云服务器代理商-凯铧互联

挖矿病毒WatchBog清除脚本

clean.sh :


```powershell
#!/bin/bash
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

me=$( whoami )

function cleanup() {
	ps auxf|grep -v grep|grep "crun" | awk '{print $2}'|xargs kill -9
	rm -rf /bin/httpntp /bin/ftpsdns
	cat /etc/crontab | grep -v "##" | grep -v "/bin/httpsntp" | grep -v "/bin/ftpsntp" > /etc/crontab.bak && mv /etc/crontab.bak /etc/crontab
	rm -rf /etc/cron.d/root /etc/cron.d/apache /etc/cron.d/system /var/spool/cron/root /var/spool/cron/crontabs/root
	rm -rf /etc/cron.hourly/oanacroane /etc/cron.daily/oanacroane /etc/cron.monthly/oanacroane
	rm -rf /bin/config.json /bin/watchbog /bin/config.txt /bin/cpu.txt /bin/pools.txt
	rm -rf /tmp/systemd-private-afjdhdicjijo473skiosoohxiskl573q-systemd-timesyncc.service-g1g5qf/
	rm -rf /tmp/.tmp*
}

function allcron() {
	for user in $(cut -f1 -d: /etc/passwd);
	do
		pa=$(crontab -u $user -l|grep 'pastebin'|wc -l)
		if [ ${pa} -ne 0 ];then
			echo "$user is infected"
			crontab -u $user -r
		fi
	done
}

function killdog() {
	ps auxf|grep -v grep|grep "watchbog" | awk '{print $2}'|xargs kill -9
	pkill -f watchbog
}

if [ "$me" == "root" ];then
	echo "Removing All Persistence Methods And Killing Miner"
	cleanup
	allcron
	killdog
else
	echo "You $me Have To Run This Sctipt For Total Cleanup"
fi

赞(0) 打赏
未经允许不得转载:云服务器代理商-凯铧互联 » 挖矿病毒WatchBog清除脚本

评论 抢沙发

评论前必须登录!

 

凯铧互联专注云计算

联系我们了解更多

觉得文章有用就打赏一下文章作者

微信扫一扫打赏