被黑客种下恶意程序的排除案例

top -c 查到cpu的占用率最高的进程

Tasks: 161 total,   2 running, 157 sleeping,   0 stopped,   2 zombie
Cpu(s): 98.2%us,  1.8%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:   3921112k total,  2629276k used,  1291836k free,    48604k buffers
Swap:        0k total,        0k used,        0k free,    92848k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                    
31095 root      20   0  381m 7652 1088 S  191  0.2   5021:33 ./minerd -B -a cryptonight -o stratum+tcp://xmr.crypto-pool
12994 root      20   0  381m 7432 1012 S   30  0.2   0:00.91 /usr/sbin/tplink -B -a cryptonight -o stratum+tcp://xmr.cry
# find / -name minerd
/opt/minerd
/home/minerd
# file minerd 
minerd: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.32, stripped

取消这些命令的可执行权限,然后kill -9 掉

# locate minerd
/home/minerd
/opt/minerd
/usr/local/etc/minerd.conf
# cat /usr/local/etc/minerd.conf 
-B -a cryptonight -o stratum+tcp://xmr.crypto-pool.fr:8080 -u 4Ab9s1RRpueZN2XxTM3vDWEHcmsMoEMW3YYsbGUwQSrNDfgMKVV8GAofToNfyiBwocDYzwY5pjpsMB7MY8v4tkDU71oWpDC -p x

 

posted @ 2017-01-03 21:58  bass  阅读(501)  评论(0编辑  收藏  举报