1.Clearing a Scheduled Task:
You can run the crontab -l command to delete scheduled tasks. However, sometimes scheduled tasks cannot be deleted, indicating that the chattr command is used to add ia attributes to files or directories. Therefore, you need to remove the ia attributes.
2. Since the virus saves the process number in the bash.pid file, kill the corresponding pid. Other viruses kill according to the situation
3.Delete virus-related files
According to the operation logs, ai attributes are added to the. Cache directory during virus implantation, so it cannot be deleted directly and needs to be removed by Chattr -ai.
4.Restoring system Changes
Note Some viruses may modify system files or configurations. Restore the viruses as soon as possible. According to operation logs, sysctl -w vm. Nr_hugepages =128 is also executed on the host. Because the configuration file is not modified, change the original value or restart the host or VM.
After the virus has been removed, increase password complexity and change user passwords periodically, strengthen firewall security configurations