Linux is kdevtmpfsi mining viruses

Others 2020-04-04 23:46:39 views: null

Linux is kdevtmpfsi mining viruses

    I. error message
    II. Troubleshooting
        1. First stopped kdevtmpfsi program
        2. Delete abnormal timed tasks under Linux
        3. End kdevtmpfsi process and the occupied port
        4. deleted kdevtmpfsi relevant documents
    III. how to deal with this virus prevention

a. the error message

to the alarm message on Ali cloud. There is a big question is: top command to view the server CPU to run their own situation, you will find kdevtmpfsi processes, CPU usage is 100% clean kdevtmpfsi first remove the program, after a few minutes did not wanted, there have been second warning. Use netstat -antp command to view port usage, has emerged kdevtmpfsi shown in Figure III

netstat -antp

 

 

 

 

 

 

 

 

 II. To solve the problem

usually occurs kdevtmpfsi virus will be accompanied by regular tasks, will be processed once after I said above, will continue to appear, repeatedly treated is not clean.
1. First, the program stopped kdevtmpfsi
 ps aux
   

   Find kdevtmpfsi process
  
 deleted kdevtmpfsi process associated with
 the kill -9 20267
 the kill -9 20367

2. delete abnormal timed tasks under Linux
 crontab the -l to view the scheduled tasks
 crontab -r means to delete the user's regular tasks, when this command is executed, the following timing of all user tasks are deleted
 as shown in FIG.

  

3. End the occupation kdevtmpfsi process and the port
 netstat -antp
 find me here kdevtmpfsi port 28244 is in a third map you can see. Do not directly kill, because there is a daemon thread will reboot.
 -aux PS | grep kinsing
 PS -aux | grep kdevtmpfsi

 

 


 28244 -9 the kill
 the kill -9 28 829
4. deleted kdevtmpfsi relevant documents
 cd / tmp
 LS
 RM -rf kdevtmpfsi
 RM -rf / var / tmp / kinsing  
 finally they can then check to see if there kdevtmpfsi relevant documents, any We will continue to remove
 the Find / -name kdevtmpfsi
 the Find / -name kinsing
III. how to deal with this virus prevention
the most fundamental reason is their redis 6379 due to improper configuration. You can refer to Redis Ali cloud services security reinforcement
Ali Redis service security reinforcement

 

 


Disclaimer: This article is the original article CSDN bloggers' fat fat jar fall ", follow CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
Original link: https: //blog.csdn.net/qq_45186545/java/article/details/103853601

 

Guess you like

Origin www.cnblogs.com/zhangjiahao/p/12634930.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com