处理systemd-init挖矿病毒

上文书咱们说到: https://www.luyouli.com/?p=219

这次只处理system-init病毒,别的比如 systemd-check 和 systemd-login 不涉及(主要是没中这个病毒没法写下处理过程)

升级Consul版本需要一个过程,但是处理病毒还是很快的 , 这次来处理一下这个病毒

# 查看下是否中毒

crontab -l | grep systemd-init

如果有输出的结果,例如 0 * * * * ~/.systemd-init 那就是中毒了,直接按照下面的操作就行

# 停止病毒进程

kill -9 `cat /tmp/.X11-unix/*`

# 删除病毒PID号

rm -rf /tmp/.X11-unix/*

# 删除计划任务

sed -i ‘/systemd-init/d’ /var/spool/cron/root

rm -rf /etc/cron.d/0systemd

# 删除lib和usr下病毒文件

rm -rf /lib/systemd/systemd-init

rm -rf /usr/lib/systemd/systemd-init

# 删除asdf无效文件(可能没有这个文件)

rm -rf /asdf

rm -rf /var/tmp/asdf

病毒文件的创建日期是2017年8月3号,也可以根据这个时间点去遍历服务器查找病毒文件,我这已经清理了无法看到遍历结果就不贴图了

目前就查到这些计划任务和文件,如果还有别的就补充

29 评论

  1. 哥们,一看也是一线工作者,加个微信,我们团队这几天也在处理这个问题,你溯源的很准确,我们最后找到的也是consul,发个邮件你的微信号,我加你,多多交流,谢谢

  2. It is in point of fact a nice and helpful piece of info. I am satisfied that you shared this useful info with us. Please keep us up to date like this. Thanks for sharing.

  3. I blog quite often and I genuinely thank you for
    your content. This article has really peaked my
    interest. I am going to bookmark your site and keep checking for new information about once a week.
    I subscribed to your RSS feed too. 0mniartist asmr

  4. I was curious if you ever thought of changing the page layout of
    your blog? Its very well written; I love what youve got to
    say. But maybe you could a little more in the way of content so people could connect
    with it better. Youve got an awful lot of text for only
    having one or 2 images. Maybe you could space it out better?
    0mniartist asmr

  5. Good day! This is my first visit to your blog!
    We are a collection of volunteers and starting a new initiative
    in a community in the same niche. Your blog provided us beneficial
    information to work on. You have done a marvellous job! asmr 0mniartist

  6. Pretty nice post. I just stumbled upon your weblog and wished to say that I’ve truly loved browsing your blog
    posts. After all I will be subscribing to your feed and I am hoping you write again soon!

  7. This is the right webpage for everyone who really wants to understand this topic.

    You understand so much its almost hard to argue with you (not that I actually
    will need to…HaHa). You certainly put a fresh spin on a subject that has been discussed for years.
    Wonderful stuff, just great!

  8. Hey would you mind sharing which blog platform you’re working with?
    I’m going to start my own blog in the near future but I’m having a tough time making a decision between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your design and style seems
    different then most blogs and I’m looking for something completely unique.
    P.S Sorry for getting off-topic but I had to ask!

  9. Great items from you, man. I have understand
    your stuff prior to and you’re just extremely wonderful.
    I actually like what you have bought here, certainly like what you’re
    stating and the best way by which you assert it.

    You’re making it enjoyable and you still take care of to
    stay it smart. I cant wait to learn far more from you.
    That is really a terrific website.

  10. Good day! This is kind of off topic but I need some help from an established blog.

    Is it very difficult to set up your own blog? I’m not very techincal but I can figure things out pretty quick.
    I’m thinking about making my own but I’m not sure where to begin. Do you have any ideas or suggestions?
    Thank you

  11. Hi there, I found your site by means of Google while searching for a comparable subject, your website came up, it seems great.
    I have bookmarked it in my google bookmarks.

    Hello there, just become aware of your blog via Google,
    and found that it’s really informative. I’m going to watch out for brussels.

    I’ll be grateful in case you continue this in future. Many folks will probably be
    benefited from your writing. Cheers!

  12. Generally I don’t read article on blogs, but I
    would like to say that this write-up very pressured me to take a
    look at and do so! Your writing style has been surprised me.
    Thank you, quite nice post.

留下评论

error: Content is protected !!