检查位置:
/etc/ld.preload(隐藏进程)
/var/spool/cron
/etc/cron.*
/etc/rc.d/init.d
chkconfig --list --del(开机启动服务)
~/.bash_profile
/etc/systemd/system/multi-user.target.wants/(自启动进程)
#!/bin/bash
rm -f /etc/cron.d/apache 2>/dev/null
rm -f /etc/cron.d/nginx 2>/dev/null
rm -f /etc/cron.d/root 2>/dev/null
rm -f /etc/cron.hourly/oanacroner1 2>/dev/null
cp /var/spool/cron/crontabs/root /root/root.crontab.bak 2>/dev/null
cp /var/spool/cron/root /root/cron.bak 2>/dev/null
cat /dev/null >/var/spool/cron/crontabs/root 2>/dev/null
cat /dev/null >/var/spool/cron/root 2>/dev/null
rm -f /var/tmp/.xo 2>/dev/null
rm -f /var/tmp/x64b 2>/dev/null
rm -f /tmp/x86_64 2>/dev/null
rm -f /tmp/dbusted 2>/dev/null
rm -f /tmp/i686 2>/dev/null
rm -f /var/tmp/hxx 2>/dev/null
rm -f /var/tmp/scan.log 2>/dev/null
rm -f /tmp/hxx 2>/dev/null
rm -f /var/tmp/dbusetd 2>/dev/null
rm -f /var/tmp/p 2>/dev/null
rm -f /var/tmp/.sh/x86_64 2>/dev/null
rm -f /var/tmp/x86_64 2>/dev/null
rm -f /var/tmp/i686 2>/dev/null
rm -f /var/tmp/go 2>/dev/null
rm -f /var/tmp/x86_643 2>/dev/null
rm -f /var/tmp/x64b 2>/dev/null
rm -f /var/tmp/x32b 2>/dev/null
rm -f /var/tmp/ip.sh 2>/dev/null
rm -f /tmp/.sh/x86_64 2>/dev/null
rm -f /tmp/x86_64 2>/dev/null
rm -f /tmp/i686 2>/dev/null
rm -f /tmp/go 2>/dev/null
rm -f /tmp/x86_643 2>/dev/null
rm -f /tmp/x64b 2>/dev/null
rm -f /tmp/x32b 2>/dev/null
rm -f /tmp/ip.sh 2>/dev/null
rm -f /var/tmp/d.py 2>/dev/null
rm -f /var/tmp/2start.jpg 2>/dev/null
rm -f /tmp/d.py 2>/dev/null
rm -f /tmp/2start.jpg 2>/dev/null
rm -f /var/tmp/go 2>/dev/null
rm -f /tmp/go 2>/dev/null
rm -f /tmp/p 2>/dev/null
rm -f /tmp/masscan 2>/dev/null
rm -f /tmp/ips.sh 2>/dev/null
rm -f /var/tmp/sparte 2>/dev/null
rm -f /tmp/scan.log 2>/dev/null
chattr -ia /bin/bprofr 2>/dev/null
chattr -ia /bin/crondr 2>/dev/null
chattr -ia /bin/initdr 2>/dev/null
rm -f /bin/initdr 2>/dev/null
rm -f /bin/crondr 2>/dev/null
rm -f /bin/bprofr 2>/dev/null
chattr -ia ~/.bash_profile 2>/dev/null
cp ~/.bash_profile ~/.bash_profile.bak 2>/dev/null
sed -i '/dbused/d' ~/.bash_profile 2>/dev/null
ps aux|grep dbused|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep hxx|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep "107.189"|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep "104.244"|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep "/tmp/go"|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep "/tmp/.xo"|grep -v grep|awk '{print $2}'|xargs kill -19 2>/dev/null
ps aux|grep "107.189"|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
ps aux|grep "104.244"|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
ps aux|grep "/tmp/go"|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
ps aux|grep "/tmp/.xo"|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
ps aux|grep dbused|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
ps aux|grep hxx|grep -v grep|awk '{print $2}'|xargs kill -9 2>/dev/null
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
