在阿里云上的云服务器被人植入了挖矿病毒,能过上网查找答案,结合实践。清除病毒步骤总结如下:
1. top找到PID
[root@demo ~]# top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15843 yarn 20 0 2653576 2.3g 996 S 100.0 15.0 11:23.75 kdevtmpfsi
2. 找到与其相关的父PID
[root@demo ~]# systemctl status 15843
● session-102.scope - Session 102 of user yarn
Loaded: loaded (/run/systemd/system/session-102.scope; static; vendor preset: disabled)
Drop-In: /run/systemd/system/session-102.scope.d
└─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions\x2eservice.conf, 50-Description.conf, 50-SendSIGHUP.conf, 50-Slice.conf, 50-TasksMax.conf
Active: active (abandoned) since Mon 2020-06-08 21:43:01 CST; 16min ago
CGroup: /user.slice/user-984.slice/session-102.scope
├─15783 /var/tmp/kinsing
└─15843 /tmp/kdevtmpfsi
3. kill掉查出的线程
[root@demo ~]# kill -9 15783
[root@demo ~]# kill -9 15843
4. 删除目录
[root@demo ~]# rm -rf /tmp/kdevtmpfsi
5. 删除被侵入的挖矿定时任务
# 查出删除即可
[root@demo ~]# crontab -l -u yarn
[root@demo ~]# crontab -e -u yarn
6. 病毒已删除