Case Info
CentOS 6.5/RAID1+RAID5
Server boot after a large number of processes consume CPU resources, high, zombie process and load more and more, resulting in server services can not be used properly
fast-Clean Trojan flow
If the name of the Trojan is Nshbsjdy, if top is not visible, you can view it under the/ETC/INIT.D directory.
1, first lock three directories, can not let the new Trojan file generation
1234 |
chmod 000
/usr/bin/nshbsjdy
chattr +i
/usr/bin
chattr +i
/bin
chattr +i
/tmp
|
2. Delete Scheduled tasks and files and boot files
123 |
删除定时任务及文件
rm -f
/etc/init
.d
/nshbsjdy
rm
-f
/etc/rc
#.d/木马连接文件
|
3, kill the Trojan process
4, clean up the Trojan process
12 |
chattr -i
/usr/bin
rm
-f
/usr/bin/nshbsjdy
|
Once the processing is complete, check the above directories again, especially the most recently modified files under the/etc directory.
This article from "Hhslinux" blog, declined reprint!
Server CPU occupied by a large number of zombie processes