查看隐藏进程的工具unhide
- 安装
sudo apt-get install unhide
- 查看
sudo unhide proc
Found HIDDEN PID: 3783780 │Cmdline: "./xmrigMiner" │Executable: "/dev/shm/.. /xmrigMiner" │Command: "xmrigMiner" │$USER=root │$PWD=/dev/shm/..
Found HIDDEN PID: 3897795 │Cmdline: "./spirit/-bash" │Executable: "/dev/shm/.. /spirit/-bash" │Command: "-bash" │$USER=root │$PWD=/dev/shm/..
xmrigMiner spirit 都是挖矿程序,/dev/shm/..
是挖矿程序的目录将该目录删除, 并杀死以上进程
参考: 记一次挖矿病毒的应急响应