在阿里雲上的雲服務器被人植入了挖礦病毒,能過上網查找答案,結合實踐。清除病毒步驟總結如下:
1. top找到PID
[root@demo ~]# top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15843 yarn 20 0 2653576 2.3g 996 S 100.0 15.0 11:23.75 kdevtmpfsi
2. 找到與其相關的父PID
[root@demo ~]# systemctl status 15843
● session-102.scope - Session 102 of user yarn
Loaded: loaded (/run/systemd/system/session-102.scope; static; vendor preset: disabled)
Drop-In: /run/systemd/system/session-102.scope.d
└─50-After-systemd-logind\x2eservice.conf, 50-After-systemd-user-sessions\x2eservice.conf, 50-Description.conf, 50-SendSIGHUP.conf, 50-Slice.conf, 50-TasksMax.conf
Active: active (abandoned) since Mon 2020-06-08 21:43:01 CST; 16min ago
CGroup: /user.slice/user-984.slice/session-102.scope
├─15783 /var/tmp/kinsing
└─15843 /tmp/kdevtmpfsi
3. kill掉查出的線程
[root@demo ~]# kill -9 15783
[root@demo ~]# kill -9 15843
4. 刪除目錄
[root@demo ~]# rm -rf /tmp/kdevtmpfsi
5. 刪除被侵入的挖礦定時任務
# 查出刪除即可
[root@demo ~]# crontab -l -u yarn
[root@demo ~]# crontab -e -u yarn
6. 病毒已刪除