Remember a Window server Trojan (Backdoor Implant mining program)

1, the new project needs a Windows server, install the required environment and services, the discovery of insufficient server resources to run, view Task Manager, found that the suspect program is full of CPU

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" width= "499" alt= "Spacer.gif"/>

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

Baidu found that this is a mining process, apparently by the back door implanted mining machine, decisively kill the process, delete files

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" Width= "507" alt= "Spacer.gif"/>

The next day, found that the CPU was dug and stained, after analysis, the backdoor program, and the system svchost.exe very much like, after the deletion has been automatically created.

Through one of the troubleshooting processes, a suspicious process was found, and the program, after careful comparison, was suspicious to judge it was a backdoor Trojan

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" width= "944" alt= "Spacer.gif"/>

Because the server run more services, can not open a firewall, can only select third-party protection software, a comprehensive comparison, decided to use a security butler, prepared under protection software protection,

began to manually clean the Trojan,

First, the end of the excavation process, the discovery will automatically create a new process, and then, the end of the suspicious Trojan, and then end the digging machine program, no problem, can end normally, using the computer Manager to scan the file

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

Window Trojan camouflage and permissions problems, manual cleanup is difficult to clean up, so here I am still option protection software to scan, clean the Trojan and restart, OK

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" width= "756" alt= "Spacer.gif"/>

650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>

This article is from the "My Ops Growth path" blog, so be sure to keep this source http://maicos.blog.51cto.com/10433789/1958915

Remember a Window server Trojan (Backdoor Implant mining program)