杀毒日记

# this malware replace our ssh with a shell function, which can record your input and output, spread itself to any other sshed machine.
unset -f ssh
rm -rf ~/.config/prng
# this following line must be run after unset -f ssh
psh all rm -rf ./config/prng
rm -rf <FS>/home/*/.config/prng
# clean the profiles for all users, .bashrc .bash_profile /etc/profile /etc/profile.d

/lib/udev/rules.d/*-bootcfg.rules
/lib/udev/bootcfg   (cannot show in ls or find, use vim to edit or rm delete it)

/lib/modules/$(uname -r)/kernel/drivers/bootcfg/bootcfg.ko
/lib/modules/$(uname -r)/kernel/drivers/bootcfg/bootcfg_update
/lib/modules/$(uname -r)/kernel/drivers/bootcfg/
chattr -iaes <somefile> && rm -f <somefile>
chattr -iaes <somedir> && rm -rf <somedir>

systemctl stop bootcfg
systemctl disable bootcfg
rm /lib/systemd/system/bootcfg.dat
rm /lib/systemd/system/bootcfg.service
rm /usr/bin/bootcfg

rm -rf /var/lib/grub
find boot  dev  etc  opt  package  proc  root  run share  srv  sys  tftpboot usr  var -name "*bootcfg*"
cd /etc/; grep -R bootcfg

Finally, disconnect the File System
and
Force shutting down via ipmi/BMC.