And finally know that Linux is so easy to poison.
Enter the server, found that the machine has been sent out of the packet, the bandwidth is full (5 minutes can send 10G). CPU usage 100%,top can see a process called Sfewfesfs and A. Sshddxxxxxxxxxxx (a bunch of random numbers) and a. Sshhddxxxxxxxxxxx (a bunch of random numbers). /etc/can see a file named Sfewfesfs,nhgbhhj and many other strange names.
Use NETSTAT-ATUNLP to view the network situation, a tragic one meter
Start the antivirus first.
Delete a virus file
Chattr-i/etc/sfewfesfs*
rm-rf/etc/sfewfesfs*
See a suspicious file named NHGBHHJ and delete it
Rm-rf/etc/nhgbhhj
rm-rf/etc/nhgbhhj***
Delete Scheduled tasks (very important), the virus on this resurrection!
RM-RF Ar/spool/cron/root
RM-RF Ar/spool/cron/root.1
See with Ls-al/etc. SSH2 (and possibly. SSHH2) hidden files, deleting
rm-rf/etc/. ssh2rm-rf/etc/. SSHH2
Use Ls-al/tmp to see. sshdd14xxxxxxxx (a bunch of random numbers) or. Sshhdd14xxxxxxxx (a bunch of random numbers) to hide files, delete
rm-rf/tmp/.sshdd14*rm-rf/tmp/.sshhdd14*
Restart the server, done.
Sfewfesfs virus, Linux users, are you in?