标签:tmp 06 17 Jan kdevtmpfsi hadoop002 挖矿 root 病毒
发现CPU直接100%
[root@hadoop002 tmp]# systemctl status 25177 ● session-5772.scope - Session 5772 of user root Loaded: loaded (/run/systemd/system/session-5772.scope; static; vendor preset: disabled) Drop-In: /run/systemd/system/session-5772.scope.d └─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions\x2eservice.conf, 50-Description.conf, 50-SendSIGHUP.conf, 50-Slice.conf, 50-TasksMax.conf Active: active (abandoned) since Wed 2020-01-22 16:06:01 CST; 1h 21min ago CGroup: /user.slice/user-0.slice/session-5772.scope ├─19331 /var/tmp/kinsing └─25177 /tmp/kdevtmpfsi Jan 22 16:06:17 hadoop002 crontab[19353]: (root) REPLACE (root) Jan 22 16:06:17 hadoop002 crontab[19354]: (root) LIST (root) Jan 22 16:06:17 hadoop002 crontab[19366]: (root) LIST (root) Jan 22 16:06:17 hadoop002 crontab[19374]: (root) REPLACE (root) Jan 22 16:06:17 hadoop002 crontab[19375]: (root) LIST (root) Jan 22 16:06:17 hadoop002 crontab[19383]: (root) REPLACE (root) Jan 22 16:06:17 hadoop002 crontab[19389]: (root) REPLACE (root) Jan 22 16:06:17 hadoop002 crontab[19390]: (root) LIST (root) Jan 22 16:06:17 hadoop002 crontab[19392]: (root) REPLACE (root) Jan 22 16:06:17 hadoop002 crontab[19393]: (root) LIST (root) [root@hadoop002 tmp]# ps -ef|grep kinsing root 19331 1 0 16:06 ? 00:00:04 /var/tmp/kinsing root 25190 23274 0 17:27 pts/0 00:00:00 grep --color=auto kinsing [root@hadoop002 tmp]# ps -ef|grep kdevtmpfsi root 25177 1 99 17:27 ? 00:01:47 /tmp/kdevtmpfsi root 25197 23274 0 17:28 pts/0 00:00:00 grep --color=auto kdevtmpfsi [root@hadoop002 tmp]# kill -9 19331 [root@hadoop002 tmp]# kill -9 25177 [root@hadoop002 tmp]# rm -rf kdevtmpfsi [root@hadoop002 tmp]# cd /var/tmp/ [root@hadoop002 tmp]# ll total 16692 -rw-r--r-- 1 root root 0 Jan 13 19:45 aliyun_assist_update.lock -rwxr-xr-x 1 root root 13176 Dec 20 02:14 for -rwxr-xr-x 1 root root 17072128 Jan 19 17:43 kinsing drwx------ 3 root root 4096 Jan 13 19:50 systemd-private-f3342ea6023044bda27f0261d2582ea3-chronyd.service-O7aPIg [root@hadoop002 tmp]# rm -rf kinsing
标签:tmp,06,17,Jan,kdevtmpfsi,hadoop002,挖矿,root,病毒 来源: https://www.cnblogs.com/dalianpai/p/12229099.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。