解決方案:
a.去除惡意檔案的執行許可權
chmod 000 /tmp/gates.lod /tmp/moni.lod service sendmail stop chkconfig --level 345 sendmail off chmod -x /usr/sbin/sendmail chmod -R 000 /root/*rar* chattr -i /root/conf.n chmod -R 000 /root/conf.n* rm -rf /usr/bin/lixwwrm -rf /usr/bin/bsd-port/getty rm -rf /tmp/gates.lockrm -rf /tmp/moni.lockrm -rf /usr/bin/bsd-port/getty.lockrm -rf /usr/bin/bsd-port/conf.n/lib/lib3.so.1 delete file /var/opt/lm/iisdate delete上級目錄 /usr/sbin/lsof ok,reinstall /usr/bin/bsd-port/getty delete上級目錄 /usr/bin/.sshd delete .sshd* /bin/ps ok,reinstall /bin/netstat ok,reinstall /bin/.iptab4 delete file
強制重新安裝以下軟體包,覆蓋被感染檔案
net-tools-1.60-78.el5.i386.rpm procps-3.2.7-11.1.el5.i386.rpm lsof-4.78-3.i386.rpm
rpm -ivh rpm檔案 --force --nodeps升級openssl(openssl-1.0.1i)和openssh(openssh-6.6p1)到最新版本、 修改sshd連接埠、修改root密碼為複雜字串、禁止root帳號直接登入系統 通過網路交換器配置ACL禁止此伺服器訪問外網 以上修改完成後,重新啟動系統 再次全系統掃描未發現病毒
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
