首先使用top命令查看

找到文件地址

查看是否有自启动服务

关闭、停止、删除

tmp 病毒文件删除

清除标记
[root@host-192-168-0-66 bin]# chattr -ia /tmp/newsvc.sh
[root@host-192-168-0-66 bin]# chattr -ia /tmp/redis2
[root@host-192-168-0-66 bin]# chattr -ia /tmp/svc*
[root@host-192-168-0-66 bin]# chattr -ia /tmp/kdevtmpfsi
删除
[root@host-192-168-0-66 bin]# rm -rf /tmp/newsvc.sh
[root@host-192-168-0-66 bin]# rm -rf /tmp/redis2
[root@host-192-168-0-66 bin]# rm -rf /tmp/svc*
[root@host-192-168-0-66 bin]# rm -rf /tmp/kdevtmpfsi

进程隐藏工具删除

常见病毒服务查看删除

find / -name networkSync.service
# 关闭自启动
systemctl disable networkSync.service
# 停止服务
systemctl stop networkSync.service
# 删除服务
rm -f /etc/systemd/system/networkSync.service




find / -name javasgs_miner.service
# 关闭自启动
systemctl disable javasgs_miner.service
# 停止服务
systemctl stop javasgs_miner.service
# 删除服务
rm -f /etc/systemd/system/javasgs_miner.service


find / -name c3pool_miner.service
# 关闭自启动
systemctl disable c3pool_miner.service
# 停止服务
systemctl stop c3pool_miner.service
# 删除服务
rm -f /etc/systemd/system/c3pool_miner.service



find / -name quotaoff.service
# 关闭自启动
systemctl disable quotaoff.service
# 停止服务
systemctl stop quotaoff.service
# 删除服务
rm -f /etc/systemd/system/quotaoff.service

rm -f /usr/lib/systemd/system/quotaoff.service



find / -name telescope
# 关闭自启动
systemctl disable telescope.service
# 停止服务
systemctl stop telescope.service
# 删除服务
rm -f /etc/systemd/system/telescope.service




find / -name javs
# 关闭自启动
systemctl disable javs.service
# 停止服务
systemctl stop telescope.service
# 删除服务
rm -f /etc/systemd/system/telescope.service