服务器病毒排查与处理

Woo!

已于 2024-01-31 16:33:15 修改

阅读量2.5k

点赞数 15

文章标签：服务器安全

于 2024-01-31 16:23:58 首次发布

本文链接：https://blog.csdn.net/qq_45669210/article/details/135956445

版权

病毒排查

起因

用htop命令发现32个线程被完全占用，但是没有显示相应的进程，怀疑是中病毒了。

分析

用unhide proc命令查看隐藏进程，得到：

Found HIDDEN PID: 3010499
        Cmdline: "<none>"
        Executable: "<no link>"
        "<none>  ... maybe a transitory process"

Found HIDDEN PID: 3010501
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010502
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010503
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010504
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010505
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010635
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010636
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010637
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010638
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010639
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010640
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010641
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010642
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010643
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010644
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010645
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010646
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010647
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"
        $USER=<undefined>
        $PWD=/root

Found HIDDEN PID: 3010648
        Cmdline: "/tmp/netools"
        Executable: "/tmp/netools"
        Command: "netools"

最低0.47元/天解锁文章