill | insert sort
抖音將推獨立種草App“可頌”,字節忘不掉小紅書?
跨分片方案 总结
Sql: stored procedures and triggers - Notes
The relationship between root and coefficient of quadratic equation with one variable
Web开发小妙招:巧用ThreadLocal规避层层传值
Description of web function test
uni-app App端半屏连续扫码
Summary of cross partition scheme
R language for text mining Part4 text classification
美国科技行业结束黄金时代,芯片求售、裁员3万等哀声不断
Checkpoint of RDD in spark
【力扣刷题】一维动态规划记录(53零钱兑换、300最长递增子序列、53最大子数组和)
Enhance network security of kubernetes with cilium
Internet News: Geely officially acquired Meizu; Intensive insulin purchase was fully implemented in 31 provinces
FZU 1686 龙之谜 重复覆盖
Seven original sins of embedded development
JS method to stop foreach