当前位置：网站首页>Record the process of cleaning up mining viruses

Record the process of cleaning up mining viruses

2022-07-06 21:48:00 【Run, Deng DengZi】

Catalog

One 、 The phenomenon
Two 、 Handle

One 、 The phenomenon

The website is down , Check that the background service is down , Unable to restart normally .

Two 、 Handle

1. View memory usage

Without starting any services , Memory has been basically exhausted ：

free -h

              total        used        free      shared  buff/cache   available
Mem:           7.6G        6.4G        581M        401M        690M        640M
Swap:            0B          0B          0B

2. Check the resource usage of each process

top

top - 11:44:00 up 389 days, 23:40,  4 users,  load average: 0.00, 0.01, 0.05
Tasks: 209 total,   1 running, 156 sleeping,   0 stopped,  52 zombie
%Cpu(s):  0.1 us,  0.2 sy,  0.0 ni, 99.7 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  8008264 total,   683664 free,  6721116 used,   603484 buff/cache
KiB Swap:        0 total,        0 free,        0 used.   642776 avail Mem 

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                                              
 2999 root      20   0  162244   2432   1592 S   0.3  0.0   0:00.68 top                                                                                                                                  
 5303 root      30  10 3180208  56596    784 S   0.3  0.7   1791:48 xmrig                                                                                                                                
 ...

notice xmrig Taking up resources .

3. View scheduled tasks

ls /var/spool/cron/
root

see root The contents of the document ：

vi root

30 21 * * * bash /usr/local/apache-tomcat-8.0.46/bin/.moneroocean/miner.sh

see .moneroocean Files under directory ：

cd /usr/local/apache-tomcat-8.0.46/bin/.moneroocean
ll

total 8628
-rw-r--r-- 1 root root    6983 Jun  8 03:52 config.json
-rwxr-xr-x 1 root root     375 Jun  8 03:49 miner.sh
-rwxr-xr-x 1 root root 8821240 Apr  1 09:46 xmrig

4. Delete file

cd /var/spool/cron/
rm -rf *
cd /usr/local/apache-tomcat-8.0.46/bin/
rm -rf .moneroocean/

5. kill xmrig process

Find all xmrig Process and kill ：

ps -ef | grep xmrig

6. Restart the service

It's best to restart the server and then restart the service , At this time, the service is normal .

原网站

版权声明
本文为[Run, Deng DengZi]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/187/202207061327560488.html