linux top under the minerd Trojan removal method

In the recent period, someone always reported that the access speed of one of the company's test servers was very slow and could not be opened for half a day. At the beginning, I thought it was caused by the newly deployed test program in the past two days.

Thinking that when you close the test, there's nothing left to do.

Later, I thought about it carefully and found it wrong. The new test program does not consume much resources.

So up to have a look, do not know, 1 to see frighten 1 jump.

The top command 1 looked up and found that there was a process called minerd that was using 99% of CPU. It must be someone else's wooden horse.

So, as usual, first of all, ps-ef |grep minerd looks at the details of the process and finds that the process is executing the command /opt/minerd. Delete this command and kill-9 kills the corresponding process.

As a rule of thumb, this thing can never be removed so easily. There must be other hands and feet, so I started to check crontab.

Sure enough, one of root's crontab had something very suspicious in it, so it was deleted.

In case of 10000, use the top command and continue to observe 1. Something strange happened. minerd appeared again.

This was a bit odd, so I rechecked once, including the command executed at startup of crontab linux, and found no trace of minerd.
After thinking for a long time, it is estimated that crontab may not be in effect.

So let's do it one more time, in order.

Stop the cronb service, delete /opt/minerd files, and kill-9 kill the process.

Restart the cronb service

Continue with top.

The minerd thing is finally gone, and the system is back to normal.