挖空病毒处理

e1e17938 · ChongmingDu · d48f617d · e1e17938
Commit e1e17938 authored Feb 13, 2019 by ChongmingDu
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 0 deletions

sustse,kworkerds挖矿病毒处理.md
+29 -0

No files found.
--- a/sustse,kworkerds挖矿病毒处理.md
+++ b/sustse,kworkerds挖矿病毒处理.md
+1. 检查动态链库，是否有异常lib
+1. 检查动态链库，是否有异常lib
+    - echo LD_PRELOAD
+    - 查看/etc/ld.so.preload
+2. 查看定时任务
+    - crontab  -l
+    - cat /var/spool/cron/
+3. killall kworkerds
+
+#shell script
+```
+echo "" > /etc/ld.so.preload
+chattr +i /etc
+rm -rf /var/spool/cron/*
+rm -rf /etc/cron.d/*
+chattr +i /var/spool/cron/
+rm -f /usr/local/lib/*
+chattr +i /usr/local/lib
+killall kworkerds
+rm -f /var/tmp/kworkerds*
+rm -f /var/tmp/1.so
+rm -f /tmp/kworkerds*
+rm -f /tmp/1.so
+rm -f /var/tmp/wc.conf
+rm -f tmp/wc.conf
+```
+
+[ 详细 ](https://blog.csdn.net/xinxin_2011/article/details/85047245)
\ No newline at end of file