Linux mining virus ksoftirqd
you can download and install a Tencent Royal point
after opening it, you can directly check and kill this kind of computer virus by using the virus checking and killing function in it
depending on the price, if the price difference is about 200 yuan, you can consider Xunjing or Yingtong.
/Usr / SBIN / kworker suspected mining virus
use clamscn for virus scanning
{rrrrrrr}
all Trojans and Backdoors are recruited
and then use clamsan - R -- beli - I / usr / bin / kworker -- remove to clean up the virus, Learn Linux together
there is also a related netfs to clean up clamsan - R -- beli - I / usr / bin / netfs -- remove to clean up the virus
next step: modify the root password, restart and find that there is no worker
Log in to the system to view the task manager, and view the processes that occupy large memory and cannot be closed. Right click on the process to open the file location (first select Show hidden files and operating system files in the folder option). At this time, you may see a systmss.exe process and a svchost.exe process imitating the operating system. Here you can also see a 2.bat file. Right click to edit and open this file to see which mining organization the malicious process communicates with
by viewing the system operation log, we can analyze the source of the virus, start time and other information. The general reason may be that the hacker did not close port 3389 and used a weak password to remotely log in to the last virus
virus eradication: rename the virus executable file systmss.exe to systmss.exe1, so that the virus cannot be executed. At this time, you can stop the process from the task manager. Open registry editor to delete HKEY_ LOCAL_ The entire directory of machine, system, controlset001, services and systems
for Linux system, please refer to: webpage link